Re: [Gen-art] [Last-Call] Genart last call review of draft-ietf-6man-rfc4941bis-10

Russ Housley <housley@vigilsec.com> Wed, 16 September 2020 13:08 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B66A3A1274 for <gen-art@ietfa.amsl.com>; Wed, 16 Sep 2020 06:08:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1HNHjMLO3--J for <gen-art@ietfa.amsl.com>; Wed, 16 Sep 2020 06:08:43 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EB773A1273 for <gen-art@ietf.org>; Wed, 16 Sep 2020 06:08:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id C8E89300B70 for <gen-art@ietf.org>; Wed, 16 Sep 2020 09:08:40 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id x7BIRU8aYP6f for <gen-art@ietf.org>; Wed, 16 Sep 2020 09:08:37 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 373D5300AA4; Wed, 16 Sep 2020 09:08:37 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <cf44056d-6c6e-7766-01a7-6741398969f8@si6networks.com>
Date: Wed, 16 Sep 2020 09:08:38 -0400
Cc: draft-ietf-6man-rfc4941bis.all@ietf.org, IETF Gen-ART <gen-art@ietf.org>, ipv6@ietf.org, last-call@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4288E75B-5B41-4DD1-AE17-FF58D54F0D84@vigilsec.com>
References: <159985539023.6692.3362899198639789498@ietfa.amsl.com> <a4dab342-219a-0f54-9972-623146d3a5d3@si6networks.com> <B7F58E44-B48B-43F5-917A-262A21B70C38@vigilsec.com> <cf44056d-6c6e-7766-01a7-6741398969f8@si6networks.com>
To: Fernando Gont <fgont@si6networks.com>
X-Mailer: Apple Mail (2.3445.104.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/tV8V8t5GR_eN7gJydougEIxVvko>
Subject: Re: [Gen-art] [Last-Call] Genart last call review of draft-ietf-6man-rfc4941bis-10
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2020 13:08:46 -0000


> On Sep 16, 2020, at 7:39 AM, Fernando Gont <fgont@si6networks.com> wrote:
> 
> Hi, Russ,
> 
> On 13/9/20 14:46, Russ Housley wrote:
>> Fernando:
>>> Thanks a lot for your comments! In-line....
>>> 
>>> On 11/9/20 17:16, Russ Housley via Datatracker wrote:
>>>> Reviewer: Russ Housley
>>>> Review result: Almost Ready
>>> [....]
>>>> Major Concerns:
>>>> In Section 2.2, the discussion of DNS names comes out of the blue.  In
>>>> RFC 4941, there was context for this discussion that has been dropped
>>>> from this document.  Some context is needed.
>>> 
>>> I reared the text, but I don't find it as "coming out of the blue". I guess one could add something to Section 2.1 to include DNS names... but, at the end of the day, the name is just another identifier.
>>> GRANT ALL ON wp_si6networks.* TO 'wp_si6networks'@'localhost';
>>> Or put another way, I'm not sure what's the "context" I would add if asked to.
>>> 
>>> Thoughts?
>> This point from RFC 4941 is what I was talking about.
>>    One of the requirements for correlating seemingly unrelated
>>    activities is the use (and reuse) of an identifier that is
>>    recognizable over time within different contexts.  IP addresses
>>    provide one obvious example, but there are more.  Many nodes also
>>    have DNS names associated with their addresses, in which case the DNS
>>    name serves as a similar identifier.  Although the DNS name
>>    associated with an address is more work to obtain (it may require a
>>    DNS query), the information is often readily available.  In such
>>    cases, changing the address on a machine over time would do little to
>>    address the concerns raised in this document, unless the DNS name is
>>    changed as well (see Section 4).
> 
> I see.
> 
> How about if we add back these bits, with the text resulting in:
> ---- cut here ----
>   One of the requirements for correlating seemingly unrelated
>   activities is the use (and reuse) of an identifier that is
>   recognizable over time within different contexts.  IP addresses
>   provide one obvious example, but there are more.
> 
>   Many nodes have DNS names associated with their addresses, in which
>   case the DNS name serves as a similar identifier.  Although the DNS
>   name associated with an address is more work to obtain (it may
>   require a DNS query), the information is often readily available.  In
>   such cases, changing the address on a machine over time would do
>   little to address the concerns raised in this document, unless the
>   DNS name is changed as well (see Section 4).
> 
>   Web browsers and servers typically exchange "cookies"
>   with each other [RFC6265].  Cookies allow web servers to correlate a
>   current activity with a previous activity.  One common usage is to
>   send back targeted advertising to a user by using the cookie supplied
>   by the browser to identify what earlier queries had been made (e.g.,
>   for what type of information).  Based on the earlier queries,
>   advertisements can be targeted to match the (assumed) interests of
>   the end-user.
> ---- cut here ----
> 
> ?
> 
> Would this address your concern?

Yes, thanks.

Russ