Closed rikard-sics closed 1 year ago
Similar problems as with the observation scenario above. This could happen if a request was sent and the response is received after rekeying with KUDOS has happened (where the response is using the new key material).
Sequence of events is:
The response from the server would cryptograhically match both Req1 and Req2.
Possible solution:
Bring up during an interim?
This should now be solved in section 4.3.1.1 Avoiding In-Transit Requests During a Key Update considering that we are forbidding running KUDOS when requests are in transit (having outstanding interactions).
If you get a request, reply afterwards with the new key material (after KUDOS execution). Process request with CTX_OLD, and protect response with CTX_NEW.
If you get a response, process it with CTX_OLD.