Brian, does the server *have* to collect everything? On Tue, Apr 24, 2018, 18:26 Brian E Carpenter <brian.e.carpen...@gmail.com> wrote:
> On 24/04/2018 18:08, Amelia Andersdotter wrote: > > Dear Mohamed, > > > > See below: > > > > On 2018-04-24 07:25, mohamed.boucad...@orange.com wrote: > >> > >> [Med] I don't have a problem with the general intent of your text, my > concern is that you link those explicitly with RFC6302 which is misleading. > RFC6302 has a very clear focus: address sharing. > >> > >> [Med] But how this is related to RFC6302 context? > > > > RFC6302 is hopelessly out of date. It was specifically justified by a > > regulatory framework which no longer exists(!) and it takes into account > > none of the privacy guidances given by RFC6973. > > I can't find any reference to regulatory matters in RFC 6302, > but I did find this: > "In the absence of the source port number and accurate timestamp > information, operators deploying any address sharing techniques will > not be able to identify unambiguously customers when dealing with > abuse or public safety queries." > Has that changed since 2011? > > RFC6973 adds this: > "When requiring or recommending that information > about initiators or their communications be stored or logged by end > systems (see, e.g., RFC 6302 [RFC6302]), it is important to recognize > the potential for that information to be compromised and for that > potential to be weighed against the benefits of data storage." > Indeed. But since that's a general requirement, not specific to port > logging, what is obsolete in RFC6302 itself? It's what happens to the data > *after* it's been collected that matters, and that affects everything > the server collects, not just addr+port. > > Regards > Brian > > > If we mean to say the > > privacy guidelines of RFC6973 should not be applied specifically in our > > recommendations for logging to internet-facing servers, then fine. If, > > however, we believe privacy guidelines apply also when we make > > recommendations to internet-facing servers (as we have done), then > > RFC6302 needs updating. > > > > I think this is the primary thing to establish. I'll provide more > > comments later. > > > > best, > > > > A > > > > > > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area >
_______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area