Eric & Herbert, I noticed the testmgr fuzz tester generating (occasionally, see previous mail) tests cases with authsize=0 for the AEAD ciphers. I'm wondering if that is intentional. Or actually, I'm wondering whether that should be considered a legal case. To me, it doesn't seem to make a whole lot of sense to do *authenticated* encryption and then effectively throw away the authentication result ... (it's just a waste of power and/or cycles) The reason for this question is that supporting this requires some specific workaround in my driver (yet again). And yes, I'm aware of the fact that I can advertise I don't support zero length authentication tags, but then probably/likely testmgr will punish me for that instead. Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com