Re-, Please see inline.
Cheers, Med > -----Message d'origine----- > De : Int-area [mailto:[email protected]] De la part de Amelia > Andersdotter > Envoyé : mercredi 25 avril 2018 14:37 > À : [email protected] > Objet : Re: [Int-area] WG adoption call: Availability of Information in > Criminal Investigations Involving Large-Scale IP Address Sharing Technologies > > On 2018-04-25 13:27, [email protected] wrote: > > SHOULD NOT store logs of incoming IP addresses from inbound > > > > traffic for longer than three days. > > > > > > > > The above proposed text does not make sense to me. The IETF does not > > have to make a call on such matters. > > > > > > > > You could have two different objections to the draft: > > 1. The IETF does not, in general, recommend grace periods or time > periods for logging, caching, etc. That's just wrong - I find loads of > examples in old and new RFCs of recommended time-periods for data > storage by googling. [Med] AFAIK, there is no such IETF reco for address sharing specifications. > > 2. The time-period as suggested is wrong. For instance, as Povl > proposed, 3 days is reasonable if it's just about shifting the log from > the internet-facing server as such to somewhere else, and for storing > logs at end-destination a longer period of time is necessary. > > I think you're aiming for objection 1). I don't see the historical > precedent for this assertion, and it seems to be rather about what the > IETF would feel like. I'm open for discussion on objection 2). [Med] Hmm. Please check https://mailarchive.ietf.org/arch/msg/behave/GzY46_zyxVDeKv10nGzGWM8FA34 > > best, > > A > > > Cheers, > > > > Med > > > > > > > > *De :*Povl H. Pedersen [mailto:[email protected]] > > *Envoyé :* mercredi 25 avril 2018 13:16 > > *À :* BOUCADAIR Mohamed IMT/OLN > > *Cc :* [email protected] > > *Objet :* Re: [Int-area] WG adoption call: Availability of Information > > in Criminal Investigations Involving Large-Scale IP Address Sharing > > Technologies > > > > > > > > I would keep full IP address + port info in my firewall log. Separate > > from the webserver log. This to help the webguys not abusing collected > > data. > > > > Having talked to the webguys, they use the logfiles in daily > > operations, and they see them as necesary to provide continous > > delivery of the services to the end user.That is another obligation we > > have. > > Our legal department actually suggested we keep logs for 5 years, as > > some data must be kept that long. > > > > The big privacy issue here is more about abuse and losing the data > > (move them away from the internet facing server within 3 days would be > > a good recommendation). This must be controlled by internal company > > rules. Not this RFC that says we must cripple data after 3 days. And 3 > > days is a stupid limit if there is a longer weekened/holidays etc. > > Easter is an example, Thursday to monday are non-working days. That is > > 5 days + the extra. So the 3 days should be 6 days without even > > accounting for holidays. > > > > > > > > -- > Amelia Andersdotter > Technical Consultant, Digital Programme > > ARTICLE19 > www.article19.org > > PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55 > > _______________________________________________ > Int-area mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/int-area _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
