> We should probably add an 'other' at the end of the DomainData
> so we could capture other things we didn't think of -- like CNAME data. 
> Although
> we don't use it now, who knows about the future.

Thanks!

Regards
   Brian Carpenter
   University of Auckland

On 2008-06-09 12:59, Patrick Cain wrote:
> 
> -----Original Message-----
> From: Brian E Carpenter [mailto:[EMAIL PROTECTED] 
> Sent: Friday, May 30, 2008 12:09 AM
> To: General Area Review Team
> Cc: Tim Polk; [EMAIL PROTECTED]; Tony Hansen
> Subject: Gen-ART LC review of draft-cain-post-inch-phishingextns-04
> 
> I have been selected as the General Area Review Team (Gen-ART) reviewer
> for this draft (for background on Gen-ART, please see
> http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
> Please resolve these comments along with any other Last Call comments
> you may receive.
> Document: draft-cain-post-inch-phishingextns-04.txt
> Reviewer: Brian Carpenter
> Review Date: 2008-05-30
> IETF LC End Date: 2008-06-20
> IESG Telechat date: (if known)
> 
> Summary: Ready, one question
> 
> Comments: 
> 
> This draft seems to be in good shape. 
> 
> Had you considered including actual DNS entries with the 
> DomainData? I understand that not only may the fraudulent
> domain be transitory, but also its actual IP address may
> be transitory too. So logging the observed A, AAAA or CNAME
> entries within the DomainData could be of forensic value.
> 
> 
> 
> ---------------------
> 
> Brian, 
> 
> Thank you for your review.
>  
> To your question, we have mostly been trying to identify the name servers 
> attached to a domain name as the domain goes about its phishing business.
> So we structured the XML field using the (more or less) standard fields in 
> CRISP, since those are the things we think we want to search on.
> A reporter could add almost anything they wanted, tho, in one of the big
> text block fields. We should probably add an 'other' at the end of the 
> DomainData
> so we could capture other things we didn't think of -- like CNAME data. 
> Although
> we don't use it now, who knows about the future.
> 
> Thanks again for the review.
> Pat
> 
> 
> 
> 
> 
> 
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art

Reply via email to