If these stay the only changes, we can add them as RFC editor notes without the need to upload a new version.
Mirja > On 2. Mar 2020, at 19:12, Y. Richard Yang <y...@cs.yale.edu> wrote: > > Thanks a lot, Vijay! The edit looks good. > > We will commit the edit when we upload a new version on Thursday. > Richard > > On Mon, Mar 2, 2020 at 10:02 AM Vijay Gurbani <vijay.gurb...@gmail.com> wrote: > Dear Richard: I will suggest a couple of minor modifications: > > New paragraph: > > The operator should be should be cognizant that the preceding mechanisms > do not address all security risks. In particular, they will not help in > the case of “malicious clients” possessing valid credentials to > authenticate. The threat here can be that legitimate clients have > become subverted by an attacker and are now ‘bots’ being asked to > participate in a DDoS attack. The Calendar information would be valuable > information for when to persecute a DDoS attack. A mechanism such as > a monitoring system that detects abnormal behaviors may still be needed." > > Suggested changes: > The operator should be should be cognizant that the preceding mechanisms > do not address all security risks. In particular, they will not help in > the case of “malicious clients” possessing valid authentication > credentials. > The threat here is that legitimate clients have become subverted by an > attacker > and are now ‘bots’ being asked to participate in a DDoS attack. The > Calendar > information now becomes valuable in knowing exactly when to perpetrate a > DDoS > attack. A mechanism such as a monitoring system that detects abnormal > behaviors may still be needed. > > Cheers, > > - vijay > > [ Trimmed the Cc list to avoid email explosion on a minor change. ] > > > > > -- > -- > ===================================== > | Y. Richard Yang <y...@cs.yale.edu> | > | Professor of Computer Science | > | http://www.cs.yale.edu/~yry/ | > ===================================== _______________________________________________ alto mailing list alto@ietf.org https://www.ietf.org/mailman/listinfo/alto
