On 4/23/2018 6:14 AM, Dave O'Reilly wrote: > Briefly, I summarise the position laid out in the document as follows: > > Problem: there is an information gap between records maintained by CGNAT > operators and internet-facing server operators. How to close that gap? > Options: (a) CGNAT operators keep connection logs, (b) internet-facing server > operators keep source port records. > Privacy considerations: > connection logs are bad (greater impact of data breach, significant > implications for ISPs, etc. etc.) > source port logging has minimal additional privacy impact over and > above recording of IP address in logs, which is already routine > Conclusion: of the available options to close the information gap, source > port logging is the most privacy sensitive way to achieve this > > I’d be interested in hearing why you think this argument is not adequate?
Dave, I think that your argumentation is missing a big conditional. Detailed logging may be needed when there is a good reason to conduct inquiries about past abuses. It does not follow that detailed logging is needed all the time, by all servers. Take the example of a site like Wikipedia. There may be a need for detailed logs of who was editing a controversial page, in order for example to defend against vandalism. But it does not follow that there is a need for detailed logging of who accesses what page. That kind of log would invite all kinds of abuses, such as tracking the location of people or their reading habits. Logs are dangerous, because they become a target for nuisance lawsuits, hackers, advertisers, data brokers and many more. The simplest way to avoid the issue is to only log the information that is strictly needed. That may include great details in the case of financial transactions, which was your example. It may require way fewer detail in a run-of-the-mill server. It may sometime be useful to log IP addresses, and it may sometimes be a better idea to not log them, or to anonymize the data before logging it. When people speak of balance, they are speaking about that, balancing the usefulness of logs for inquiries versus the dangers of logs in general. I think that balance should be explicitly stated in any kind of "logging requirement". -- Christian Huitema _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
