Skip to content

Commit

Permalink
Two *different* packet numbers
Browse files Browse the repository at this point in the history
  • Loading branch information
@martinthomson
martinthomson committed Jan 31, 2018
1 parent 8320755 commit 1b57997
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions draft-ietf-quic-tls.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1591,8 +1591,9 @@ property that AEAD algorithms do not guarantee. Therefore, no strong assurances
about the general security of this mechanism can be proven.

Use of the same key and nonce for encryption for encryption can weaken
encryption. For the schemes described, protecting two packet numbers with the
same key and nonce would reveal the packet number. For packet number protection
encryption. For the schemes described, protecting two different packet numbers
with the same key and nonce reveals the exclusive OR of those packet numbers,
which might be used to compromise confidentiality. For packet number protection
to be effective, the output of the packet protection AEAD needs to be
effectively random.

Expand Down

0 comments on commit 1b57997

Please sign in to comment.