Closed chrysn closed 3 years ago
Hi,
Googling a bit, I think we might need to define this ourselves. Found some papers and presentations taking about freshness, but they did not define it well. Found a very mathematical definition in some other paper that we do not want to use.
I suggest something like this:
Freshness is a measure of the time since time since the message was sent. What is considered a fresh message is application dependent. The Echo mechanism specified in this document allow a server to calculate an upper bound for when the message was encrypted. With this bound, the server can either verify that the message is fresh (fresher than some application defined limit) or determine that it cannot be verified that the message is fresh.
Cheers, John
From: chrysn notifications@github.com Reply to: core-wg/echo-request-tag reply@reply.github.com Date: Wednesday, 9 December 2020 at 14:58 To: core-wg/echo-request-tag echo-request-tag@noreply.github.com Cc: John Mattsson john.mattsson@ericsson.com, Mention mention@noreply.github.com Subject: [core-wg/echo-request-tag] freshness in terminology (#62)
From Ines' Genart review:
1.- It would be nice to have the definition of Freshness into the terminology section.
@gselanderhttps://protect2.fireeye.com/v1/url?k=79f9b0db-266289db-79f9f040-86fc6812c361-99273a1895d4c91a&q=1&e=b1153373-59b1-4f19-a06a-e26fe15895c5&u=https%3A%2F%2Fgithub.com%2Fgselander and @emanjonhttps://protect2.fireeye.com/v1/url?k=65c0fd48-3a5bc448-65c0bdd3-86fc6812c361-01258d0fef835cdf&q=1&e=b1153373-59b1-4f19-a06a-e26fe15895c5&u=https%3A%2F%2Fgithub.com%2Femanjon, do you know of established references we could use there to avoid rolling our own definition?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://protect2.fireeye.com/v1/url?k=a6fa581b-f961611b-a6fa1880-86fc6812c361-d6df7ecda9c6adc5&q=1&e=b1153373-59b1-4f19-a06a-e26fe15895c5&u=https%3A%2F%2Fgithub.com%2Fcore-wg%2Fecho-request-tag%2Fissues%2F62, or unsubscribehttps://protect2.fireeye.com/v1/url?k=a7433286-f8d80b86-a743721d-86fc6812c361-c0f7839c35a6dd00&q=1&e=b1153373-59b1-4f19-a06a-e26fe15895c5&u=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAFYXKYVXKT2XOUADB6FIRYLST567NANCNFSM4UTQZZUQ.
Maybe we can slim that down and avoid talking of time too much (because yes it's time even in the event-based case, but a very odd discrete time, so might confuse people):
Freshness is a measure of when a message was sent. A server that receives a request can either verify that the request is fresh or determine that it cannot be verified that the request is fresh. What is considered a fresh message is application dependent; example definitions are "no more than one hour ago" or "after this server's last reboot".
Would that work for you?
From Ines' Genart review:
@gselander and @emanjon, do you know of established references we could use there to avoid rolling our own definition?