"Brian" == Brian Weis <bew(_at_)cisco(_dot_)com> writes:
Brian> Hi Sam, Thanks for your review.
Brian> Your first comment is pointing out a typo (groupkey-pull
Brian> should be groupkey-push), which I've fixed.
Brian> The anti-replay description in Section 3.3 should not say
Brian> that the push message sequence number will be reset to
Brian> 1. Text earlier in this section says that the SEQ payload
Brian> carries the next expected sequence number, and so when the
Brian> KEK is installed that is the number that should be
Brian> installed. I've adjusted the text to say this: "If this group
Brian> has a KEK, the KEK policy and keys are marked as ready for
Brian> use and the GM knows to expect a sequence number not less
Brian> than the one distributed in the SEQ payload." Let me know if
Brian> that change sufficiently clears up the confusion.
Yes, all looks good.
The typo plus the text in 3e.3 caused me to wonder whether something
more complex than I had anticipated was going on with replay.
The new text is quite clear.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf