Permalink
Browse files

Editorial fixes

  • Loading branch information...
1 parent ba6b1b2 commit c0a4fddb93f0fa9b053027f3297e351f257e1a98 @martinthomson martinthomson committed Jan 9, 2017
Showing with 5 additions and 6 deletions.
  1. +5 −6 draft-ietf-httpbis-encryption-encoding.md
@@ -137,7 +137,7 @@ smaller. The record size ("rs") is included in the content coding header (see
{{header}}).
~~~ drawing
- +-----------+ content of rs octets minus padding
+ +-----------+ content of rs octets
| data | less padding (2-65537) and tag (16);
+-----------+ the last record is smaller
|
@@ -155,11 +155,10 @@ smaller. The record size ("rs") is included in the content coding header (see
AEAD_AES_128_GCM produces ciphertext 16 octets longer than its input plaintext.
Therefore, the unencrypted content of each record is shorter than the record
size by 16 octets. If the final record ends on a record boundary, the encoder
-MUST append a record that contains contains only padding and is smaller than the
-full record size. A receiver MUST fail to decrypt if the final record
-ciphertext is less than 18 octets in size or equal to the record size. Valid
-records always contain at least a padding length of 2 octets and a 16 octet
-authentication tag.
+MUST append a record that contains only padding and is smaller than the full
+record size. A receiver MUST fail to decrypt if the final record ciphertext is
+less than 18 octets in size or equal to the record size. Valid records always
+contain at least a padding length of 2 octets and a 16 octet authentication tag.
Each record contains a 2 octet padding length and between 0 and 65535 octets of
padding, inserted into a record before the content. The padding length is a two

0 comments on commit c0a4fdd

Please sign in to comment.