chris-wood
commented
2 years ago Based on IETF 112, closing in favor of #257.
Closed emanjon closed 2 years ago
chris-wood
commented
2 years ago Based on IETF 112, closing in favor of #257.
This PR addresses #249.
Larger epoch (e.g. 32-bit) seems quite straightforward.
It changes the DTLSPlaintext structure which is not sent on the wire.
It changes the RecordNumber structure used in the ACK message. This should likely contain the full epoch
It changes the 64-bit "record_sequence_number". This PR suggest the 64 low order bits of the RecordNumber. I think it could also be set to 0x0000 || sequence_number. I don't think epoch is needed here as the keys are different.
Note that a 32-bit epoch still limits the number of packets in a AES-GCM connection compared to what is allowed in DTLS 1.2. 2^56.6 compared to 2^64. 2^56.5 is likely enough for all use cases but epoch could also be made even larger 2^48 or 2^64.