> On 26 Apr 2018, at 16:54, Ted Lemon <mel...@fugue.com> wrote: > > On Apr 26, 2018, at 11:44 AM, Dave O'Reilly <r...@daveor.com> wrote: >> I don’t understand what you mean when you say "And it doesn't say what you >> want to say—you're talking about the other end of the connection. So yes, >> it can be used as a pretext as written, but that's actually a problem, not a >> reason to continue doing the same thing.” > > You want to talk about the server side of the connection, yes? 6302 talks > about the ISP side of the connection.
Sorry, you’re wrong about that. RFC6302 is about the server side of the connection. Here are some citations to support that assertion: 1. The title of the document is "Logging Recommendations for Internet-Facing Servers” - my personal server is an Internet-facing server but I am not an ISP. 2 .The abstract of RFC6302 refers to the logging of "incoming IP address” - from the perspective of an ISP you’d be talking about the logging of the outgoing IP address. 3. At the end of the introduction, RFC6302 says " Note: This document provides recommendations for Internet-facing servers logging incoming connections. It does not provide any recommendations about logging on carrier-grade NAT or other address sharing tools.” - in other words, the recommendations do not apply to the ISP (carrier grade NAT or otherwise) side of the connection. 4. Section 2 of RFC6302 states "Examples of Internet-facing servers include, but are not limited to, web servers and email servers.” - the authors explicitly stated that they are talking about the server side of the connection. There’s more but I think that’s enough to make my point. So, to the extent that I “want” RFC6302 to say anything in particular, it does say “what I want it to say” - it makes logging recommendations for Internet facing servers to log source port. Referring back to your original email: > Yes, but this is an old document that has been superseded at least in spirit > by more recent work. What work supersedes the recommendations of RFC6302? it was my intention to supersede (or at least update) this work with my document. > I do not think we would publish RFC 6302 as written today. Are you still of that opinion based on the above clarification? daveor _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
