Hi, On Tue, 4 Mar 2014 15:07:03 +0100 Nikos Mavrogiannopoulos <[email protected]> wrote:
> It has not been approved yet, but the latest TLS proposal for chacha > is with 96-bit nonces and there is no plan to change. So at least for > gnutls only the 96-bit nonce version is relevant. I did propose using XChaCha (similar to XSalsa20) to support larger nonces (especially the AEAD recommended 96-bit length), and sticking with plain ChaCha for 64-bit nonces (and allowing them): http://www.ietf.org/mail-archive/web/cfrg/current/msg04310.html There should have been a CFRG meeting yesterday, and perhaps it was discussed, but I didn't get any feedback on it yet. If anyone (Nikos?) can report on that I'd be glad to hear about it :) regards, Stefan _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
