marco-tiloca-sics
commented
3 years ago Addressed in the commit https://github.com/core-wg/oscore-groupcomm/commit/1b559a0d4fbc99b1e30f1c3c31209419f986ace9
Closed emanjon closed 3 years ago
marco-tiloca-sics
commented
3 years ago Addressed in the commit https://github.com/core-wg/oscore-groupcomm/commit/1b559a0d4fbc99b1e30f1c3c31209419f986ace9
"For instance, a command to turn a bulb on where the bulb is already on does not need the signature to be checked. In such situations, the counter signature needs to be included anyway as part of a message protected with the group mode, so that an endpoint that needs to validate the signature for any reason has the ability to do so."
I don't think this works at all. Assuming a client sends a request to "lock" an open lock, and another group member change it to "unlock". The server answers the client with a "200 OK" stating that it is "locked". Also in the example above, the replay window would not be updated, which likely cause a lot of additional problems.
The kind of "hack" described above seems far worse than just having a group request mode without source authentication. The client always need to know what the server will do cryptographically.