-
assigned issue to
- changed status to open
Messages - Inconsistent statements about mitigating replay attacks
Issue #301
resolved
"nonce" is defined as "A random, unique string value used to mitigate replay attacks." (3 times!)
But then later, the spec says "The Client SHOULD check the nonce value for replay attacks. Replay attack mitigation is out of scope for this specification." (2 times!)
Are we mitigating replay attacks or not?
Comments (4)
-
-
-
assigned issue to
-
assigned issue to
-
reporter -
assigned issue to
Delete the sentence: Replay attack mitigation is out of scope for this specification. Add "The precise method used for detecting replay attacks using the nonce is client specific."
-
assigned issue to
-
reporter - changed status to resolved
- Log in to comment