document future transition to AES-GCM-SIV as possibility

Address Deltatar audit item 2.6/1: miscellaneous suggestions

It would be great if we could add support for SIV but there are
no immediate plans for doing so.

diff --git a/deltatar/crypto.py b/deltatar/crypto.py
index 431466e..b3ab9bc 100755 (executable)
--- a/deltatar/crypto.py
+++ b/deltatar/crypto.py
@@ -131,6 +131,13 @@ archives essentially consist of a stream of independent objects, the salt and
 other parameters may change. Thus a key derived using above method from the
 first object doesn’t necessarily apply to any of the subsequent objects.
 
+Future Developments
+-------------------------------------------------------------------------------
+
+As of 2020 with the format version 1, Deltatar encryption uses the AES-GCM mode
+which requires meticulous bookkeeping of initialization vectors. A future
+version could simplify this aspect of the encryption by switching to the more
+recent AES-GCM-SIV mode (RFC 8452).
 """
 
 import base64