Francesca Palombini <francesca.palombini=40ericsson....@dmarc.ietf.org> wrote:
> 7. Client wants to update its access rights: retrieves T2 from AS. Note
> that this T2 has different authorization info, but does not contain
> input keying material ("osc"), only a reference to identify Sec1 ("kid"
Is there an assumption that the access rights(T2) >= access rights(T1)?
> Moreover, while comparing with DTLS profile, we realized there is no
> reason for which 8. should be sent unprotected. In fact, doing so opens
> up to possible attacks where an old update (token non expired) is
> re-injected to the RS by an adversary:
I agree and I see your point.
Thank you for explaining it so well.
My question is whether step 8 results in Sec Ctx sec1 being deleted?
Could Client want to keep it alive in the case that T1 and T2 actually do
different things?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
