Update AEAD limits for larger packets

draft-ietf-quic-tls.md

@@ -2308,10 +2308,11 @@ o:
 
 The analyses that follow rely on a count of the number of block operations
 involved in producing each message. This analysis is performed for packets of
-size up to 2^11 (l = 2^7) and 2^16 (l = 2^12). A size of 2^11 is expected to be a
-limit that matches common deployment patterns, whereas the 2^16 is the maximum
+size up to 2^11 (l = 2^7) and 2^16 (l = 2^12). A size of 2^11 is expected to be
+a limit that matches common deployment patterns, whereas the 2^16 is the maximum
 possible size of a QUIC packet. Only endpoints that strictly limit packet size
-can use the larger confidentiality and integrity limits that are derived using the smaller packet size.
+can use the larger confidentiality and integrity limits that are derived using
+the smaller packet size.
 
 For AEAD_AES_128_GCM and AEAD_AES_256_GCM, the message length (l) is the length
 of the associated data in blocks plus the length of the plaintext in blocks.
@@ -2385,9 +2386,9 @@ significant effect on the result. This produces the following approximation:
 v <= 2^64 / l
 ~~~
 
-Endpoints that do not attempt to remove protection from packets larger than
-2^11 bytes can attempt to remove protection from at most 2^57 packets. Endpoints
-that do not restrict the size of processed packets can attempt to remove protection
+Endpoints that do not attempt to remove protection from packets larger than 2^11
+bytes can attempt to remove protection from at most 2^57 packets. Endpoints that
+do not restrict the size of processed packets can attempt to remove protection
 from at most 2^52 packets.
 
 For AEAD_AES_256_GCM, the same term dominates, but the larger value of k