I'd like to see a bit of text about privacy considerations added to this. For some servers, the advice in draft is fine but for many servers, I think logging this sort of information is an awful idea. It makes the owner of the server a subpoena target, possibly violates laws in some countries around personal identifying information, and will have no benefit for the operator of the server business or ability to debug, improve, or provide service.
The draft should also point out that the source port, ip, and time does not uniquely identify a host behind the nat. Some NATs are designed so that two devices inside the NAT, call them A and B, are talking to different external servers, call them C and D. The NAT may use the same external IP and port on the NAT for the flow from A to C as it uses from the flow from B to D. The nat can different them looking at the 5 tuple. So if an email server sees a packet form a given IP port at the same time that a bittorent server sees packet from same IP and port, there is no guarantees that they came from the same host. This recommendation fails to say anything about what protocol one might use to log this information - given the rates of information from CGN the existing IETF logging protocols may not be appropriate. It seem to me that an BCP about what web, email, sip, and xmpp servers should do should probably be run by theses areas. On Feb 25, 2011, at 8:04 AM, The IESG wrote: > > The IESG has received a request from the Internet Area Working Group WG > (intarea) to consider the following document: > - 'Logging recommendations for Internet facing servers' > <draft-ietf-intarea-server-logging-recommendations-02.txt> as a BCP > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > [email protected] mailing lists by 2011-03-11. Exceptionally, comments may be > sent to [email protected] instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-ietf-intarea-server-logging-recommendations/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-ietf-intarea-server-logging-recommendations/ > > > > No IPR declarations have been submitted directly on this I-D. > _______________________________________________ > IETF-Announce mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-announce _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
