It has been the documented practice of the ietf meeting network operations to
limit the amount of pii data collected in operation or experimentation and to
destroy logs containing pii data if they exist (example data collected by the
IDS or formerly http proxy back when we ran one) after the meeting.
One can refer to the RFID experiment and discussion for another example of pii
data handling in ietf experiments.
Joel's iPad
On Jul 1, 2010, at 8:44 AM, Andrew Sullivan <ajs(_at_)shinkuro(_dot_)com> wrote:
On Thu, Jul 01, 2010 at 08:26:35AM -0700, Fred Baker wrote:
While it is new in IETF meetings, it is far from unusual in WiFi
networks to find some form of authentication. This happens at coffee
shops, college campuses, corporate campuses, and people's
apartments.
I'd hate to think that the IETF is modelling its networks on dodgy
semi-opaque NAT boxes with bad DNS habits and poor performance.
That aside, I have some questions. What are the plans for logging of
the authentication requests, failures, and successes, and who could
legally have access to those logs? In particular, are the governments
of the countries where the (respective) events are to be held able to
require that the logs be turned over? How long will the logs be kept,
and by whom? (Obviously, these are not new issues, but given the
increased ability under this approach to associate a particular human
with one or more MAC addresses, it would seem that the status of such
logging might be more important.)
A
--
Andrew Sullivan
ajs(_at_)shinkuro(_dot_)com
Shinkuro, Inc.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf