Folks To close this for now.
I see no compelling reason to change the BCP RFC 6302. Privacy is important. But equally so is the need to protect our customers, ourselves and the population against cyber criminals and they are legion. There is a compelling need for Law Enforcement Agencies and Governments to know some information about traffic as it relates to criminal and military acts (state sponsored cyber espionage etc.,). It is up to the civil authorities to define what is "acceptable reach" for the above agencies actions. It is up to us as citizens to then hold the civil authorities accountable at least in the US. This is far beyond an IETF discussion. Peace Scott Sheppard LMTS AT&T ATS IPNSG 404 499 5539 desk 732 861 3383 cell [email protected] email Two messages Authentic power is service - Pope Francis Sillyness is Essential - The Three Stooges Both are important This e-mail and any files transmitted with it are the property Of the AT&T companies, are confidential, and are intended solely For the use of the individual or entity to whom this e-mail is Addressed. If you are not the one of the named recipients or Otherwise have reason to believe that you have received this Message in error, please notify the sender at (732) 420-0965 and Delete this message immediately from your computer. Any other Use, retention, dissemination, forwarding, printing, or copying Of this e-mail is strictly prohibited. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, June 17, 2014 8:58 AM To: S Moonesamy; Alain Durand; Igor Gashinsky; Donn Lee; Scott Sheppard Cc: Linus Nordberg; [email protected] Subject: RE: [Int-area] Logging Recommendations for Internet-Facing Servers Hi SM, RFC6302 should be positioned in its context: i.e., how to meet regulatory requirements in some countries when address sharing is in use. A discussion on the background (with a concise discussion on solution flavors and some hints on time duration to store log data) is available at: http://tools.ietf.org/html/rfc6269#section-12 and http://tools.ietf.org/html/rfc6269#section-13.1. The reco in RFC6302 aims to ease handling abuse claims and avoid revealing the identity of a large number of subscribers. FYI, the penal procedure in France has been updated in August 2013 to take into account address sharing in particular, see for instance http://www.legifrance.gouv.fr/affichCodeArticle.do?idArticle=LEGIARTI000028053220&cidTexte=LEGITEXT000006071154 where "additional information" should be provided in addition to the IP address for abuse claims). Privacy-related considerations and other side effects of storing IP addresses (including IP tracking) should be discussed IMHO independently of RFC6302. For example, the concrete case led by the CNIL in France: http://www.cnil.fr/linstitution/actualite/article/article/ip-tracking-conclusions-de-lenquete-conjointe-menee-par-la-cnil-et-la-dgccrf/?tx_ttnews[backPid]=91&cHash=6c52ebf7fc988c0c7fe49410c4e69342. Cheers, Med >-----Message d'origine----- >De : Int-area [mailto:[email protected]] De la part de S Moonesamy >Envoyé : lundi 16 juin 2014 11:48 >À : Alain Durand; Igor Gashinsky; Donn Lee; Scott Sheppard >Cc : Linus Nordberg; [email protected] >Objet : [Int-area] Logging Recommendations for Internet-Facing Servers > >Hello, > >In the wake of the revelations about surveillance there has been some >concerns about RFC 6302. I would be grateful if the authors of RFC >6302 could review the comments at >http://www.ietf.org/mail-archive/web/ietf-privacy/current/msg00454.html >and provide some feedback. > >Regards, >S. Moonesamy > >_______________________________________________ >Int-area mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/int-area _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
