Rephrase decryption failure criterion

sframe-wg · Apr 3, 2024 · bd7a0d0 · bd7a0d0
1 parent 7ca309f
commit bd7a0d0
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/draft-ietf-sframe-enc.md b/draft-ietf-sframe-enc.md
@@ -570,7 +570,8 @@ in the SFrame header, the client MAY buffer the ciphertext and retry decryption
 once a key with that KID is received.  If a ciphertext fails to decrypt for any
 other reason, the client MUST discard the ciphertext. Invalid ciphertexts SHOULD be
 discarded in a way that is indistinguishable (to an external observer) from having
-processed a valid ciphertext.
+processed a valid ciphertext.  In other words, the SFrame decrypt operation
+should be constant-time, regardless of whether decryption succeeds or fails.
 
 ~~~~~ aasvg
                     SFrame Ciphertext