Comments received during WG adoption call - RFC 7959

[emanjon]

Mohamed Boucadair
https://mailarchive.ietf.org/arch/msg/core/4czSZYmRgMVgRA2d8mVpGUBwD0w/

It would helpful to explicit in Section 2.1 that this is about 7959, not the new block (to-be-RFC9177). Assessing the case of the new-block would be useful as well.

[emanjon]

How does the attacks in draft-ietf-core-attacks-on-coap and the mitigations (Request-tag and ETag processing) defined in RFC 9175 apply to the Q-Block1 and Q-Block2 Options defined in 9177?

[emanjon]

@chrysn can you make an update describing how the attacks applies or do not applies to Q-Block1 and Q-Block2 Options defined in 9177?

[chrysn]

I'll take that one (and see what is left of #3 after doing that); my current assumption (which I'll check) is that the attack applies likewise. Then, the new text would say "This is about 7959 blockwise transfer. It applies likewise to 9177" (if that is true).

[emanjon]

@chrysn Achim made the general comment:

With a list of preconditions it would be easier to see,
if a system is affected by that attack or not.

Check if preconditions for the fragment attack is stated clearly enough.

[emanjon]

@chrysn @gselander

Do you think we could fix and close #2 and #3 and submit next week?

[chrysn]

Sorry it took longer; there is now #8.

Check if preconditions for the fragment attack is stated clearly enough.

The section "Attack difficulty" that lists preconditions was already added after Achim's 2022-02 comments, and I think suffices.

[chrysn]

Having checked the original comment: I think that once #8 is merged, this issue can be closed.

[emanjon]

Closing as #8 has been mergerd