Skip to content

6.2.5 Erasure of previous character in RTT

6.2.5 Erasure of previous character in RTT <from GitLab issue #92 (closed)>

Where ICT has RTT capabities,

the ICT shall provide functionality that allows erasure of the previous character for a minimum of 800 characters within the same session without being limited by any line separator or other delimiter in the earlier text.

Microsoft Analysis

No time limit is mentioned in this requirement, allowing erasures to occur days, weeks, months or even years after the original transmission. This is problematic from both an implementation and a security standpoint – attackers can erase all of a participant’s past messages at any time.

Proposed changes

Change “capabities” to “capabilities”.

Add “Implementations MAY impose time limitations on this erasure requirement, preventing erasures submitted more than TIME_LIMIT minutes after the original text.” The default value of TIME_LIMIT is 60.