Bryan A Ford <[email protected]> writes: >It would work just as well and in exactly the same way if the AEAD is >replaced with the traditional Encrypt-then-MAC construction, for example.
No it wouldn't, unless the encrypt part is a stream cipher. You're still locked into using an AEAD stream cipher or the equivalent of an AEAD stream cipher built with encrypt+MAC. It won't work with, for example, the OCB AEAD mode, or CBC + MAC. Peter. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
