[{"author": "Richard Barnes", "text": "
:nauseated_face:
", "time": "2022-11-08T15:05:06Z"}, {"author": "Richard Barnes", "text": "(my reaction to non-AEAD)
", "time": "2022-11-08T15:05:32Z"}, {"author": "Richard Barnes", "text": "relying on signatures seems superficially plausible but kinda sus
", "time": "2022-11-08T15:06:39Z"}, {"author": "Richard Barnes", "text": "i'm not going to bang on the table, but we should generally not be encouraging non-AEAD
", "time": "2022-11-08T15:11:54Z"}, {"author": "Richard Barnes", "text": "just to push back on G\u00f6ran -- there may be multiple uses, but each one requires special analysis to verify that authentication is not necessary
", "time": "2022-11-08T15:12:42Z"}, {"author": "Ira McDonald", "text": "I favor the map (extensible). I don't like the \"implicit\" kem suggestion from Ilari
", "time": "2022-11-08T15:18:19Z"}, {"author": "Richard Barnes", "text": "+1 Ira
", "time": "2022-11-08T15:19:09Z"}, {"author": "Richard Barnes", "text": "fwiw, TLS ECH use of HPKE is disaggregated. server advertises a KEM, then the client selects a KDF and AEAD. and they're all signalled separately
", "time": "2022-11-08T15:25:13Z"}, {"author": "Ira McDonald", "text": "cabo is in SEDATE at the moment
", "time": "2022-11-08T15:35:34Z"}, {"author": "David Waite", "text": "you may just be very quiet
", "time": "2022-11-08T15:36:08Z"}]