On 27/04/2018 21:15, Amelia Andersdotter wrote: > On 2018-04-27 04:00, Brian E Carpenter wrote:
.... > i would have been slightly less annoyed had this not been the case. For > this reason: > >> This is not an area where anybody in authority gives a fig about what >> the IETF says. > > This is not reflective of my experience. The details are tedious, but > RFC6302 in its current form, We need to look at one of those details. RFC6302 starts out by saying: "It is RECOMMENDED as best current practice that Internet-facing servers logging incoming IP addresses from inbound IP traffic also log: o The source port number..." Therefore, the whole recommendation applies *only* to servers that happen to log incoming IP addresses. In effect, the document says: IF you operate an Internet facing server AND you log incoming IP addresses THEN you should also log the source port numbers (etc.). That is a purely technical statement, because with address sharing in use, there is no point in logging addresses without ports. The document does *not* say: IF you operate an Internet facing server THEN you should log incoming IP addresses, source port numbers (etc.). That would be a completely inappropriate thing for the IETF to say, because it's outside our technical remit. If draft-daveor-cgn-logging was adopted as an IETF document, it should IMHO be subject to the same test: is it describing how to do something correctly, if you're doing it at all? At least some of the language in section 7 would need tuning for that. Other parts seem OK, like "In cases where a software package has support for logging of incoming source port,..." Regards Brian _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
