On Fri, Jul 21, 2017 at 10:27:16PM +0000, brian m. carlson wrote:
+### {5.14.1} EAX Mode
+
+The only currently defined AEAD algorithm is EAX Mode
+[](#EAX). This algorithm can only use block ciphers with 16-octet
+blocks. The starting initialization vector and authentication tag are
+both 16 octets long.
+
I received an inquiry off-list about the limitation on 16-byte block
ciphers here. While EAX mode does indeed support 8-byte block ciphers,
the authentication tag is limited to 64 bits. Combined with the fact
that many implementations will use a large number of chunks for large
messages, I felt the risk of forgery was too high.
However, should the working group disagree, we can remove this language,
or it can be modified to reflect that we require it but the underlying
standard does not.
--
brian m. carlson / brian with sandals: Houston, Texas, US
https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp