It says: >4.3.2. message_1 -> V > > Party V processes the received message_1 as follows: > > o Party V SHALL verify that the nonce has not been received before. > If the verification fails, the message MUST be discarded. > Otherwise, Party V SHALL store a representation of the nonce > for future verifications.
Please clarify "has not been received before". Ever? Or within some interval? In IKE, we care about the nonces not being reused during the time that the node continues to use the same keypair at its end. (In DH, this means the same y value for g^y). But, you specify a fresh keypair each time. Can two nodes U1 and U2 both use the same nonce (by random chance!) Or must it be unique among all peers? Storing such nonces is impossible for a constrained node... Even a non-constained node V won't be able to store many nonces received, once you count adding indexes to search for the list efficiently. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
