Dear Amelia, I reiterate there is no RFC which asks a ***server*** to log IP address for a given time.
All what we have is a simple recommendation, saying if you log IP address (for whatever reason), then consider logging source port too to ease investigation in case of abuse, etc. Source port in its own does not reveal or add another yet set of privacy concerns. Cheers, Med > -----Message d'origine----- > De : Amelia Andersdotter [mailto:[email protected]] > Envoyé : jeudi 26 avril 2018 17:27 > À : Dave O'Reilly > Cc : Brian E Carpenter; BOUCADAIR Mohamed IMT/OLN; [email protected] > Objet : Re: [Int-area] WG adoption call: Availability of Information in > Criminal Investigations Involving Large-Scale IP Address Sharing Technologies > > On 2018-04-26 15:59, Dave O'Reilly wrote: > > The absence of recommendations about log retention periods does not mean > that recommendations about what to log are not useful. There are technical > reasons why logging source port (and supporting recommendations) is a useful > thing to do and this recommendation can be made without needing to give any > consideration to the period for which those logs are retained. This question > can be left to organisations to decide for themselves in the context of their > national data protection obligations. > > I disagree for a similar reason to that which Povl brought up. > > A recommendation to log source ports risks being construed by > implementors, operators and regulators as a technical necessity to log > source ports, including for a long time (in fact, about 12-24 months as > we've heard, or, as stated in the informational RFCs, at least 6 months). > > Practises which were already rejected by courts once (general data > retention) could therefore be perpetuated through the technical route. > The only way for a court to re-establish its authority would be to > basically re-draft RFCs itself, or go into a level of technical detail > in its decisions that isn't appropriate. I don't think that's a useful > job for a court to do at all, and I'm not very keen on the working group > working on recommendations that contravene privacy decisions arisen from > the careful assessment of courts over close to a decade on the merits of > logging identifiers. It'd be backdoor politicking. > > best regards, > > Amelia > > > daveor > > > > > > -- > Amelia Andersdotter > Technical Consultant, Digital Programme > > ARTICLE19 > www.article19.org > > PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55 > _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
