Re-, Please see inline.
Cheers, Med > -----Message d'origine----- > De : Amelia Andersdotter [mailto:[email protected]] > Envoyé : mardi 24 avril 2018 08:09 > À : BOUCADAIR Mohamed IMT/OLN; [email protected] > Cc : Stephen Farrell > Objet : Re: draft-andersdotter (was RE: [Int-area] WG adoption call: > Availability of Information in Criminal Investigations Involving Large-Scale > IP Address Sharing Technologies > > Dear Mohamed, > > See below: > > On 2018-04-24 07:25, [email protected] wrote: > > > > [Med] I don't have a problem with the general intent of your text, my > concern is that you link those explicitly with RFC6302 which is misleading. > RFC6302 has a very clear focus: address sharing. > > > > [Med] But how this is related to RFC6302 context? > > RFC6302 is hopelessly out of date. It was specifically justified by a > regulatory framework which no longer exists(!) [Med] Hmm, 6302 says the following: Discussions about data-retention policies are out of scope for this document. Further, if we suppose an extreme case where regulatory forbids logging source addresses, then 6302 won't contradict with those. and it takes into account > none of the privacy guidances given by RFC6973. If we mean to say the > privacy guidelines of RFC6973 should not be applied specifically in our > recommendations for logging to internet-facing servers, then fine. [Med] This is subtle, 6302 is motivated by address sharing. 6302 does not recommend logging IP addresses per se, but if a server logs IP addresses for whatever reason (regulatory, prevent abuses, etc.), then it should consider the source port too. More discussion can be found in RFC6269. If, > however, we believe privacy guidelines apply also when we make > recommendations to internet-facing servers (as we have done), then > RFC6302 needs updating. [Med] It is completely fine to have such analysis/discussion for logging in general, but as I said earlier 6302 has a clear scope: address sharing complications. > > I think this is the primary thing to establish. I'll provide more > comments later. > > best, > > A > > > -- > Amelia Andersdotter > Technical Consultant, Digital Programme > > ARTICLE19 > www.article19.org > > PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55 > _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
