Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Christian's Review of v -21 #108

Merged
merged 12 commits into from
Aug 28, 2024
Merged

Christian's Review of v -21 #108

merged 12 commits into from
Aug 28, 2024

Conversation

marco-tiloca-sics
Copy link
Collaborator

This PR addresses Christian's review of version -21, archived at: https://mailarchive.ietf.org/arch/msg/core/tPPSsrFMPZId_7Q7OrmbgN1DCdw/

@chrysn
Copy link
Member

chrysn commented Jul 28, 2024 via email

rikard-sics
rikard-sics approved these changes Aug 9, 2024
View reviewed changes
Copy link
Member

@rikard-sics rikard-sics left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Except for my comment below things look good to me, as aligned with our internal discussions and the discussion we had with Christian.

draft-ietf-core-oscore-groupcomm.md Outdated
@@ -1387,7 +1388,7 @@ The pairwise mode does not support external verifiers of source authentication a

An endpoint implementing only a silent server does not support the pairwise mode.

Endpoints using the CoAP Echo Option {{RFC9175}} and/or block-wise transfers {{RFC7959}} in a group where the AEAD Algorithm and Pairwise Key Agreement Algorithm are set MUST support the pairwise mode. This applies, for example, to block-wise exchanges after a first block-wise request which targets all servers in the group and includes the CoAP Block2 option (see Section 3.8 of {{I-D.ietf-core-groupcomm-bis}}). This prevents the attack described in {{ssec-unicast-requests}}, which leverages requests sent over unicast to a single group member and protected in group mode.
Endpoints using the CoAP Echo Option {{RFC9175}} in a group where the AEAD Algorithm and Pairwise Key Agreement Algorithm are set MUST support the pairwise mode. This prevents the attack described in Section 13.9, which leverages requests sent over unicast to a single group member and protected in group mode.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's better to have the reference to section 13.9 here use markdown references instead. It should be referring to section {#ssec-unicast-requests}.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, now fixed in d95ec71

@marco-tiloca-sics marco-tiloca-sics merged commit e28cb5a into master Aug 28, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rikard-sics rikard-sics rikard-sics approved these changes

@gselander gselander Awaiting requested review from gselander

@chrysn chrysn Awaiting requested review from chrysn

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marco-tiloca-sics @chrysn @rikard-sics