target = "https://tools.ietf.org/rfc/rfc8446#5.5"

# 5.5.  Limits on Key Usage
#
# There are cryptographic limits on the amount of plaintext which can
# be safely encrypted under a given set of keys.  [AEAD-LIMITS]
# provides an analysis of these limits under the assumption that the
# underlying primitive (AES or ChaCha20) has no weaknesses.
# Implementations SHOULD do a key update as described in Section 4.6.3
# prior to reaching these limits.
# 
# For AES-GCM, up to 2^24.5 full-size records (about 24 million) may be
# encrypted on a given connection while keeping a safety margin of
# approximately 2^-57 for Authenticated Encryption (AE) security.  For
# ChaCha20/Poly1305, the record sequence number would wrap before the
# safety limit is reached.

[[spec]]
level = "SHOULD"
quote = '''
Implementations SHOULD do a key update as described in Section 4.6.3
prior to reaching these limits.
'''