-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Christian's Review of v -21 #108
Conversation
Thanks, LGTM where I may say so.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Except for my comment below things look good to me, as aligned with our internal discussions and the discussion we had with Christian.
draft-ietf-core-oscore-groupcomm.md
Outdated
@@ -1387,7 +1388,7 @@ The pairwise mode does not support external verifiers of source authentication a | |||
|
|||
An endpoint implementing only a silent server does not support the pairwise mode. | |||
|
|||
Endpoints using the CoAP Echo Option {{RFC9175}} and/or block-wise transfers {{RFC7959}} in a group where the AEAD Algorithm and Pairwise Key Agreement Algorithm are set MUST support the pairwise mode. This applies, for example, to block-wise exchanges after a first block-wise request which targets all servers in the group and includes the CoAP Block2 option (see Section 3.8 of {{I-D.ietf-core-groupcomm-bis}}). This prevents the attack described in {{ssec-unicast-requests}}, which leverages requests sent over unicast to a single group member and protected in group mode. | |||
Endpoints using the CoAP Echo Option {{RFC9175}} in a group where the AEAD Algorithm and Pairwise Key Agreement Algorithm are set MUST support the pairwise mode. This prevents the attack described in Section 13.9, which leverages requests sent over unicast to a single group member and protected in group mode. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's better to have the reference to section 13.9 here use markdown references instead. It should be referring to section {#ssec-unicast-requests}.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, now fixed in d95ec71
This PR addresses Christian's review of version -21, archived at: https://mailarchive.ietf.org/arch/msg/core/tPPSsrFMPZId_7Q7OrmbgN1DCdw/