From 7a21ada839e35d02b7746fca6b707beaf130691a Mon Sep 17 00:00:00 2001 From: crimson Date: Thu, 17 Oct 2024 10:09:09 +0200 Subject: [PATCH] Improved security considerations for the Group-ETag Option --- draft-ietf-core-groupcomm-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-core-groupcomm-proxy.md b/draft-ietf-core-groupcomm-proxy.md index 74d85e3..eb8a9de 100644 --- a/draft-ietf-core-groupcomm-proxy.md +++ b/draft-ietf-core-groupcomm-proxy.md @@ -1016,7 +1016,7 @@ The security association between the client and the proxy MUST provide message i Removing the option would result in the proxy not performing response revalidation at its cache entries associated with the servers in the CoAP group, even though that was what the client asked for. -Altering the option content in a group request would result in the proxy failing the response revalidation and hence not replying with a single 2.03 (Valid) response, but instead with multiple 2.05 (Content) responses conveying the full resource representations from its cache entries. Instead, altering the option content in a 2.03 (Valid) or 2.05 (Content) response would result in the client wrongly believing that the already stored or the just received representation, respectively, is also the current one, as per the entity value of the tampered Group-ETag Option. +Altering the option content in a group request would result in the proxy performing response revalidation based on different entity-tag values from those actually specified by the client. Consequently, the proxy would erroneously reply with multiple 2.05 (Content) responses conveying the full resource representations from its cache entries instead of with a single 2.03 (Valid) response, or vice versa. Instead, altering the option content in a 2.03 (Valid) or 2.05 (Content) response would result in the client wrongly believing that the already stored or the just received representation, respectively, is also the current one, as per the entity value of the tampered Group-ETag Option. The security association between the client and the proxy SHOULD also provide message confidentiality. Otherwise, any further intermediaries between the two as well as any on-path passive adversaries would be able to access the option content, and thus learn the rate and pattern according to which the group resource in question changes over time, as inferable from the entity values read over time.