> On 15 Dec 2015, at 22:17, Watson Ladd <watsonbl...@gmail.com> wrote: > > I don't think that's what I intended: I think the limit should be > ciphersuite specific. Unfortunately that requires more work. > > On Tue, Dec 15, 2015 at 4:15 PM, Eric Rescorla <e...@rtfm.com> wrote: >> >>> I wanted to get people's opinions on whether that's actually what we want >>> or whether we should (as is my instinct) allow people to use ChaCha >>> for longer periods.
IMHO, if we differentiate the limit depending on the ciphersuite, it will be more complex to handle and cause problems at some point. I would rather have a single value in the spec that is safe for all allowed ciphersuites, rekey more frequently and leave people take their own risks by setting higher limits if they do not negotiate AES-GCM (for example). B. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls