awwad
commented
7 years ago This issue was moved to uptane/uptane#8
Closed awwad closed 7 years ago
awwad
commented
7 years ago This issue was moved to uptane/uptane#8
If the Primary discards any Timeserver attestations that do not have all nonces the Primary sent and expects back or that have any extra nonces, this makes certain replay attacks harder: one could not as readily spam nonces in a single Timeserver attestation and then reuse that later.
Consider also making attestations specific to the vehicle by including VIN, which further narrows the attack space.