> We should probably add an 'other' at the end of the DomainData > so we could capture other things we didn't think of -- like CNAME data. > Although > we don't use it now, who knows about the future.
Thanks! Regards Brian Carpenter University of Auckland On 2008-06-09 12:59, Patrick Cain wrote: > > -----Original Message----- > From: Brian E Carpenter [mailto:[EMAIL PROTECTED] > Sent: Friday, May 30, 2008 12:09 AM > To: General Area Review Team > Cc: Tim Polk; [EMAIL PROTECTED]; Tony Hansen > Subject: Gen-ART LC review of draft-cain-post-inch-phishingextns-04 > > I have been selected as the General Area Review Team (Gen-ART) reviewer > for this draft (for background on Gen-ART, please see > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > Please resolve these comments along with any other Last Call comments > you may receive. > Document: draft-cain-post-inch-phishingextns-04.txt > Reviewer: Brian Carpenter > Review Date: 2008-05-30 > IETF LC End Date: 2008-06-20 > IESG Telechat date: (if known) > > Summary: Ready, one question > > Comments: > > This draft seems to be in good shape. > > Had you considered including actual DNS entries with the > DomainData? I understand that not only may the fraudulent > domain be transitory, but also its actual IP address may > be transitory too. So logging the observed A, AAAA or CNAME > entries within the DomainData could be of forensic value. > > > > --------------------- > > Brian, > > Thank you for your review. > > To your question, we have mostly been trying to identify the name servers > attached to a domain name as the domain goes about its phishing business. > So we structured the XML field using the (more or less) standard fields in > CRISP, since those are the things we think we want to search on. > A reporter could add almost anything they wanted, tho, in one of the big > text block fields. We should probably add an 'other' at the end of the > DomainData > so we could capture other things we didn't think of -- like CNAME data. > Although > we don't use it now, who knows about the future. > > Thanks again for the review. > Pat > > > > > > _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
