marco-tiloca-sics
commented
3 years ago As discussed, now addressed by encrypting the counter signature, see https://github.com/core-wg/oscore-groupcomm/commit/0b74642065c166019c311b7114dde4824ac6b5a1
Closed emanjon closed 3 years ago
marco-tiloca-sics
commented
3 years ago As discussed, now addressed by encrypting the counter signature, see https://github.com/core-wg/oscore-groupcomm/commit/0b74642065c166019c311b7114dde4824ac6b5a1
The current -11 design allows an attacker to link messages from different groups as long as the public key is the same (which it likely will be). I think group oscore should probably fulfill something like
I think that can be done by signing a HMAC that is not sent on the wire (at least that stops the trivial attack), or by encrypting the signature. (a signature verifying proxy would have to be a limited group member that can verify but not decrypt)