emanjon
commented
2 years ago RFC8613 states
In case of
reliable and ordered transport from endpoint to endpoint, e.g., TCP,
the server MAY just store the last received Partial IV and require
that newly received Partial IVs equal the last received Partial IV +
1.So you can implement OSCORE over TCP in a way similar to TLS, but the statement is not true in general for OCSORE over TCP.
The reason OSCORE over TCP allows DTLS-like sequence number handling is that other parts of the path might use UDP.
"If CoAP is used over a reliable and ordered transport such as TCP with TLS or OSCORE, no messages can be delivered before the delayed message."
This is not always true for OSCORE. This is true for TLS as it does not allow jumps in the sequence number (which is not even sent on the wire). For OSCORE (with DTLS-like sequence number handling) an attacker can easily MITM TCP under OSCORE.