Hi OSCoAP authors
I was trying to read the OSCoAP and 6tisch minimal security drafts. I
have a question about the AEAD nonce uniqueness. RFC 5116 says that:
When there are multiple devices performing encryption using a single
key, those devices must coordinate to ensure that the nonces are
unique. A simple way to do this is to use a nonce format that
contains a field that is distinct for each one of the devices
So my obvious question is how is the AEAD nonce uniqueness ensured. The
PSK is known to at least two parties (more in case of some uses such as
multicast OSCoAP
https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-01)??
The draft currently says that AEAD Nonce uniqueness is ensured with
sequence numbers and sender context which is essentially the sender ID.
But how do you ensure that the two parties have different sender ID.
Especially since sender ID is not fixed length. I guess there will be
other problems in case of sender ID collisions?
--Mohit
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch
