Resolution: Won't Do
ENCRYPT might drop some (unicast) messages encrypted with unknown key if the delivery of new view is delayed.
This problem was noticed while doing some stress testing on the fix for
When view changes, coordinator multicasts the new view after which is starts using new symmetric keys. If some node receives a message sent with the new key before the new view is received, the received message will be dropped since it cannot be decrypted.
We thought of possible solutions to be.
1. Sender specific queue holding the messages received.
2. Starting to queue up messages until new view has been received
I have implemented the second option which is quite straightforward, but it could lead into problems when receiving message with unknown key that is not related to coming view change.
I wonder if there is another way to overcome this problem?