Re-, Please see inline.
Cheers, Med >-----Message d'origine----- >De : Ted Lemon [mailto:[email protected]] >Envoyé : vendredi 6 juin 2014 12:48 >À : BOUCADAIR Mohamed IMT/OLN >Cc : Brian E Carpenter; [email protected]; [email protected]; Stephen >Farrell >Objet : Re: [Int-area] [ietf-privacy] NAT Reveal / Host Identifiers > >On Jun 6, 2014, at 4:11 AM, [email protected] wrote: >> Adding a discussion on potential misuses can be considered to address the >comment from Stephen if those are not redundant with the text already in >http://tools.ietf.org/html/rfc6967#section-3. > >The document hasn't been adopted yet, so we can avoid security issues >simply by not adopting it. [Med] I'm not sure about this Ted. There are other initiatives that try to solve the issue for particular use cases, see for instance this effort for HTTP: http://tools.ietf.org/html/draft-ietf-appsawg-http-forwarded-10. The rationale of the "host identifier scenarios" document is to group all use cases suffering from the same problem instead of focusing on one single case. This allows having a big picture view of the problem space. Talking about what the security considerations >section might do to ameliorate the harm isn't in scope yet. First we need >to decide whether there is more harm than good done by adopting and >publishing the document! [Med] Fair enough. _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
