You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Suppose that we had a future TLS cipher suite such as AES_OCB_SHA256. Would that work with QUIC without a new QUIC draft? The AEAD part is already clearly defined and given that AES-OCB uses AES, the same HP mechanism as we currently use with GCM can be used here.
From my perspective, the desirable property is that if we add new TLS cipher suites with analogous cipher cores (block cipher and/or nonce-based stream cipher) to the existing spec, then no new QUIC document should be required.
An alternative design would be to just require a "QUIC applicability" paragraph in new TLS cipher suites analogous to the DTLS-OK IANA flag.
For input to discussion on the related issues. This says that we don't
do CCM_8 and makes it clear that you don't reject an attempt to use a
ciphersuite you don't understand.
Closes#2742, #2682, #2581.
Suppose that we had a future TLS cipher suite such as AES_OCB_SHA256. Would that work with QUIC without a new QUIC draft? The AEAD part is already clearly defined and given that AES-OCB uses AES, the same HP mechanism as we currently use with GCM can be used here.
From my perspective, the desirable property is that if we add new TLS cipher suites with analogous cipher cores (block cipher and/or nonce-based stream cipher) to the existing spec, then no new QUIC document should be required.
An alternative design would be to just require a "QUIC applicability" paragraph in new TLS cipher suites analogous to the DTLS-OK IANA flag.
(see also #2019).
The text was updated successfully, but these errors were encountered: