Been looking at this today!
the fixed-size 272 byte frames, great choice for blinding some TA on interactive sessions. That's going to be very slow for downloads though, with the extra GCM tags. Are you open to making this part modal?
Other q: why not the start the the IV with the shared PRF? just for some defense in depth against future weaknesses.
-
-
This Tweet is unavailable.
-
I’ll formulate my thoughts on jumbo frames better, but on the PRF front: in general when ciphers are broken it’s usually still harder for the attacker if the IVs are unknown.
- 3 more replies
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.