IETF Logo Mail Archive

Re: [Int-area] Kathleen Moriarty's Yes on draft-ietf-intarea-hostname-practice-04: (with COMMENT)

kathleen.moriarty.ietf@gmail.com Fri, 03 February 2017 12:13 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A885D129C66; Fri, 3 Feb 2017 04:13:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oXkGYe8MjZnI; Fri, 3 Feb 2017 04:13:31 -0800 (PST)
Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33952129C49; Fri, 3 Feb 2017 04:13:31 -0800 (PST)
Received: by mail-qt0-x22d.google.com with SMTP id k15so32760976qtg.3; Fri, 03 Feb 2017 04:13:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+xPzvvGNFFtGQ1GE+SBXmdTgsczemlvIud+54TrH7x0=; b=a0YxNp0xNtB5JLOB0rezmdK9e8IMjBXj8wrug1kOHNb1yUbUYwy0bOePuoieBX5+Py kXtqDwPiKiwlnyN9LmBgH/9LqwV+NqxgL3lW8gOjJq31HWfPKsAhm+/DKFe5zOT/Q4gt ma5X5fVHitWt1+FFw2rBnVVoxNzuuwYd3HJvHc3ZWv4b69n1qno3b00/0mW5sGaLSe6y ivSnT5NuBJ/F7sjyPnbv4k/UdIQUYa9btenns5yJH3nwODLYDHp3mIikhFwfzvM1Y8sX zXSI8RgpymXiZdcKfDIK3S2DqJmk8lF3x8Q6JO7jBEChlwtA5WU9j4lKUvqztjtRo4A8 R5rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+xPzvvGNFFtGQ1GE+SBXmdTgsczemlvIud+54TrH7x0=; b=COQjMGKWKgvt8iEljqfvkBShurTWVKrH5+gMmj9YOmo2ejf//7bxvpCqb5rkFUfCsA gdv5Gm18wRD98WpJvcXQMzm8LIeMVnoeREeLtH+WYh7lhXggKmlNvP2tW+6pgwoS8Bpc n+kCKVUpKv+ww01kB7qfGLKmYRgtm1qj3XuOqpeUziBl169CQBUBoR5FMqVTLgOIWSIx 7ZnejGlitXJj1/j89EUBWx/vnozW9kLC8unxuRhrR0jkctLaP6/oGD6cfAkrrClEN7OK rujhaJsT99Bjusz4+q/ctnAikqR9d22qhFcbdzAkl43Fbm5xpEXTyjcwMPdTPL3ktF+e pBiw==
X-Gm-Message-State: AIkVDXK6z6kWLuiqE83O6vuA+Cog/JWvk+Bfz+I4YKHO5KJ0mnIkjruuUZAZhnOFV2XQMg==
X-Received: by 10.55.25.153 with SMTP id 25mr13536233qkz.135.1486124010307; Fri, 03 Feb 2017 04:13:30 -0800 (PST)
Received: from [192.168.1.8] (209-6-124-204.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.124.204]) by smtp.gmail.com with ESMTPSA id k67sm21657900qkk.46.2017.02.03.04.13.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Feb 2017 04:13:29 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: kathleen.moriarty.ietf@gmail.com
X-Mailer: iPhone Mail (14C92)
In-Reply-To: <47a89721-807e-f4c2-1503-7ca77a9833ca@hs-augsburg.de>
Date: Fri, 03 Feb 2017 07:13:29 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <2F303B67-C0A2-4E77-B171-613D42080E9D@gmail.com>
References: <148597995644.19147.5662596058741679761.idtracker@ietfa.amsl.com> <98a7c881-0e44-59ae-f820-41f0a57d5d0f@huitema.net> <CAHbuEH4oq7iq1xWnYPAhvzxGYUS4fPNVvJP1QO2pij95i+N4cw@mail.gmail.com> <e2fa2d68-e1f5-8f29-74a8-ff0ea9e6e298@huitema.net> <E0712FCA-6E3C-4F09-B33B-AE443E4C5052@gmail.com> <47a89721-807e-f4c2-1503-7ca77a9833ca@hs-augsburg.de>
To: Rolf Winter <rolf.winter@hs-augsburg.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/b7ARYyf367xiZmRlCrAofDbZEyo>
Cc: draft-ietf-intarea-hostname-practice@ietf.org, int-area@ietf.org, The IESG <iesg@ietf.org>, intarea-chairs@ietf.org
Subject: Re: [Int-area] Kathleen Moriarty's Yes on draft-ietf-intarea-hostname-practice-04: (with COMMENT)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2017 12:13:34 -0000


Please excuse typos, sent from handheld device 

> On Feb 3, 2017, at 3:08 AM, Rolf Winter <rolf.winter@hs-augsburg.de> wrote:
> 
> Hi,
> 
> Randomized hostnames might have implications in places we do not even think about for now, so why not take this as a mere example. Also, it seems that the randomization might not be the problem but the time between changes of a name, if tracking is the only use case. How about:
> 
> There are obvious privacy gains to changing to randomized hostnames and also to change these names frequently. Wide deployment might however affect security functions or current practices. For example, incident response using hostnames to track the source of traffic might be affected.  It is common practice to include hostnames and reverse lookup information at various times during an investigation.

That works for me.  

Thank you,
Kathleen 
> 
> Best,
> 
> Rolf
> 
> 
>> Am 2/3/17 um 3:55 AM schrieb kathleen.moriarty.ietf@gmail.com:
>> 
>> 
>> Please excuse typos, sent from handheld device
>> 
>>> On Feb 2, 2017, at 6:47 PM, Christian Huitema <huitema@huitema.net> wrote:
>>> 
>>> 
>>> 
>>>>> On 2/2/2017 8:45 AM, Kathleen Moriarty wrote:
>>>>> On Thu, Feb 2, 2017 at 12:08 PM, Christian Huitema <huitema@huitema.net> wrote:
>>>>> ...
>>>>> OK. This is the classic tension between privacy and management, and we
>>>>> can certainly add a statement in the privacy section. Kathleen, do you
>>>>> prefer something specific to incident response, or should we write
>>>>> something more generic?
>>>> Thanks, Christian.  Something more generic and maybe in the security
>>>> section as it's used in a security function to track attackers.
>>> How about saying something like "In managed environments, the hostname
>>> is often used as part of incident response
>>> or other security related functions. Mitigations for the hostname
>>> related privacy
>>> issues will need to consider the effect on these functions" ?
>> 
>> Hmm, I'll have to think about it more as the host names they are typically sharing is that of the attacker.  The above reads as if it's the hostname of the managed environment that should be considered.
>> 
>> Feel free to tweak to use the language you have in the draft, how about:
>> Although there are privacy gains to changing randomized hostnames, wide deployment will affect security functions like incident response who use hostnames to track the source of traffic.  It is common practice to include hostnames and reverse lookup information at various times during an investigation.
>> 
>> It's more specific than what you were looking to include, but accurate in terms of a consideration with this change.
>> 
>> Thank you,
>> Kathleen
>>> 
>>> -- Christian Huitema
>>>

v2.23.0 | Report a Bug | By Email