On 24/04/2018 18:08, Amelia Andersdotter wrote: > Dear Mohamed, > > See below: > > On 2018-04-24 07:25, [email protected] wrote: >> >> [Med] I don't have a problem with the general intent of your text, my >> concern is that you link those explicitly with RFC6302 which is misleading. >> RFC6302 has a very clear focus: address sharing. >> >> [Med] But how this is related to RFC6302 context? > > RFC6302 is hopelessly out of date. It was specifically justified by a > regulatory framework which no longer exists(!) and it takes into account > none of the privacy guidances given by RFC6973.
I can't find any reference to regulatory matters in RFC 6302, but I did find this: "In the absence of the source port number and accurate timestamp information, operators deploying any address sharing techniques will not be able to identify unambiguously customers when dealing with abuse or public safety queries." Has that changed since 2011? RFC6973 adds this: "When requiring or recommending that information about initiators or their communications be stored or logged by end systems (see, e.g., RFC 6302 [RFC6302]), it is important to recognize the potential for that information to be compromised and for that potential to be weighed against the benefits of data storage." Indeed. But since that's a general requirement, not specific to port logging, what is obsolete in RFC6302 itself? It's what happens to the data *after* it's been collected that matters, and that affects everything the server collects, not just addr+port. Regards Brian > If we mean to say the > privacy guidelines of RFC6973 should not be applied specifically in our > recommendations for logging to internet-facing servers, then fine. If, > however, we believe privacy guidelines apply also when we make > recommendations to internet-facing servers (as we have done), then > RFC6302 needs updating. > > I think this is the primary thing to establish. I'll provide more > comments later. > > best, > > A > > _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
