Adding a 'hard symmetrical 3-DES' replay resistant MAC (message authentication code, here) of the response data $STRING with a well known seed $SEED, whacked with a 'included in the reply' plaintext, time of post $EPOCH_SECONDS_SINCE_GMT seems a good way to cut down on IoT devices $STRING $EPOCH_SECONDS_SINCE_GMT $3DES ( $SEED . $STRING . $EPOCH_SECONDS_SINCE_GMT ) We know $SEED, and can derive local $EPOCH_SECONDS_SINCE_GMT of course On the receiver on post-process side, one could do a quick drop on posts more than 15 min off: $EPOCH_SECONDS_SINCE_GMT and if one seems to being over-run with forgeries, actually verify the $3DES decodes correctly for selected IPs -- Russ herrold _______________________________________________ council-discuss mailing list -- council-discuss@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to council-discuss-leave@xxxxxxxxxxxxxxxxxxxxxxx