On 2018-04-25 13:27, mohamed.boucad...@orange.com wrote: > SHOULD NOT store logs of incoming IP addresses from inbound > > traffic for longer than three days. > > > > The above proposed text does not make sense to me. The IETF does not > have to make a call on such matters. > > >
You could have two different objections to the draft: 1. The IETF does not, in general, recommend grace periods or time periods for logging, caching, etc. That's just wrong - I find loads of examples in old and new RFCs of recommended time-periods for data storage by googling. 2. The time-period as suggested is wrong. For instance, as Povl proposed, 3 days is reasonable if it's just about shifting the log from the internet-facing server as such to somewhere else, and for storing logs at end-destination a longer period of time is necessary. I think you're aiming for objection 1). I don't see the historical precedent for this assertion, and it seems to be rather about what the IETF would feel like. I'm open for discussion on objection 2). best, A > Cheers, > > Med > > > > *De :*Povl H. Pedersen [mailto:p...@my.terminal.dk] > *Envoyé :* mercredi 25 avril 2018 13:16 > *À :* BOUCADAIR Mohamed IMT/OLN > *Cc :* int-a...@ietfa.amsl.com > *Objet :* Re: [Int-area] WG adoption call: Availability of Information > in Criminal Investigations Involving Large-Scale IP Address Sharing > Technologies > > > > I would keep full IP address + port info in my firewall log. Separate > from the webserver log. This to help the webguys not abusing collected > data. > > Having talked to the webguys, they use the logfiles in daily > operations, and they see them as necesary to provide continous > delivery of the services to the end user.That is another obligation we > have. > Our legal department actually suggested we keep logs for 5 years, as > some data must be kept that long. > > The big privacy issue here is more about abuse and losing the data > (move them away from the internet facing server within 3 days would be > a good recommendation). This must be controlled by internal company > rules. Not this RFC that says we must cripple data after 3 days. And 3 > days is a stupid limit if there is a longer weekened/holidays etc. > Easter is an example, Thursday to monday are non-working days. That is > 5 days + the extra. So the 3 days should be 6 days without even > accounting for holidays. > > > -- Amelia Andersdotter Technical Consultant, Digital Programme ARTICLE19 www.article19.org PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55 _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area