I'd like to see a bit of text about privacy considerations added to this. For
some servers, the advice in draft is fine but for many servers, I think logging
this sort of information is an awful idea. It makes the owner of the server a
subpoena target, possibly violates laws in some countries around personal
identifying information, and will have no benefit for the operator of the
server business or ability to debug, improve, or provide service.
The draft should also point out that the source port, ip, and time does not
uniquely identify a host behind the nat. Some NATs are designed so that two
devices inside the NAT, call them A and B, are talking to different external
servers, call them C and D. The NAT may use the same external IP and port on
the NAT for the flow from A to C as it uses from the flow from B to D. The nat
can different them looking at the 5 tuple. So if an email server sees a packet
form a given IP port at the same time that a bittorent server sees packet from
same IP and port, there is no guarantees that they came from the same host.
This recommendation fails to say anything about what protocol one might use to
log this information - given the rates of information from CGN the existing
IETF logging protocols may not be appropriate.
It seem to me that an BCP about what web, email, sip, and xmpp servers should
do should probably be run by theses areas.
On Feb 25, 2011, at 8:04 AM, The IESG wrote:
The IESG has received a request from the Internet Area Working Group WG
(intarea) to consider the following document:
- 'Logging recommendations for Internet facing servers'
<draft-ietf-intarea-server-logging-recommendations-02.txt> as a BCP
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2011-03-11. Exceptionally, comments
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-intarea-server-logging-recommendations/
IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-intarea-server-logging-recommendations/
No IPR declarations have been submitted directly on this I-D.
_______________________________________________
IETF-Announce mailing list
IETF-Announce(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-announce
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf