Completely. If we have confidence in the cipher and the secrecy
of the key, make the "nonce" all zeroes. There's good reason for not
doing this in the case of IPsec, but not for SSL/TLS.
In theory, you may be right ;-). But: For one, I think that it can't hurt NOT to have complete confidence in the cipher. I prefer to err on the safe side. E.G. if an attack profits from having the same plaintext encrypted twice with different cipher texts, we would encounter these conditions a lot in http over SSL/TLS. This would be avoided by a nonce in the IV.
And also, we should take into account that a lot of people use OpenSSL's crypto routines in another context than SSL/TLS.
Best Regards, David
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
