IETF Logo Mail Archive

Re: [Int-area] Kathleen Moriarty's Yes on draft-ietf-intarea-hostname-practice-04: (with COMMENT)

kathleen.moriarty.ietf@gmail.com Fri, 03 February 2017 02:55 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0C44129AF8; Thu, 2 Feb 2017 18:55:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0hlv06dklYyG; Thu, 2 Feb 2017 18:55:29 -0800 (PST)
Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48E28129890; Thu, 2 Feb 2017 18:55:29 -0800 (PST)
Received: by mail-it0-x235.google.com with SMTP id c7so3564327itd.1; Thu, 02 Feb 2017 18:55:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ykdGQrUlMoPhKLXI+PoFBisKN2+YNJN4B7XpeDTileQ=; b=dSrM09SLKXFUZa698YT/+tlYigHJ9FW4B3dSg4i9CajtzHpSt/t639obDylHPVexXm rJ5H/XyGC1E4lzUfdKL68tPuzYTk0Im9lfZlYU06/Hv+cEk12IL0I6rcvYdNGESHLfQJ c6z0sD9OeG5rKRWjrAp9mMoVNQVL5QSpifO8ENmf+4MVpA5xJ5JnYcMfz86BJXv5VnNy h+buXRn2OFqo+02N9YtnE91U7ONdDkxnpSxepuuKC4PIzH7MsAMVryZ3DbNct4mNlpNp XSM1sephKM0GtOg/US3BoeZGw/bsQuYOX1NnM/lGtuhHS0Y7tDaYONxtE516+ZQTQ+aE mkQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ykdGQrUlMoPhKLXI+PoFBisKN2+YNJN4B7XpeDTileQ=; b=nyA3aCQeheLtoOQSiRWnb/e/1bwpys/aKaP9f/ow5ai6YGZSDE6jVbKAGaulUANkKe 0N8JpgYAQQLTrwJczQXa25v5UXL+mL3SSllPyfxTvSQoLn3JcqUAXTee1HITC/CczjlC eOMmVBQ6DtGl/RfhnNuEzDE9nItpQfLiNvfulmHWi21osTu8psBEHQNrKhU2kUgKJvSA NT5Bf8NpHpDX6EGlHWIIxJvEIJPwtuNT8WYmR1MaVuLEstjSg8lUksWEULTPIpB1RXCx nOFMFH9eTpYJYwCe3uyB30sXu7SUwbjC5Vzqcj29OitqLO1xuk+VA0tJYRhIspA8AxCY AETw==
X-Gm-Message-State: AIkVDXIIC/DOHW1dt7pAamb8NYEIUhFUcR4ZJ/Jf6xWaKPLAqF27ouoQn+16JrVK8ISECQ==
X-Received: by 10.36.37.145 with SMTP id g139mr616746itg.24.1486090528520; Thu, 02 Feb 2017 18:55:28 -0800 (PST)
Received: from [10.46.37.41] ([166.177.57.174]) by smtp.gmail.com with ESMTPSA id r203sm295766itc.5.2017.02.02.18.55.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Feb 2017 18:55:27 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: kathleen.moriarty.ietf@gmail.com
X-Mailer: iPhone Mail (14C92)
In-Reply-To: <e2fa2d68-e1f5-8f29-74a8-ff0ea9e6e298@huitema.net>
Date: Thu, 02 Feb 2017 21:55:26 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <E0712FCA-6E3C-4F09-B33B-AE443E4C5052@gmail.com>
References: <148597995644.19147.5662596058741679761.idtracker@ietfa.amsl.com> <98a7c881-0e44-59ae-f820-41f0a57d5d0f@huitema.net> <CAHbuEH4oq7iq1xWnYPAhvzxGYUS4fPNVvJP1QO2pij95i+N4cw@mail.gmail.com> <e2fa2d68-e1f5-8f29-74a8-ff0ea9e6e298@huitema.net>
To: Christian Huitema <huitema@huitema.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/ALQlNKRwt2nZ-PiMRKVdnGP-1_s>
Cc: draft-ietf-intarea-hostname-practice@ietf.org, int-area@ietf.org, The IESG <iesg@ietf.org>, intarea-chairs@ietf.org
Subject: Re: [Int-area] Kathleen Moriarty's Yes on draft-ietf-intarea-hostname-practice-04: (with COMMENT)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2017 02:55:30 -0000


Please excuse typos, sent from handheld device 

> On Feb 2, 2017, at 6:47 PM, Christian Huitema <huitema@huitema.net> wrote:
> 
> 
> 
>> On 2/2/2017 8:45 AM, Kathleen Moriarty wrote:
>>> On Thu, Feb 2, 2017 at 12:08 PM, Christian Huitema <huitema@huitema.net> wrote:
>>> ...
>>> OK. This is the classic tension between privacy and management, and we
>>> can certainly add a statement in the privacy section. Kathleen, do you
>>> prefer something specific to incident response, or should we write
>>> something more generic?
>> Thanks, Christian.  Something more generic and maybe in the security
>> section as it's used in a security function to track attackers.
> How about saying something like "In managed environments, the hostname
> is often used as part of incident response
> or other security related functions. Mitigations for the hostname
> related privacy
> issues will need to consider the effect on these functions" ?

Hmm, I'll have to think about it more as the host names they are typically sharing is that of the attacker.  The above reads as if it's the hostname of the managed environment that should be considered.

Feel free to tweak to use the language you have in the draft, how about:
Although there are privacy gains to changing randomized hostnames, wide deployment will affect security functions like incident response who use hostnames to track the source of traffic.  It is common practice to include hostnames and reverse lookup information at various times during an investigation.

It's more specific than what you were looking to include, but accurate in terms of a consideration with this change.

Thank you,
Kathleen 
> 
> -- Christian Huitema
>

v2.23.0 | Report a Bug | By Email