MITM Amplification Attacks

[boaks]

Please add, that the other attacks could be applied "proactive" by an attacker.

But the attacks, changing the source address of a valid DTLS CID record, are passive attacks. The attacker must wait for such messages. That makes such attack in my opinion much less attractive.

A difference between (D)TLS and OSCORE is that in DTLS the updated address is used for all future records, while in OSCORE a new address is only used for responses to a specific request.

That depends on the roles. A coap-server will usually also only send back the response to the last/current source address. In my deployments, clients usually don't update the server's address using CID at all. There is a difference in a description of a protocol, which offers symmetric function and is not coupled to other layers. And a real system, which can easily use such a coupling. Sure, someone may try a different approach, therefore draft-ietf-tls-dtls-rrc is on the way.

[emanjon]

Please continue discussion at https://github.com/t2trg/t2trg-amplification-attacks/issues/2

(Due to lack of owner rights I could not transfer this repository and instead had to make a new one, I will manually create new issues there for any open issues).