On 5 August 2015 at 11:13, Wan-Teh Chang w...@google.com wrote:
Then, define the ChaChaNonce struct as described in the draft-TLS 1.3.
struct {
opaque nonce[12];
} ChaChaNonce;
1. The 64-bit record sequence number is padded to the left with
zeroes to
On Tue, Aug 4, 2015 at 10:35 AM, Martin Thomson
martin.thom...@gmail.com wrote:
On 4 August 2015 at 10:24, Wan-Teh Chang w...@google.com wrote:
The consistency you want to see seems to be
consistency with the AES GCM cipher suites, rather than with TLS 1.2.
Yes, this is correct.
RFC 5288:
Hi,
An open issue for draft-ietf-tls-chacha20-poly1305-00 raised by Eric
Rescorla is that this draft doesn't use the draft-TLS 1.3 mechanism
for setting the nonce per record [0]. Is there any support for
switching these ciphersuites to draft-TLS 1.3 nonce mechanism even for
TLS 1.2? The
Personally, I would rather see the nonce construction follow the form
defined in the respective TLS version.
Yes, consistency. +1
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
On Tue, Aug 4, 2015 at 12:20 PM Salz, Rich rs...@akamai.com wrote:
Personally, I would rather see the nonce construction follow the form
defined in the respective TLS version. [DB: Adding back in for context:
That means including redundant bytes in TLS 1.2 and only getting the full
On 4 August 2015 at 05:37, Nikos Mavrogiannopoulos n...@redhat.com wrote:
Is there any support for
switching these ciphersuites to draft-TLS 1.3 nonce mechanism even for
TLS 1.2? The alternative is to use the TLS 1.2 mechanism with the
redundant bytes redacted as the draft is now [1].