On 30 March 2016 at 14:18, Colm MacCárthaigh <[email protected]> wrote: > though I'll note that it relies on basically a Mac-Then-Encrypt > construction.
I don't think that the right term to apply here. This isn't record protection. The MAC authenticates the handshake here, then we use AEAD for record protection afterwards. Same as TLS has always done. It's basic SIGMA. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
