Adding the description of twelve pass encryption #175
Conversation
|
Thanks for doing this. One comment: I don't think the Security Considerations section here fully captures our doubts about the need for this. IIRC, the 4-pass is only vulnerable to known-plaintext attacks, which seem hard to mount here. And as you state, if the consequence is the attacker discovering that the CID is not random, it's not obvious to me that it's a serious problem. |
|
Per offline discussion with @huitema: we are disinclined to include this in the draft, because we don't think people will implement it. We will keep it around in case reviews demand it, but have no plans to merge. |
|
@martinduke the latest commit have resolved potential merge conflicts between this PR and the main branch, making it easier to "pull the PR off our back pocket" if we really have to. |
Not really sure that we have to do that, but I did it anyhow.
Also fixed a couple of random line length issues that were causing errors in xml2rfc