Dear Amelia,
Some comments about the main recommendations in draft-andersdotter:
SHOULD only store entire incoming IP addresses for as long as is
necessary to provide the specific service requested by the user.
Med: This is implementation and deployment-specific. Not sure we can mandate a
server how to service users.
SHOULD keep only the first two octets (of an IPv4 address) or the
first three octets (of an IPv6 address) with remaining octets set
to zero, when logging.
Med: A server can decide to follow this reco, but it will be difficult for the
owner of the server to claim an abuse and help identifying responsibilities.
Please note that RFC6302 ** does not recommend to log IP addresses** :.
"It is RECOMMENDED as best current practice that Internet-facing
servers logging incoming IP addresses from inbound IP traffic also
log "
which means ** IF ** a server logs source IP address, then it has to log also
the source port.
SHOULD NOT store logs of incoming IP addresses from inbound
traffic for longer than three days.
Med: It is out of the scope of the IETF to define the duration of logs. This is
country-specific.
SHOULD NOT log unnecessary identifiers, such as source port
number, time stamps, transport protocol numbers or destination
port numbers.
Med: Not sure to understand this one. "unnecessary identifiers" is not clear. I
prefer the current language in 6302 which identifies the minimum set of
information.
SHOULD ensure adequate log access control, with suitable
mechanisms for keeping track of which entity accesses logged
identifiers, for what reason and at what time.
Med: I hear you, but this is out of scope of the IETF. Access rights to
retention data is well known and is not altered by the IETF specification.
Cheers,
Med
> -----Message d'origine-----
> De : Int-area [mailto:[email protected]] De la part de Amelia
> Andersdotter
> Envoyé : lundi 23 avril 2018 10:11
> À : [email protected]
> Cc : Stephen Farrell
> Objet : Re: [Int-area] WG adoption call: Availability of Information in
> Criminal Investigations Involving Large-Scale IP Address Sharing Technologies
>
> I've tabled a similar draft but with a different scope. Happy to discuss
> with members on the list:
>
> https://datatracker.ietf.org/doc/draft-andersdotter-intarea-update-to-
> rfc6302/
>
> --
>
> Amelia Andersdotter
> Technical Consultant, Digital Programme
>
> ARTICLE19
> www.article19.org
>
> PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55
>
> _______________________________________________
> Int-area mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/int-area
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
