Re: [Last-Call] Secdir telechat review of draft-ietf-6man-rfc6874bis-09

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21-Aug-23 23:04, Leif Johansson via Datatracker wrote:
Reviewer: Leif Johansson
Review result: Has Nits


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready (with one question below)

The only question I have is on this paragraph in the Security
Considerations section:

"In the case that a zone identifier contains the hexadecimal MAC
address of a network interface, it will be revealed to the HTTP
recipient and to any observer on the link.  Since the MAC address
will also be visible in the underlying layer 2 frame, this is not a
new exposure.  Nevertheless, this method of naming interfaces might
be considered to be a privacy issue."

Modern operating systems have the ability to randomize MAC addresses
for privacy reasons. The Security considerations section doesn't mention
this practice and I'm wondering if it should and in particular if the
section above is impacted by this practice.

Well, I feel that the current Linux practice of naming the interface
with a name that embeds its MAC address is a terrible idea (hence
"might be considered to be a privacy issue"). I don't know how that
will interact with randomized MAC addresses, because an interface name
that changes from time to time is a big nuisance. But I'm not sure what
to say about it here.


Other than that I find the document well written and a good attempt to
describe the various challenges in this space. Well done!

Thanks!

   Brian

--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux