Please excuse typos, sent from handheld device
> On Feb 2, 2017, at 6:47 PM, Christian Huitema <[email protected]> wrote: > > > >> On 2/2/2017 8:45 AM, Kathleen Moriarty wrote: >>> On Thu, Feb 2, 2017 at 12:08 PM, Christian Huitema <[email protected]> >>> wrote: >>> ... >>> OK. This is the classic tension between privacy and management, and we >>> can certainly add a statement in the privacy section. Kathleen, do you >>> prefer something specific to incident response, or should we write >>> something more generic? >> Thanks, Christian. Something more generic and maybe in the security >> section as it's used in a security function to track attackers. > How about saying something like "In managed environments, the hostname > is often used as part of incident response > or other security related functions. Mitigations for the hostname > related privacy > issues will need to consider the effect on these functions" ? Hmm, I'll have to think about it more as the host names they are typically sharing is that of the attacker. The above reads as if it's the hostname of the managed environment that should be considered. Feel free to tweak to use the language you have in the draft, how about: Although there are privacy gains to changing randomized hostnames, wide deployment will affect security functions like incident response who use hostnames to track the source of traffic. It is common practice to include hostnames and reverse lookup information at various times during an investigation. It's more specific than what you were looking to include, but accurate in terms of a consideration with this change. Thank you, Kathleen > > -- Christian Huitema > _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
