ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RFC 6302: "Internet-Facing Server Logging": No Word about Privacy?

2011-10-11 09:43:38
from [Hannes Tschofenig] [Permanent Link] 
I believe there is room to do better: A quick look at the Fair Information 
Practices (FIPs) would provide a good starting point: 

   Notice and Consent:  Before the collection of data, the data subject
      should be provided: notice of what information is being collected
      and for what purpose and an opportunity to choose whether to
      accept the data collection and use. 


   Collection Limitation:  Data should be collected for specified,
      explicit and legitimate purposes.  The data collected should be
      adequate, relevant and not excessive in relation to the purposes
      for which they are collected.


   Use/Disclosure Limitation:  Data should be used only for the purpose
      for which it was collected and should not be used or disclosed in
      any way incompatible with those purposes.


   Retention Limitation:  Data should be kept in a form that permits
      identification of the data subject no longer than is necessary for
      the purposes for which the data were collected.


   Accuracy:  The party collecting and storing data is obligated to
      ensure its accuracy and, where necessary, keep it up to date;
      every reasonable step must be taken to ensure that data which are
      inaccurate or incomplete are corrected or deleted.


   Access:  A data subject should have access to data about himself, in
      order to verify its accuracy and to determine how it is being
      used.


   Security:  Those holding data about others must take steps to protect
      its confidentiality.


On Oct 11, 2011, at 5:17 PM, Stephane Bortzmeyer wrote:


On Tue, Oct 11, 2011 at 04:42:17PM +0300,
Hannes Tschofenig <hannes(_dot_)tschofenig(_at_)gmx(_dot_)net> wrote 
a message of 58 lines which said:


it is quite likely that they also need to be told something about
privacy.


For me, the most important mention of privacy is:

  It is RECOMMENDED as best current practice that Internet-facing
  servers logging incoming IP addresses from inbound IP traffic also
  log:

Do note "Internet-facing servers ***logging incoming IP
addresses***". It means that noone recommends to log IP addresses, the
RFC just says that, ***if you do log***, logging the IP address
without the port number is not very sensible.




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RFC 6302: "Internet-Facing Server Logging": No Word about Privacy?, Martin Rex
Next by Date:  Re: [apps-discuss] Last Call: <draft-ietf-appsawg-rfc3462bis-01.txt> (The Multipart/Report Media Type for the Reporting of Mail System Administrative Messages) to Draft Standard, Mykyta Yevstifeyev
Previous by Thread:  Re: RFC 6302: "Internet-Facing Server Logging": No Word about Privacy?, Stephane Bortzmeyer
Next by Thread:  Re: RFC 6302: "Internet-Facing Server Logging": No Word about Privacy?, Martin Rex
Indexes:  [Date] [Thread] [Top] [All Lists]