ietf
[Top] [All Lists]

Re: Last Call: <draft-jabley-dnsext-eui48-eui64-rrtypes-03.txt> (Resource Records for EUI-48 and EUI-64 Addresses in the DNS) to Proposed Standard

2013-05-21 08:36:53
On 05/20/2013 04:08 PM, Brian E Carpenter wrote:
    Publication of EUI-48 or EUI-64 addresses in the global DNS may
    result in privacy issues in the form of unique trackable identities.
This might also result in such MAC addresses being spoofed, thereby allowing
some sort of direct attack. So it isn't just a privacy concern.

...
    These potential concerns can be mitigated through restricting access
    to zones containing EUI48 or EUI64 RRs or storing such information
    under a domain name whose construction requires that the querier
    already know some other permanent identifier.
This "can be" seems too weak. Shouldn't we have a MUST here? Also, I doubt
that the second option (a shared secret) is sufficient.
And yet, multifaced DNS is also a bad idea, and probably not the sort of thing that IETF should encourage with a MUST.

Publishing EUI-XX addresses in the DNS is a bad idea.

I get the impression that we're bending over backwards to try to create new security risks with this document, and people are trying to justify it by citing freedom to innovate. IMO, that's not the kind of "innovation" that IETF should be endorsing.

Keith

<Prev in Thread] Current Thread [Next in Thread>