ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Logging the source port?

2009-11-23 18:40:32
from [Phillip Hallam-Baker] [Permanent Link] 
If people are required to track the source port, it is hardly
unrealistic to expect them to abandon a file format that does not meet
their legal obligations. The technology required to address this issue
has only been around for 13 years.

If I was a part of a police investigation and a site operator had not
logged information that I thought they were obliged to log, I would be
putting them up on a charge irregardless of whether they considered it
the job of the NAT operator to do the work.

It is never safer to say that it is someone else's responsibility to
ensure that you meet your legal obligations.


Some parts of the Internet change very slowly, but others change
quickly. The parts that change quickly are those where the person who
has an interest in the change has the ability to make it.

On Mon, Nov 16, 2009 at 4:47 AM, Arnt Gulbrandsen
<arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> wrote:

Stephane Bortzmeyer writes:


On Fri, Nov 13, 2009 at 10:49:36AM +0100,
 Arnt Gulbrandsen <arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> wrote a 
message of 11  lines
which said:


 Therefore, I think it's safer to say that it's the NAT operator's
 responsibility to log enough. Umpteen million web sites will  continue to
use apache's common log format, so the NAT operator has  to log what's
needed to work with that format anyway.


How could it be possible? The only way I see for the NAT operator to
be able to say that the customer X went to www.priv.no at 2241 UTC is
to log not only the source-address/source-port mapping but also the
*destinations*, which create obvious privacy issues (and would make the
log *much* larger).


Yes. But do you see a way to avoid that, except by unrealistic declarations
such as "all apache installations that use the common log format must be
changed"? It's not just apache either, all other (web and other) servers
that don't log source port.

(Btw, there is no www.priv.no, and these days I don't think you can get
anything else under .priv.no either. The dozen-odd people who have .priv.no
domains are allowed to keep them, that's all.)

Arnt
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf





-- 
-- 
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Gen-ART LC review of draft-dusseault-http-patch-15.txt, Phillip Hallam-Baker
Next by Date:  Re: Gen-ART LC review of draft-dusseault-http-patch-15.txt, Phillip Hallam-Baker
Previous by Thread:  Re: Logging the source port?, Arnt Gulbrandsen
Next by Thread:  Re: Logging the source port?, Arnt Gulbrandsen
Indexes:  [Date] [Thread] [Top] [All Lists]