Hi,
Randomized hostnames might have implications in places we do not even
think about for now, so why not take this as a mere example. Also, it
seems that the randomization might not be the problem but the time
between changes of a name, if tracking is the only use case. How about:
There are obvious privacy gains to changing to randomized hostnames and
also to change these names frequently. Wide deployment might however
affect security functions or current practices. For example, incident
response using hostnames to track the source of traffic might be
affected. It is common practice to include hostnames and reverse lookup
information at various times during an investigation.
Best,
Rolf
Am 2/3/17 um 3:55 AM schrieb [email protected]:
Please excuse typos, sent from handheld device
On Feb 2, 2017, at 6:47 PM, Christian Huitema <[email protected]> wrote:
On 2/2/2017 8:45 AM, Kathleen Moriarty wrote:
On Thu, Feb 2, 2017 at 12:08 PM, Christian Huitema <[email protected]> wrote:
...
OK. This is the classic tension between privacy and management, and we
can certainly add a statement in the privacy section. Kathleen, do you
prefer something specific to incident response, or should we write
something more generic?
Thanks, Christian. Something more generic and maybe in the security
section as it's used in a security function to track attackers.
How about saying something like "In managed environments, the hostname
is often used as part of incident response
or other security related functions. Mitigations for the hostname
related privacy
issues will need to consider the effect on these functions" ?
Hmm, I'll have to think about it more as the host names they are typically
sharing is that of the attacker. The above reads as if it's the hostname of
the managed environment that should be considered.
Feel free to tweak to use the language you have in the draft, how about:
Although there are privacy gains to changing randomized hostnames, wide
deployment will affect security functions like incident response who use
hostnames to track the source of traffic. It is common practice to include
hostnames and reverse lookup information at various times during an
investigation.
It's more specific than what you were looking to include, but accurate in terms
of a consideration with this change.
Thank you,
Kathleen
-- Christian Huitema
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
