secdir review of draft-ietf-msec-gdoi-update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This update to the GDOI specification significantly improves clarity and
readability.
However, there is one issue that I think should be addressed prior to
publication:


At the top of page 11, the spec claims that a seq payload protects
against group members responding to groupkey-pull messages sent prior to
joining the group.
I'm reasonably sure that should be groupkey-push messages; I believe the
nonce payloads provide replay protection for the pull exchange.

Actually, it's more complicated than that.  Section 3.3 also seems to
believe the sequence number is about pull exchanges. However it says
that  a GM should always expect the push message sequence number to be
reset to 1.
Why is that reasonable? If a group is ongoing, don't we want to tell new
members what the sequence number currently is rather than having them
assume it is 1? The push message is multicast, so we cannot maintain a
separate sequence number for each member.

I think either there is some sort of error with the description of the
replay mechanisms or it requires significantly more explanation.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]