Because of this attacks: https://blog.cr.yp.to/20151120-batchattacks.html
could please consider to obsoleting 128-bit ciphers in TLS 1.3. For example AES-128 encryption has been removed from Suite B https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml More discussions on AES-128 vs. AES-256 https://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-and-128-bit-versions https://www.schneier.com/blog/archives/2009/07/another_new_aes.html https://www.reddit.com/r/crypto/comments/39211m/is_really_aes256_less_secure_than_aes128/ https://blog.agilebits.com/2013/03/09/guess-why-were-moving-to-256-bit-aes-keys/ Kind regards, Fedor _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
