Francesca Palombini <francesca.palombini=40ericsson....@dmarc.ietf.org> wrote: > 7. Client wants to update its access rights: retrieves T2 from AS. Note > that this T2 has different authorization info, but does not contain > input keying material ("osc"), only a reference to identify Sec1 ("kid"
Is there an assumption that the access rights(T2) >= access rights(T1)? > Moreover, while comparing with DTLS profile, we realized there is no > reason for which 8. should be sent unprotected. In fact, doing so opens > up to possible attacks where an old update (token non expired) is > re-injected to the RS by an adversary: I agree and I see your point. Thank you for explaining it so well. My question is whether step 8 results in Sec Ctx sec1 being deleted? Could Client want to keep it alive in the case that T1 and T2 actually do different things? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace