-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DTLS replay protection #13
Comments
I'm not sure, if this will be the right way. I would more emphasis on the possibility and use-cases than on making it mandatory. |
It does depend on the use case, and going all replay-protect may be overkill. In particular, the path of replay protection was not taken in RD eventually, and more explicit request freshness terminology introduced instead (in core-wg/resource-directory#291) that makes DTLS replay protection optional again. The very least thing that would resolve the misalignment issue of people being surprised by the replay protection being optional would be to point out explicitly in the clarifications that it is optional, and outline consequences and mitigation. |
Many CoAP users are unaware of DTLS not mandating replay protection.
We may want to consider requiring it for CoAP it at the next possible point. (RD is about to do so on its own, as it came up there).
The text was updated successfully, but these errors were encountered: