Security considerations of token reuse

emanjon commented 5 years ago

I tried to add security considerations for token reuse to the PR. Please review, this is not trivial.

Token reuse for DTLS seem hard if not impossible to do securely. I don't find Token reuse with DTLS possible to do securely..... am I missing something?
Token reuse for TLS without Observer and without Groups communication seems quite easy.
Do we need to say something about Group communication?
Do we need to say something about stateless tokens? I think the current requirements on integrity protection and replay protection protection in the stateless draft should be enough.

gselander commented 5 years ago

I think John refers to e49ff36

emanjon commented 4 years ago

Taken care of in the version -07

core-wg / echo-request-tag