On Mon, Oct 30, 2023 at 07:55:09AM -0600, Brian Campbell wrote: > On Tue, Oct 24, 2023 at 4:46 AM Ilari Liusvaara <[email protected]> > wrote: > > > And another is why Direct Encryption REALLY SHOULD NOT be used. > > > > Can you say more about why? This is one I don't recall having seen > much discussion/criticism about.
Basically, none of the algorithms is suitable for that. Either the algorithm has nonces that are too small, or is not meant for bulk encryption. For algorithm to be suitable for direct encryption, one would need algorithm meant for bulk encryption that is either MRAE or has large nonces. There are none currently. The problem does not extend to modes with KDF, because the KDF makes things behave like there was a large nonce. -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
