From b2765e759d1ed041c9c585c7ed3207be0e570ccd Mon Sep 17 00:00:00 2001
From: Sanaz Taheri Boshrooyeh <35961250+staheri14@users.noreply.github.com>
Date: Thu, 5 Aug 2021 19:53:56 -0700
Subject: [PATCH] 14-WAKU2-MESSAGE: Adds security consideration about the
 timestamp field (#447)

* adds the consideration about the timestamp

* minor rewording

* more explicit about enc and sign

* minor revision

* Update content/docs/rfcs/14/README.md

Co-authored-by: oskarth <ot@oskarthoren.com>

* Update content/docs/rfcs/14/README.md

Co-authored-by: oskarth <ot@oskarthoren.com>

* rephrases the CIA discussion

Co-authored-by: oskarth <ot@oskarthoren.com>
---
 content/docs/rfcs/14/README.md | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/content/docs/rfcs/14/README.md b/content/docs/rfcs/14/README.md
index a69b1f58..cfc5863e 100644
--- a/content/docs/rfcs/14/README.md
+++ b/content/docs/rfcs/14/README.md
@@ -77,8 +77,20 @@ The previous `data` field corresponds to the `payload` field.
 
 # Security Consideration
 
-In Waku, the confidentiality, integrity, and authenticity of the data must be addressed at the `WakuMessage` level.
-That is, the `payload` shall be encrypted or signed properly to meet the application-specific privacy needs.
+## Confidentiality, integrity, and authenticity 
+It is up to the application layer as to what level confidentiality, integrity and authenticity of the `payload` of `WakuMessage` matters. 
+Accordingly, the application layer shall utilize the encryption and signature schemes supported in WAKU2 to meet the application-specific privacy needs.
+The set of supported schemes in WAKU2 is presented in [WAKU2-PAYLOAD](/specs/26).
+
+## Reliability of the WakuMessage timestamp
+
+The `timestamp` field in `WakuMessage` is set by the sender.
+Because `timestamp` isn't independently verified, this field is prone to exploit and misuse.
+It should not solely be relied upon for operations such as message ordering.
+
+For example, a malicious node can arbitrarily set the  `timestamp` of a `WakuMessage` to a high value so that it always shows up as the most recent message in a chat application.
+Applications using the `WakuMessage`'s `timestamp` field are recommended to use additional methods for more robust message ordering.
+An example of how to deal with message ordering against adversarial message timestamps can be found in the Status protocol, see [6/PAYLOADS](https://specs.status.im/spec/6#clock-vs-timestamp-and-message-ordering).
 
 # Copyright