From feff7323e85389f3d25776b59617f0a8ef31e4cf Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 16 Oct 2020 10:21:06 +1100 Subject: [PATCH] Wrap --- draft-ietf-quic-tls.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index 0165b369af..637a2bbb52 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -2308,10 +2308,11 @@ o: The analyses that follow rely on a count of the number of block operations involved in producing each message. This analysis is performed for packets of -size up to 2^11 (l = 2^7) and 2^16 (l = 2^12). A size of 2^11 is expected to be a -limit that matches common deployment patterns, whereas the 2^16 is the maximum +size up to 2^11 (l = 2^7) and 2^16 (l = 2^12). A size of 2^11 is expected to be +a limit that matches common deployment patterns, whereas the 2^16 is the maximum possible size of a QUIC packet. Only endpoints that strictly limit packet size -can use the larger confidentiality and integrity limits that are derived using the smaller packet size. +can use the larger confidentiality and integrity limits that are derived using +the smaller packet size. For AEAD_AES_128_GCM and AEAD_AES_256_GCM, the message length (l) is the length of the associated data in blocks plus the length of the plaintext in blocks. @@ -2385,9 +2386,9 @@ significant effect on the result. This produces the following approximation: v <= 2^64 / l ~~~ -Endpoints that do not attempt to remove protection from packets larger than -2^11 bytes can attempt to remove protection from at most 2^57 packets. Endpoints -that do not restrict the size of processed packets can attempt to remove protection +Endpoints that do not attempt to remove protection from packets larger than 2^11 +bytes can attempt to remove protection from at most 2^57 packets. Endpoints that +do not restrict the size of processed packets can attempt to remove protection from at most 2^52 packets. For AEAD_AES_256_GCM, the same term dominates, but the larger value of k