Roman Danyliw has entered the following ballot position for draft-ietf-intarea-rfc7042bis-10: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-intarea-rfc7042bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Kyle Rose for the SECDIR review. Section 6. Since specific security concerns around MAC addresses were cite, I would recommend being more comprehensive. OLD See [RFC7043] for security considerations on storing MAC addresses in the DNS. NEW (rough text) MAC addresses can be used as an identifier for tracking users and devices. See [draft-ietf-madinas-mac-address-randomization] for related privacy considerations and a discussion of MAC address randomization to partially mitigate this threat. Additionally, see [RFC7043] for the security and privacy considerations of publishing MAC addresses in DNS. MAC addresses are an identifier provided by a device to the network. On certain devices, MAC addresses are not static, and can be configured. The network should exercise caution when using these addresses to enforce policy (e.g., addresses can be spoofed, and previously seen devices can return to the network with a new address). _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
