On 2/1/2017 10:12 AM, Kathleen Moriarty wrote: > ... > > You may want to add a security consideration for incident responders. > When researching an incident, it is common practice to grab the current > name of a IP and associated DNS information. This information gets > passed to other incident response teams or those involved in > tracking/researching attack related information. The attackers are > already changing DNS entries, this will make it easier for them and > harder for incident handlers to track and manage incidents OK. This is the classic tension between privacy and management, and we can certainly add a statement in the privacy section. Kathleen, do you prefer something specific to incident response, or should we write something more generic?
-- Christian Huitema _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
