ietf
[Top] [All Lists]

Re: [secdir] secdir review of draft-ietf-msec-gdoi-update

2011-08-04 08:26:03
"Brian" == Brian Weis <bew(_at_)cisco(_dot_)com> writes:

    Brian> Hi Sam, Thanks for your review.

    Brian> Your first comment is pointing out a typo (groupkey-pull
    Brian> should be groupkey-push), which I've fixed.

    Brian> The anti-replay description in Section 3.3 should not say
    Brian> that the push message sequence number will be reset to
    Brian> 1. Text earlier in this section says that the SEQ payload
    Brian> carries the next expected sequence number, and so when the
    Brian> KEK is installed that is the number that should be
    Brian> installed. I've adjusted the text to say this: "If this group
    Brian> has a KEK, the KEK policy and keys are marked as ready for
    Brian> use and the GM knows to expect a sequence number not less
    Brian> than the one distributed in the SEQ payload." Let me know if
    Brian> that change sufficiently clears up the confusion.

Yes, all looks good.
The typo plus the text in 3e.3 caused me to wonder whether something
more complex than I had anticipated was going on with replay.
The new text is quite clear.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>