I'm investigating the option of potentially using ALTS as the security & authenticity mechanism for some of my microservices. However, I found out that the actual underlying frame protector is hardcoded to use AES-128-GCM with rekeying (https://github.com/grpc/grpc/blob/18d82d4a6a00cebfc874eb0b9c935a3ae4733c3a/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc#L194-L198).
I have two questions: 1. I'm wondering if it's possible (or in the roadmap of ALTS) to specify the security level of the underlying symmetric cipher? Namely, it would be great if I could use AES-256. 2. The nonce-based rekeying mechanism used in the underlying cipher, is this design documented somewhere? I tried to look for reference online and it looks like AES-GCM-SIV to me, but it would be great if someone could confirm it. Thanks! Steven -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/dbc2c5eb-dd68-4b01-a2c4-b009086a6e3dn%40googlegroups.com.
