IETF Logo Mail Archive

Re: [Teep] Scalability of nonce-based freshness

Thomas Fossati <Thomas.Fossati@arm.com> Mon, 15 March 2021 12:07 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C8F63A0E59 for <teep@ietfa.amsl.com>; Mon, 15 Mar 2021 05:07:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=nTUeRvr3; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=nTUeRvr3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dRAbpzQ3y2il for <teep@ietfa.amsl.com>; Mon, 15 Mar 2021 05:07:10 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60080.outbound.protection.outlook.com [40.107.6.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE8513A0E43 for <TEEP@ietf.org>; Mon, 15 Mar 2021 05:07:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xmNLCszKm9mjoFXiBAByvFZTie50jTE+dZA/zP0MosU=; b=nTUeRvr39RwcfEJlxhldV3K+czbzHqrFD7ETPkAdjH2ght12G7BnQFRJBGL6idojO01axxPksjP0Vrx5yuQs74uEno1exfXkWIHKzKrU8SqhfriFEy2ULKh2LB+k14pyOa3DQrP03Dn+8nw6BksVBt/UH0ozVEogrnnQ/QJmcRY=
Received: from DB7PR05CA0030.eurprd05.prod.outlook.com (2603:10a6:10:36::43) by DB6PR0801MB1957.eurprd08.prod.outlook.com (2603:10a6:4:74::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Mon, 15 Mar 2021 12:07:02 +0000
Received: from DB5EUR03FT032.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:36:cafe::9f) by DB7PR05CA0030.outlook.office365.com (2603:10a6:10:36::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32 via Frontend Transport; Mon, 15 Mar 2021 12:07:02 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT032.mail.protection.outlook.com (10.152.20.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31 via Frontend Transport; Mon, 15 Mar 2021 12:07:02 +0000
Received: ("Tessian outbound 24a7072fdae6:v71"); Mon, 15 Mar 2021 12:07:02 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 209d174dd812e50a
X-CR-MTA-TID: 64aa7808
Received: from dc10e1341f1b.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id B52D2822-6E49-4EA5-A521-159B087302DE.1; Mon, 15 Mar 2021 12:06:57 +0000
Received: from EUR02-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id dc10e1341f1b.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 15 Mar 2021 12:06:57 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VJWRioZIY5Zczef9G+ojrIG303n03rhjQAfSx0RJ1hfDIbzm847YfzAjc5zszDkqe+cfrJC6+zCGfZ+UK1YSg0uBZK2v/usHUreXMaGXPhxmwEuwHlhie00RYsLodQpFTK2qJyFyfFEySY+2JzLivw6dKkFLh/iblEABpaWNxMSPGzTkuX8z6VwhRWVDsRkVmt/xLajawI4YlaegMBKf+sI9qOX/CQrDjaeuvO4HGCLtCZz0+Z04sSV9ayLMxRR1argr39qmFzB4fghqjLVYbYd8e3z7SCIeeE2CeAj1FybvzS6sucGOYih+qrL5XaUF7qh01F4LuYi2gxn6NpMffw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xmNLCszKm9mjoFXiBAByvFZTie50jTE+dZA/zP0MosU=; b=JRBIjPAgRvKYKK3AJhjlQfPsU7pTBJ1REUmTPTq9ggql0vSKf5C1GTh+faot70/j2//nrHnoA5mCXhdpruy3oeh/Z44DKFZgviuxkiIo922WOp/9pArIdg8nVU/B7pNQnj1B9EzPiswGWtcmRNUkdwVcZ33M3uX4XC+N2AYlOUQcaKgZL4Z5XwZPXgTGJu5mvuq37pwP9SPvMtrNp482G3JaLPkXRyUF20IKKAj8eySZgf6cTpAkCYmTo/um1RddWG871PRfrA2/cmV7RZFn3GzwHoPFkK62VoMeFdwNhZ9hb77WPRMRkbd38tr9VLk3IEZmWgofsJyxYpclyy8CJw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xmNLCszKm9mjoFXiBAByvFZTie50jTE+dZA/zP0MosU=; b=nTUeRvr39RwcfEJlxhldV3K+czbzHqrFD7ETPkAdjH2ght12G7BnQFRJBGL6idojO01axxPksjP0Vrx5yuQs74uEno1exfXkWIHKzKrU8SqhfriFEy2ULKh2LB+k14pyOa3DQrP03Dn+8nw6BksVBt/UH0ozVEogrnnQ/QJmcRY=
