Tuomas Aura: CURRENT TEXT: Section 5.3.4.1: See the last two bullets,
especially the sentence: "RDlast is updated in any case."

PROBLEM: I think the last bullet has been accidentally written as a
separate bullet. It should be a sub-case of the second last
bullet. Otherwise, an attacker can use the updating of RDlast to
increase the replay window.

(Details of the attack: Honest node sends message m1 
at time t=10 and message m2 at time t=20. At time 
t=21, the timestamp on the second message expires, 
i.e., the receiver stops considering replays of 
message m2 as valid. At time t=25, the attacker 
replays m1. Because TSnew<TSlast, the receiver updates 
RDlast but not TSlast. This effectively increases the 
replay windows by 5 time units. Attacker can now 
replay message m2 and it will be accepted.) 
If TSnew+fuzz>TSlast+(RDnew-RDlast)x(1-drift)-fuzz is 
true and TSnew<TSlast, then there is no great harm in 
updating RDlast. However, I don't understand why it 
needs to be updated.

PROPOSAL: Make the last bullet a sub-case of the second last
bullet. Delete the sentence "RDlast is updated in any case."  Most
importantly, if TSnew+fuzz>TSlast+(RDnew-RDlast)x(1-drift)-fuzz is
false, then the message should be ignored, regardless of whether
TSnew<TSlast or not.

---------------

Jari Arkko: Agreed. But this is complicated. Lets see if I got this
right:

   o  When a message is received from a known peer, i.e., one that
      already has an entry in the cache, the time stamp is checked
      against the previously received SEND message:

        TSnew + fuzz > TSlast + (RDnew - RDlast) x (1 - drift) - fuzz

      If this does not hold, the message SHOULD be silently discarded.

      If it does hold, the message is processed.  However, if TSnew <
      TSlast, which is possible if packets arrive rapidly and out of
      order, TSlast MUST NOT be updated, i.e., the stored TSlast for a
      given node MUST NOT ever decrease.  Otherwise TSlast and RDlast
      SHOULD be updated.

---------------

Tuomas Aura: This fixes the main issue. However, it is still not
specified whether the receiver should update RDlast if both formulas
hold. It is probably better not to update RDlast because the packet
that arrives first gives the most accurate measurement of the
difference of the clocks. (Note that attackers cannot exploit this
because they usually cannot speed up the delivery of packets.)

Could we rewrite the 2 last paragraphs above a follows:

        If this inequality does not hold, the receiver SHOULD 
        silently discard the message. On the other hand, if the 
        inequality holds, the receiver SHOULD process the message.

        Moreover, if the above inequality holds and 
        TSnew > TSlast, the receiver SHOULD update RDlast 
        and TSlast. Otherwise, the receiver MUST NOT update
        update RDlast or TSlast. 

I would leave out the sentence about TSlast never decreasing
because the reader might understand this as a general a rule.
It is, or course, not a general rule because TSlast can decrease 
in response to solicited advertisements.

---------------

Jari Arkko: Your text looks good. Thanks.

---------------

---------------

---------------