Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anti-replay requirements #43

Open
andyleiserson opened this issue Oct 3, 2024 · 1 comment
Open

Anti-replay requirements #43

andyleiserson opened this issue Oct 3, 2024 · 1 comment

Comments

@andyleiserson
Copy link
Collaborator

This is a TODO section in the spec and was also the subject of some discussion at TPAC.
@martinthomson martinthomson moved this to Essential in Level 1 API Nov 25, 2024
@csharrison
Copy link

A few things I recall discussing at TPAC:

  1. Grouping together the state associated with multiple reports via origin / timestamp for efficiency (we do this in ARA)
  2. Adding some associated data in the AEAD that allows the API caller to further partition the groups in a finer-grained way
  3. Whether to support requerying the same report via the stateful anti-replay protection (vs. just emitting multiple reports).

IMO I think (2) and (3) are probably puntable from level 1 since it seems fairly easy to extend in the future, but we should specify (1) at the minimum.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Level 1 API
Status: Essential
Milestone
No milestone
Development

No branches or pull requests
2 participants
@csharrison @andyleiserson