From b55c82457945d27f87eacebfc0701408c2842e7c Mon Sep 17 00:00:00 2001 From: Lucas Pardue Date: Sat, 9 Dec 2023 20:52:49 +0000 Subject: [PATCH] social engineering attacks too --- draft-ietf-quic-qlog-main-schema.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-qlog-main-schema.md b/draft-ietf-quic-qlog-main-schema.md index 4e3a0610..77cb633e 100644 --- a/draft-ietf-quic-qlog-main-schema.md +++ b/draft-ietf-quic-qlog-main-schema.md @@ -1587,13 +1587,13 @@ more-sensitive data requires higher privileges). It is recommended that access to stored qlogs is subject to access control and auditing. -Access control techniques in end user client environments can be limited. -An end-user that might enable logging without understanding the implications of -that choice on their privacy and security. Implementations should -consider how to make enabling qlog conspicous, and resistant to automation or -drive-by attacks. Examples include, requiring explicit actions to start a -capture and isolation or sandboxing of capture from other activities in the -same process or component. +Access control techniques in end user client environments can be limited. An +end-user that might enable logging without understanding the implications of +that choice on their privacy and security. Implementations should consider how +to make enabling qlog conspicous, and resistant to social engineering, +automation, or drive-by attacks. Examples include, requiring explicit actions to +start a capture, and isolation or sandboxing of capture from other activities in +the same process or component. It is recommended that data retention policies are defined for the storage of qlog files.