Please excuse typos, sent from handheld device
> On Feb 3, 2017, at 3:08 AM, Rolf Winter <[email protected]> wrote: > > Hi, > > Randomized hostnames might have implications in places we do not even think > about for now, so why not take this as a mere example. Also, it seems that > the randomization might not be the problem but the time between changes of a > name, if tracking is the only use case. How about: > > There are obvious privacy gains to changing to randomized hostnames and also > to change these names frequently. Wide deployment might however affect > security functions or current practices. For example, incident response using > hostnames to track the source of traffic might be affected. It is common > practice to include hostnames and reverse lookup information at various times > during an investigation. That works for me. Thank you, Kathleen > > Best, > > Rolf > > >> Am 2/3/17 um 3:55 AM schrieb [email protected]: >> >> >> Please excuse typos, sent from handheld device >> >>> On Feb 2, 2017, at 6:47 PM, Christian Huitema <[email protected]> wrote: >>> >>> >>> >>>>> On 2/2/2017 8:45 AM, Kathleen Moriarty wrote: >>>>> On Thu, Feb 2, 2017 at 12:08 PM, Christian Huitema <[email protected]> >>>>> wrote: >>>>> ... >>>>> OK. This is the classic tension between privacy and management, and we >>>>> can certainly add a statement in the privacy section. Kathleen, do you >>>>> prefer something specific to incident response, or should we write >>>>> something more generic? >>>> Thanks, Christian. Something more generic and maybe in the security >>>> section as it's used in a security function to track attackers. >>> How about saying something like "In managed environments, the hostname >>> is often used as part of incident response >>> or other security related functions. Mitigations for the hostname >>> related privacy >>> issues will need to consider the effect on these functions" ? >> >> Hmm, I'll have to think about it more as the host names they are typically >> sharing is that of the attacker. The above reads as if it's the hostname of >> the managed environment that should be considered. >> >> Feel free to tweak to use the language you have in the draft, how about: >> Although there are privacy gains to changing randomized hostnames, wide >> deployment will affect security functions like incident response who use >> hostnames to track the source of traffic. It is common practice to include >> hostnames and reverse lookup information at various times during an >> investigation. >> >> It's more specific than what you were looking to include, but accurate in >> terms of a consideration with this change. >> >> Thank you, >> Kathleen >>> >>> -- Christian Huitema >>> _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
