Hi Joe, This is a little bit subtle.
RFC6302 is about operating and protecting a server against abuses, denial-of-service, and all the issues discussed in rfc6269#section-13.1. 6302 does not ask a server to enable logging or not: The above recommendations apply to current logging practices. They do not require any changes in the way logging is performed; e.g., which packets are examined and logged. Further, 6302 says explicitly: Discussions about data-retention policies are out of scope for this document. Cheers, Med De : Int-area [mailto:[email protected]] De la part de Joe Touch Envoyé : mercredi 9 mai 2018 17:02 À : int-area Objet : Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies From: Int-area <[email protected]<mailto:[email protected]>> on behalf of "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Wednesday, May 9, 2018 at 7:26 AM To: Juan Carlos Zuniga <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies Hi all, There is no reason to revisit or deprecate RFC6302: • The root technical issues as documented by intarea (RC6269) are still valid. Those issues will be experienced by more and more in the future. • RFC6302 records a valid technical recommendation for servers logging IP addresses for abuse purposes. I don’t think that the IETF has to mandate or preclude (IP address) logging. I agree with the last sentence above, but I also think that the IETF shouldn’t be making “recommendations” in this area either (i.e., the last sentence implies to me that RFC6302 needs to be deprecated). 6302 is about identifying customers - not protocol or network diagnostics. IMO: - the IETF should speak to logging only when it relates to *protocol or network diagnostics* - this means that the current document should not proceed - this means that RFC6302 should be deprecated Joe
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
