2.5. The Request Fragment Rearrangement Attack / list of affected protocols?

[boaks]

That section misses a list of the affected protocol variants.

For 2.5.1 Completing an Operation with an Earlier Final Block

Using DTLS seems to make it much harder to select

1. the final block message
2. the message of the second block wise exchange to insert the postponed final block message

That doesn't make the attack impossible, but less probable and so not very effective.

[emanjon]

I added a general paragraph on protocols.

The attacks can be performed on any security protocol where the attacker can delay the delivery of a message. This incluses DTLS, IPsec, and most OSCORE configurations. The attacks does not work on TCP with TLS or OSCORE (with TLS-like sequence number handling) as in these cases no messages can be delivered before the delayed message. @chrysn I assume there is no attack on TLS. At least the examples do not apply to TLS

@chrysn maybe you could add some text an practical difficulty for -03 (I plan to submit -02 now).

[boaks]

Addressed.

(See comment about DTLS in my new issue #13.)