Thanks a lot, Vijay! The edit looks good. We will commit the edit when we upload a new version on Thursday. Richard
On Mon, Mar 2, 2020 at 10:02 AM Vijay Gurbani <[email protected]> wrote: > Dear Richard: I will suggest a couple of minor modifications: > > New paragraph: > >> >> The operator should be should be cognizant that the preceding mechanisms >> do not address all security risks. In particular, they will not help >> in >> the case of “malicious clients” possessing valid credentials to >> authenticate. The threat here can be that legitimate clients have >> become subverted by an attacker and are now ‘bots’ being asked to >> participate in a DDoS attack. The Calendar information would be >> valuable >> information for when to persecute a DDoS attack. A mechanism such as >> a monitoring system that detects abnormal behaviors may still be >> needed." >> > > Suggested changes: > The operator should be should be cognizant that the preceding mechanisms > do not address all security risks. In particular, they will not help in > the case of “malicious clients” possessing valid authentication > credentials. > The threat here is that legitimate clients have become subverted by an > attacker > and are now ‘bots’ being asked to participate in a DDoS attack. The > Calendar > information now becomes valuable in knowing exactly when to perpetrate > a DDoS > attack. A mechanism such as a monitoring system that detects abnormal > behaviors may still be needed. > > Cheers, > > - vijay > > [ Trimmed the Cc list to avoid email explosion on a minor change. ] > > > -- -- ===================================== | Y. Richard Yang <[email protected]> | | Professor of Computer Science | | http://www.cs.yale.edu/~yry/ | =====================================
_______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
