Russ, thanks for your review. Fernando, thanks for making the updates. I entered a Yes ballot.
Alissa > On Sep 16, 2020, at 9:08 AM, Russ Housley <hous...@vigilsec.com> wrote: > > > >> On Sep 16, 2020, at 7:39 AM, Fernando Gont <fg...@si6networks.com> wrote: >> >> Hi, Russ, >> >> On 13/9/20 14:46, Russ Housley wrote: >>> Fernando: >>>> Thanks a lot for your comments! In-line.... >>>> >>>> On 11/9/20 17:16, Russ Housley via Datatracker wrote: >>>>> Reviewer: Russ Housley >>>>> Review result: Almost Ready >>>> [....] >>>>> Major Concerns: >>>>> In Section 2.2, the discussion of DNS names comes out of the blue. In >>>>> RFC 4941, there was context for this discussion that has been dropped >>>>> from this document. Some context is needed. >>>> >>>> I reared the text, but I don't find it as "coming out of the blue". I >>>> guess one could add something to Section 2.1 to include DNS names... but, >>>> at the end of the day, the name is just another identifier. >>>> GRANT ALL ON wp_si6networks.* TO 'wp_si6networks'@'localhost'; >>>> Or put another way, I'm not sure what's the "context" I would add if asked >>>> to. >>>> >>>> Thoughts? >>> This point from RFC 4941 is what I was talking about. >>> One of the requirements for correlating seemingly unrelated >>> activities is the use (and reuse) of an identifier that is >>> recognizable over time within different contexts. IP addresses >>> provide one obvious example, but there are more. Many nodes also >>> have DNS names associated with their addresses, in which case the DNS >>> name serves as a similar identifier. Although the DNS name >>> associated with an address is more work to obtain (it may require a >>> DNS query), the information is often readily available. In such >>> cases, changing the address on a machine over time would do little to >>> address the concerns raised in this document, unless the DNS name is >>> changed as well (see Section 4). >> >> I see. >> >> How about if we add back these bits, with the text resulting in: >> ---- cut here ---- >> One of the requirements for correlating seemingly unrelated >> activities is the use (and reuse) of an identifier that is >> recognizable over time within different contexts. IP addresses >> provide one obvious example, but there are more. >> >> Many nodes have DNS names associated with their addresses, in which >> case the DNS name serves as a similar identifier. Although the DNS >> name associated with an address is more work to obtain (it may >> require a DNS query), the information is often readily available. In >> such cases, changing the address on a machine over time would do >> little to address the concerns raised in this document, unless the >> DNS name is changed as well (see Section 4). >> >> Web browsers and servers typically exchange "cookies" >> with each other [RFC6265]. Cookies allow web servers to correlate a >> current activity with a previous activity. One common usage is to >> send back targeted advertising to a user by using the cookie supplied >> by the browser to identify what earlier queries had been made (e.g., >> for what type of information). Based on the earlier queries, >> advertisements can be targeted to match the (assumed) interests of >> the end-user. >> ---- cut here ---- >> >> ? >> >> Would this address your concern? > > Yes, thanks. > > Russ > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org <mailto:Gen-art@ietf.org> > https://www.ietf.org/mailman/listinfo/gen-art > <https://www.ietf.org/mailman/listinfo/gen-art>
_______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
