On Mon, November 12, 2012 5:43 pm, Peter Gutmann wrote: > Dan Harkins <[email protected]> writes: > >>The downside is that it's slower than GCM but is probably faster than >> CBC- >>HMAC with SHA2. > > A much bigger downside is that it requires two passes over the data, > making it > unusable with any streaming implementation. This limits its applicability > to > protocols with very short PDUs.
That is exactly why it's slower than GCM. But the alternative that's being discussed for JOSE does 2 passes of the data anyway, one with HMAC-SHA256 and another with AES-CBC, so it sounds a little hard to believe that 2 passes is a limitation for the application at hand. Dan. _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
