On Apr 24, 2018, at 11:30 AM, Dave O'Reilly <[email protected]> wrote: > Could you give me an example of when you think it would be appropriate to log > source port and when it would not be?
It's not appropriate to log source port if there's no potential for abuse by the connecting party, or if the potential for abuse by the connecting party is small compared to the potential for abuse by the consumer of the log information. As has been mentioned previously, it may make sense to log source port when accepting posts from an end user, or when taking orders, or in similar situations. But to use the example Amelia gave, if I go to Wikipedia and start reading articles and clicking on links, it isn't appropriate to log the source port. If I am reading a newspaper, it is not appropriate to log anything about my reading habits (although in this case cookies are likely more of a problem than source port). It's possible that some government somewhere would disagree; if they do, that's fine, but it's not the IETF's role to promote or enable this behavior. To continue the Wikipedia example, Wikipedia does in fact ban IP addresses when abusive behavior is exhibited by some person using that IP address. I don't think there would be a particular problem extending this to ports as well, although it might not actually be all that useful if they are randomized by the CGN. I don't know if Wikipedia logs this information for law enforcement use, but if they do, then logging the source port as well _in these situations_ would make sense, even though logging it when the end user is simply reading pages would not.
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
