Re: [core] DTLS and Epochs

["weigengyu" <weigengyu@vip.sina.com>]

Hi,

> Please note - I did not say that the epoch was not changed, I said that it 
> does not tell me that the epoch has changed.
> From a strictly security point of view there is no reason to do so if, for 
> example, the epoch changed just because the key was rolled over.

Why the epoch changed event must tell "me", i.e. the upper layer entity?

Regards,

Gengyu WEI
Network Technology Center
School of Computer
Beijing University of Posts and Telecommunications
-----原始邮件----- 
From: Jim Schaad
Sent: Friday, June 02, 2017 1:45 AM
To: 'Carsten Bormann'
Cc: 'weigengyu' ; 'Klaus Hartke' ; core@ietf.org
Subject: RE: [core] DTLS and Epochs



-----Original Message-----
From: Carsten Bormann [mailto:cabo@tzi.org]
Sent: Thursday, June 1, 2017 9:36 AM
To: Jim Schaad <ietf@augustcellars.com>
Cc: weigengyu <weigengyu@bupt.edu.cn>; Klaus Hartke <hartke@tzi.org>;
core@ietf.org
Subject: Re: [core] DTLS and Epochs

On Jun 1, 2017, at 18:10, Jim Schaad <ietf@augustcellars.com> wrote:
>
> Please note - I did not say that the epoch was not changed, I said that it 
> does not tell me that the epoch has changed.  From a strictly security 
> point of view there is no reason to do so if, for example, the epoch 
> changed just because the key was rolled over.

Right, and the question for me is:  How do we get from the overly
restrictive spec in 7252 to something that is still secure and can be
supported by TLS libraries that are out there.

[JLS] I believe that the only way is to do an update to 7252.  I originally
thought that I would file an errata, but I do not believe that is a correct
use of the errata system.  It is used for things which are unclear or
technically wrong.  This is not wrong, just misguided. It might be easiest
to just do a delta RFC unless there is a good number of errata that need to
be rolled into an updated document.

Jim


Grüße, Carsten