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com (2603:10a6:10:251::8) by DBBPR08MB4743.eurprd08.prod.outlook.com (2603:10a6:10:d9::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Mon, 15 Mar 2021 12:06:55 +0000
Received: from DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::1f5:375c:310f:7df5]) by DB9PR08MB6524.eurprd08.prod.outlook.com ([fe80::1f5:375c:310f:7df5%4]) with mapi id 15.20.3933.032; Mon, 15 Mar 2021 12:06:54 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Göran Selander <goran.selander@ericsson.com>, "TEEP@ietf.org" <TEEP@ietf.org>, Dave Thaler <dthaler@microsoft.com>
CC: Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Teep] Scalability of nonce-based freshness
Thread-Index: AQHXF4P+HIop/qsalEeISWuq+4TOqqqEvPGAgAA7ZoA=
Date: Mon, 15 Mar 2021 12:06:54 +0000
Message-ID: <20DA68C3-1855-4A91-9CB8-6F0FE66958EC@arm.com>
References: <8B31EDA0-20DB-4611-B5D8-F7A60B390684@arm.com> <574A6462-E805-4CFD-99F6-67E42C5C7220@ericsson.com>
In-Reply-To: <574A6462-E805-4CFD-99F6-67E42C5C7220@ericsson.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.46.21021202
Authentication-Results-Original: ericsson.com; dkim=none (message not signed) header.d=none; ericsson.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.12.10.179]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 35d17fb4-aff0-474e-d679-08d8e7aad7e7
x-ms-traffictypediagnostic: DBBPR08MB4743:|DB6PR0801MB1957:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DB6PR0801MB195799FB95CD0DED5477255E9C6C9@DB6PR0801MB1957.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: kY5GGxsxkA1Q+ITKR2CfuuNny0UsJmFGQtYhbykzZ+bIJlZBPZRinEElqJwrfA4kAYyP5Nri7ZVwQl3wdBiCQ+3Osu5vulO6ShBii60ike1xFi9sHFptPVLJeveGO+BRvh2WgVD7RQkV9deIk9f48pzFs2GTQkQC96mUSJfkfcx2U092P0D1pI4bxkjb2I2xfUCc03XeQDqr5mTfrkntnwyqL9Bjce3J/J4OBdbf+SZJofFqDIZlUftmIhD3ImQGDJCryoy4orxn8D+q25H3SVIbCDAjuRs1+v6eTER1floy2+I2ZA2TwfksNrodCCKinD3FpcyNqdC3k50lH7K96BCTE4wqjSrHjJmTd9R9nScNMPXADwLThFOrhyP1vsg0virBXtwStKlfZfhwG/eyPnsTNRSINRiZLB6clffUOjVAhkyRv2OWUiS7VycA18snHHK2hhBpeBgumt39925x/Iy1jIEsgBmtJzRQFbjXK5dAoPuW5RDoQqNzk7N6urMer3u/J7dUDlu7ZZDYtKdTWjMIQFb9t0y3X6fcxNaJNQgEriTJf4t9zxFynAhKsH9PvS+3dsXzNyxI7fYW5AAViFR6l5K/tjTrygEKB0dJxRpkRU3nuXYn2WSirseOSXKv
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB6524.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(39860400002)(366004)(346002)(396003)(478600001)(33656002)(4326008)(71200400001)(86362001)(66574015)(26005)(6512007)(6486002)(6506007)(53546011)(5660300002)(83380400001)(36756003)(2616005)(8676002)(66476007)(76116006)(66946007)(91956017)(66446008)(316002)(64756008)(66556008)(8936002)(2906002)(186003)(110136005)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: