Skip to main content

Usage Limits on AEAD Algorithms

Document Type Replaced Internet-Draft (cfrg RG)
Expired & archived
Authors Felix Günther , Martin Thomson , Christopher A. Wood
Last updated 2020-08-04 (Latest revision 2020-05-20)
Replaced by draft-irtf-cfrg-aead-limits
RFC stream Internet Research Task Force (IRTF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream IRTF state Replaced
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Replaced by draft-irtf-cfrg-aead-limits
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


An Authenticated Encryption with Associated Data (AEAD) algorithm provides confidentiality and integrity. Excessive use of the same key can give an attacker advantages in breaking these properties. This document provides simple guidance for users of common AEAD functions about how to limit the use of keys in order to bound the advantage given to an attacker.


Felix Günther
Martin Thomson
Christopher A. Wood

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)