Consider using a sequence number instead of R2

core-wg / oscore-key-update

Other

0 stars 0 forks source link

Consider using a sequence number instead of R2 #11

Closed rikard-sics closed 9 months ago

rikard-sics commented 2 years ago

As suggested by John during a meeting on April 29

rikard-sics commented 2 years ago

Marco Tiloca commented:

I can't find a comment from John in the meeting minutes [1].

It's strange though. OSCORE Appendix B.2 clearly generates R2 as a random value, either directly or through key derivation to trade storage and communication overhead. How would it be different here, especially since we want to keep covering also a rekeying following a reboot?

[1] https://datatracker.ietf.org/meeting/interim-2021-core-04/materials/minutes-interim-2021-core-04-202104281600-00.txt

rikard-sics commented 2 years ago

We could possibly check the recording

rikard-sics commented 9 months ago

We now allow using counters as nonce values for CAPABLE devices that are willing to accept the privacy implications.

rikard-sics commented 9 months ago

Usage of counters/sequence numbers are allowed now for CAPABLE devices.