yaoKfI1f2Vg2t3RdIdM20MK8aLRw5kjV3nQj9oC6Xy1bB0Xm1zi47zexbqmBo4AZBhwu8XLVDq8xQQWNrby7xYQEF11khKAQ9srsRECAW+EimR9LeIju/0FMHui/kvll5qZKw+IGSU7doAZPNWietw/B2TZwQh0dRlV/vpbaf6cWifYyfzzd92TC3sg7BHIazlvSOKEoGGE7y+bNyiwLSTQ46wDb13F4LYO4CfuKH8CkqFmngs6DJ+x8A/xNsShH/Ag/rJ6FiSwvpDbMd7B75hpHRNw0XJM8ZUQPVCDE+qzF/PyYow4SvBZ6HadcAPS1IG5Pcf+1yq1FteKdlpurUlvHKFBXSFOebBj99Y7iZu4IFN8AEeigWaIR7LWCCoWEJ7tq/wkz461h4JN9pdsDrt3RrCohA/yQ4yjQlRnHpx6sIsYOECFAHio/Dady4EsEqjXANT8o8lwavVTvBz8VHV6MCxyOX1tdjVeiFxAlKhd3nEx03bIj8DdMC4CW39DN+gSb7TwBr9F17KZl53oRJf289eVNxNBh1aFXtJ/Q1U60xlso9OlWSGd2E7yR5IeGtHAmutyKkSW/SNWw5EP1Bwe1V4OvxNMU3N6wk3fUkhLfpIqOCySJDt58B2bDbzHboHtI3o85oKqCG0cbI7Sd2QiqosFhyw/toW8R/e0ARb8gXwUuWtJBqvYfMoOFXBXJSSS9X7T0hAPO9Lb7r2J7x6gKX4E/f74FppcPGe6OgjXG19rCfwA9wCdyJa92zYfHV7MzNSRIKa8tv4qhciVB7uhYCaYJfL87EoxlM/0xR7wYfRr3fXTPXPu1x6VeYg+y3+Shi2scJPfpGRyPMsVUJAnPHKLRzqop5f5X/4F3I+loDReT3giUP7rVbiAj4Qzz5cAhr4DgIN67cFnJFpTKcsBAOawtQDBzXQ6RCYL4K3tWtC9bhz5ZVeX4PvgiJjXHfdPfNXS0XG+x/5TYrUeJx1hlkd0dQs+z1tRGt8xW49a1hnY3vD75JJsQu7oSWxFrS26Yumj/SpvNLvbL1GP9wY6qVYZVt3Qe5k6WlPByTgEbuhukjOZdiL55Zn80WdaOXQGOkcZRZkaohlzR5O5pirRuA6Vd5QzHOByjvae+2ugfL/Ye+gAZidOy0S25eK/5HKaItKR+rdGdcNZzAxpGmA2/qCCHsOEBaDLv2FJBK/Y65PTwSEHjrLywbPIJP2mtpkxuF5L4FSpzpri/gVF+/6PWfykxY4FEHH1zJsBS7n0CODwV/2YmiltTnZX2Kd9tzjZabgzQGyw38NwG38W95m8jHov8be8iU1r1l+C4v9npnzpu7S9gydsrXxqse9P8
Content-Type: text/plain; charset="utf-8"
Content-ID: <22C01CC87335204E955FF71D02B2D290@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4743
Original-Authentication-Results: ericsson.com; dkim=none (message not signed) header.d=none; ericsson.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT032.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: d9b9f78f-4383-4c9f-26fe-08d8e7aad357
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ntTgjBa9dYB3h7XSq6EBKvkP9f/R7RToj8xyPbG9RXa5XHWGIk8Mobe7tV+nLIxXTl76GwGAU5oNombrnFJcybFr0PqYT6hjabxNW88uCm3pZ18g5QbnwA246RsHpG5XuGzd2cNHxUhNsyEDkKEtbumnxQ2+kOtwRDarhehGEcAIKCqIhS7H462J6JZwMqwxEP2ndwpoyo0njmTH/imlwWE5j0nwL0nABtf83E0nc2fXKcKlKSCiQOL8psGuHUNuyfwNw6ghlLDnke6+XJtk5GaFSPhiV/p/ShxfX5+RKJ7dX1dNZWQl/wEQn6WsTE3FTJq4LkQZOlRbYDeGd6qm1RqPI4owr+QNA3cpOHsTDTVK2uYzznP2EkZ7l93g3QsRooGYy2VH0VCvpNGFKHw8l1ZENx8cMK8FAxccMMpXDCCRFj5YqxPN8SRpH0uLKCIkhiGMBS4cN5cxOkIrW/qdexT1ay4P+HLvhVgzl7Q0dqAxeH/i0H49Xpac567dQo73eVySQbm3RQ/+s4LmEx3qSzVpc6M9NUQpX6sX1Hqvr92pxmZ3WEw+ZBS1aAe8x7FtmDVmYhNSZnFlXmFv1jDxZM848hcf+2+Buy/Gxl2A0TXQvJ75BkEuY4pqsAL1BfGK4HO86wg/FeLVJfMRrQpz9m+xQDOF5FkVuaiFngqYDKQ=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(346002)(396003)(376002)(136003)(39860400002)(36840700001)(46966006)(186003)(82310400003)(70586007)(336012)(66574015)(4326008)(316002)(478600001)(356005)(110136005)(70206006)(6512007)(26005)(83380400001)(6486002)(81166007)(2906002)(86362001)(33656002)(5660300002)(2616005)(82740400003)(36860700001)(47076005)(6506007)(53546011)(8936002)(8676002)(36756003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Mar 2021 12:07:02.5616 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 35d17fb4-aff0-474e-d679-08d8e7aad7e7
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT032.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1957
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/v6wixCMViW2D0FPATCOzc4Shiwo>
Subject: Re: [Teep] Scalability of nonce-based freshness
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2021 12:07:18 -0000

