ietf
[Top] [All Lists]

RE: [Netconf] Sec-Dir Review: draft-mm-netconf-time-capability-05.tx

2015-07-30 01:44:57
Hi Olafur,

Thanks for the feedback.

This capability allows an attacker once it has gained access to schedule 
events in the future even
though attackers access has been detected and revoked.

We will add a paragraph that describes this potential threat to the next 
version of the draft.

Thanks,
Tal.

From: Netconf [mailto:netconf-bounces(_at_)ietf(_dot_)org] On Behalf Of Olafur 
Gudmundsson
Sent: Thursday, July 30, 2015 12:16 AM
To: ietf; netconf(_at_)ietf(_dot_)org; 
draft-mm-netconf-time-capability(_dot_)all(_at_)ietf(_dot_)org
Cc: secdir(_at_)ietf(_dot_)org
Subject: [Netconf] Sec-Dir Review: draft-mm-netconf-time-capability-05.tx

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document is ready for publication
The document is well written.

The security considerations are clear and accurate. I would like highlight one 
omission though.
This capability allows an attacker once it has gained access to schedule events 
in the future even
though attackers access has been detected and revoked.

Olafur
<Prev in Thread] Current Thread [Next in Thread>