This update to the GDOI specification significantly improves clarity and readability. However, there is one issue that I think should be addressed prior to publication: At the top of page 11, the spec claims that a seq payload protects against group members responding to groupkey-pull messages sent prior to joining the group. I'm reasonably sure that should be groupkey-push messages; I believe the nonce payloads provide replay protection for the pull exchange. Actually, it's more complicated than that. Section 3.3 also seems to believe the sequence number is about pull exchanges. However it says that a GM should always expect the push message sequence number to be reset to 1. Why is that reasonable? If a group is ongoing, don't we want to tell new members what the sequence number currently is rather than having them assume it is 1? The push message is multicast, so we cannot maintain a separate sequence number for each member. I think either there is some sort of error with the description of the replay mechanisms or it requires significantly more explanation. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf