DTLS 1.3 Epoch handling #59
Comments
|
Hmm. A hack: When changing the epoch, change also the Shared Key ID, but use it (for now) with the same shared key. That way we should get DTLS 1.3 on par with DTLS 1.2 considering the drain game. Then we only have to solve #60... |
|
We discussed this on today's meeting and our proposal for going forward are the following:
|
Does just changing the SCTP-AUTH keyID but using the same key lead to any security problems? I don't know the details of SCTP-AUTH. If the Shared Key ID is integrity protected, I think we are fine. If it is not an attacker can change the Shared Key ID which would likely lead to attacks on availability. Probably good to derive new keys anyway using the context. |
|
The keyid is just used to let the receiver know which key to use for processing. So I see no issue right now... |
|
I made a new DTLS 1.3 issue regarding the lack of exporter rekeying |
|
Is there another issue needed for the following text in DTLS 1.3? "Implementations My understanding is that RFC6083bis must and will violate this. If that is the case it would be good to soften the text in the DTLS 1.3 draft a bit. |
|
I agree. |
|
This issue should not any longer be relevant with the changes in #70. |
Currently DTLS 1.3 key update procedure relies on a form of draining which is limiting and can impact the upper layer protocol application as they can't send new user messages during key update procedures.. Thus a better solution should be found.
The text was updated successfully, but these errors were encountered: