On Thu, Feb 2, 2017 at 12:08 PM, Christian Huitema <[email protected]> wrote: > > > On 2/1/2017 10:12 AM, Kathleen Moriarty wrote: >> ... >> >> You may want to add a security consideration for incident responders. >> When researching an incident, it is common practice to grab the current >> name of a IP and associated DNS information. This information gets >> passed to other incident response teams or those involved in >> tracking/researching attack related information. The attackers are >> already changing DNS entries, this will make it easier for them and >> harder for incident handlers to track and manage incidents > OK. This is the classic tension between privacy and management, and we > can certainly add a statement in the privacy section. Kathleen, do you > prefer something specific to incident response, or should we write > something more generic?
Thanks, Christian. Something more generic and maybe in the security section as it's used in a security function to track attackers. Kathleen > > -- Christian Huitema -- Best regards, Kathleen _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
