Hi Dan,
I missed your mail. Sorry.
Yes, I understand what the document is trying to say. The insight that the
presence of NAT also requires you to log the port number is certainly not a new
insight.
My worry with the document is that if you have to give someone who deploys
services such trivial information (as it is done with the draft) then it is
quite likely that they also need to be told something about privacy. As the
discussion around Web tracking shows there is little understanding of meet the
privacy expectations of regulators.
Cullen had also raised privacy concerns in his review, see
http://www6.ietf.org/mail-archive/web/ietf/current/msg65610.html, but his
remarks had not been taken into consideration.
Ciao
Hannes
On Jul 27, 2011, at 9:22 PM, Dan Wing wrote:
-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, July 27, 2011 1:52 PM
To: ietf(_at_)ietf(_dot_)org IETF
Subject: RFC 6302: "Internet-Facing Server Logging": No Word about
Privacy?
Hi all,
I just noticed this document about "Internet-Facing Server Logging":
http://tools.ietf.org/html/rfc6302
It does not contain any privacy considerations even thought it would be
a very natural thing to do.
Does anyone know the history of this document?
It's trying to say that today, servers routinely log:
* timestamp
* source IPv4 address
* resource accessed
and that servers, compliant with RFC6302, need to additionally log:
* source port
-d
Ciao
Hannes
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf