Hi Olafur,
Thanks for the feedback.
This capability allows an attacker once it has gained access to schedule
events in the future even
though attackers access has been detected and revoked.
We will add a paragraph that describes this potential threat to the next
version of the draft.
Thanks,
Tal.
From: Netconf [mailto:netconf-bounces(_at_)ietf(_dot_)org] On Behalf Of Olafur
Gudmundsson
Sent: Thursday, July 30, 2015 12:16 AM
To: ietf; netconf(_at_)ietf(_dot_)org;
draft-mm-netconf-time-capability(_dot_)all(_at_)ietf(_dot_)org
Cc: secdir(_at_)ietf(_dot_)org
Subject: [Netconf] Sec-Dir Review: draft-mm-netconf-time-capability-05.tx
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This document is ready for publication
The document is well written.
The security considerations are clear and accurate. I would like highlight one
omission though.
This capability allows an attacker once it has gained access to schedule events
in the future even
though attackers access has been detected and revoked.
Olafur