On Mon, Mar 30, 2015 at 7:38 PM, Tim Shepard <[email protected]> wrote:
> > > > It seems to me you have a choice of what sort of TLV encoding to use > > > at this point. Is there any good reason not do use the same sort of > > > TLV scheme that TLS uses today, so that at least as far as the TLV > > > framing protocol the two proposals would be the same? > > > > As far as I understand, TLS MACs then encrypts the data. (Apologies if > > I've misread RFC5246.) The best current practice is to encrypt then MAC > > the ciphertext. Since there's no need to be compatible, we might as > > well use the best practices as of 2015. See, e.g.: > > http://cseweb.ucsd.edu/~mihir/papers/oem.pdf > > > Well, ekr did say that TLS would be profiled for use in tcpinc. So > presumably rfc7366 would be in the profile of TLS for tcpinc. Either that or (my preference) specify an AEAD (combined encryption and integrity) algorithm such as AES-GCM or ChaCha/Poly1305. It's always hard to read community consensus, but my sense is that AEAD represents the current best practice. -Ekr
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
