Replay protection:
Section 4.2 says "Proposals MUST support replay protection. The
existing mechanisms for replay protection are considered adequate and
should be maintained." I think the latter sentence needs some
clarification. If the intent is to say replay protection provided by
the current mechanisms (i.e., basically none for Access-Request
messages) is good enough, I would disagree with that (or at least
would expect to see an explanation why that's the case for
Access-Requests). If the intent is something else, the text needs
to be clearer.
|