OSCORE and multiple responses

[chrysn]

The combination of OSCORE and multiple nontraditional responses opens an orthogonality gap: OSCORE only talks about Observe multiple responses, and suddenly we could have different ones as well -- and the receiver could decrypt a response multiple times (as there is no replay protection for responses).

We can't close that gap generally, but maybe there's a place for a statement like

When receiving multiple responses through an OSCORE layer, that layer should pass on the sequence numbers (and, in group mode, KID) to the application. The mechanism introducing the multiple responses should contain statements on how to treat responses, given that OSCORE has no built-in response replay protection. In Observe, for example, responses are strictly ordered by their sequence numbers, and older responses discarded, implicitly eliminating duplicates. For proxied multicast requests, handlers should be idempotent anyway (because the proxy is allowed to send multiple responses from a single node), and would thus tolerate replayed responses without ill-effects.

(This was discovered by @marco-tiloca-sics as an issue with group requests forwarded through proxies).

[cabo]

Addressed by #3