Hi Göran,

On 15/03/2021, 07:34, "Göran Selander" <goran.selander@ericsson.com>
wrote:
> Some more details.
>
> In addition to encryption key, the encryption context typically also
> requires an initialization vector (a.k.a. "nonce", but using that term
> would be confusing here) which must only be used once with a given
> key. This may e.g. involve a counter which is stepped for each
> encryption. The value of the counter needs to be reproduced at
> decryption time, e.g. by defining the token nonce to be the counter
> concatenated with the encrypted time stamp (using same notation as
> below: n = counter ||  E(t_req, k) ).

Right.

And looking a bit more at the practical side here, the whole crypto
overhead including the IV/counter and the authentication tag can make it
unfeasible for a "time token" of the sort you have described to stay
below ~32 bytes (note that EAT nonces are bstr .size (8..64)).  Taking
AES-GCM as benchmark you'd need a 12o nonce and a 16o authentication
tag, which leaves 4o for UNIX time with second resolution.  Cutting down
a bit on the tag size, but not too much because malleability is
absolutely not acceptable, you could get back maybe 4 bytes, which you
might or might not want to use for other kind of overhead (e.g., a
context identifier if you are doing some load balancing or for key
rotation, or have higher time resolution, etc.)

> While this part is straightforward there are some subtleties as to how
> the nonces are used which may have an impact on security.
>
> If only the nonces are tracked (or encryption context cached, in the
> case of encrypted time stamps) it is not necessarily possible to
> determine that a particular response is actually matching a request
> with the same nonce. For example, two colluding attesters who both
> have received a request from the same verifier could in theory
> exchange their nonces which would not be noticed.

Sure, the simple "time token" you described is just a bearer token that
can be "redeemed" more than once by one or more parties.  Per se, the
only proof it carries is about the time it was minted and the identity of
the minter.  If you need more than that, you need to boost it up a notch.

> This is not necessarily a problem depending on different things e.g.
> the policy for expiring nonces: If only freshness is sought, then it
> is only required that a recently issued nonce is presented, since that
> restricts the time when the response could have been created. It may
> not even matter if the same nonce is used by different attesters. In
> this setting the properties may be similar with nonces taken directly
> from a PRNG or encrypted time stamps.
>
> The nonce could also carry information about the request, e.g.
> encrypting parts of the request, in which case it is possible to
> verify a stronger binding to a particular request. Or, in the interest
> of saving bytes on the wire at the expense of caching more about the
> request, the nonce coule be a MAC over parts of the request. In the
> ase of a MAC, however, it doesn't make much sense to use encrypted
> time stamps since they would need to be cached.

Indeed, if one needs the "redeem time token" operation to be unique
(i.e., effectively asking the time token to be a nonce in the
cryptographic sense), one could look at some form of binding (e.g.,
RFC8471) or minimal state keeping - possibly playing with rate limiting
within the sliding validity window.

It doesn't look like TEEP has this requirement though.

> Again, not sure how much this matters for this work. Just input to the
> discussion.

Thanks, that was very helpful, for me at least :-)

Cheers!




IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email