-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Server Security
-
Server Security 2026-03-27
-
None
-
None
-
None
-
None
-
None
-
None
-
None
From a security perspective, we need to guarantee that a KEK has not been used 2^32-1 times to perform encryption. This follows a security guideline outlined by section 8.3 of [NIST GCM recommendations|section 8.3 of https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf].
This will likely have to be persisted in the keystore itself.