[Ace] More replay questions

["Jim Schaad" <ietf@augustcellars.com>]

I have a couple of more questions about replay

1.  Is there any reason to think that relay protection is going to be wanted
without the object security wrapper?  

I note that DTLS does provide some replay protection but not complete replay
protection.  It allows for the ability to do the "last n messages" check
that you don't do a replay for one of those messages (or out of zone
messages) but it does not allow for a high water mark style of replay
protection (don't replay  a messages sent before the last one I processed). 

How this is not supported can be seen from the following sequence of events:
a)  C sends message M1
b)  C sends message M2
c)  Proxy receives M2 and re-sends as M_p1
d)  Proxy receives M1 and re-sends as M_p2
e)  Server receives message M_p1 and processes
f) Server receives message M_p2 and processes

The proxy reversed the order of the messages, but sense it uses a different
counter for the sequence number than what the client does the server cannot
detect that M1 arrived after M2 and thus should not be processed.

2.  Do you expect any intermediaries to help and do the same replay
protection that you are getting at the endpoint?  For example, would you
expect the proxy in the previous example to potentially not re-send message
M1 because it does not make the high water replay conditions?

3.  Do you expect to apply replay protection before or after doing the
cryptographic integrity checks?

My expectation is that one should be doing this BEFORE doing any
cryptographic operations.  This says that putting it in the options might be
better if it can be accessed faster.  Would also say that making it an
unprotected attribute is better as there would be one less decoding step
required to use it.

4.  Is there ever any reason to think that replay protection items might
need to be encrypted?

I have no idea if there would ever be any leakage of information  here.  I
kind of doubt it.

Jim