Paul Millar [mailto:paul.millar@desy.de] said:
[BTW, please check RFC-3552; it says we MUST talk about certain attacks, like replay]
OK, but the "talking about" may presumably just be a statement that it doesn't apply.
If Eve records these messages, she may be able to inject it at a later date. Although she couldn't undertake a "modification" attack, the system is open to a "replay" attack.
OK, that's a reasonable point, but perhaps you should say that explicitly. Usually replay attacks mean that you are capturing one side of a transaction and replaying it later to the other side, and that kind of thing doesn't seem relevant to GLUE.
Anyway, this section isn't very long and doesn't say anything too controversial, so I'd be inclined to keep this one, too, but if you feel it's a waste of space we can also remove it.
You can leave the section in, but say that it's a special case of modification. Again the usual meaning of mitm is that you sit in the middle of a transaction, e.g. a fake web site that looks like your bank, passes your keystrokes on to the real site and passes its reponses back to you. Stephen -- Scanned by iCritical.