Whether 6302 makes a strong recommendation or not, it is clearly aimed at policy issues.
I don’t think we need documents to explain how to implement software that isn’t focused on supporting the protocols we specify. I prefer to have 6302 deprecated so it is no longer usable as justification to do otherwise (e.g., as has been done throughout this discussion). Joe > On May 10, 2018, at 10:21 PM, [email protected] wrote: > > Hi Joe, > > This is a little bit subtle. > > RFC6302 is about operating and protecting a server against abuses, > denial-of-service, and all the issues discussed in rfc6269#section-13.1. 6302 > does not ask a server to enable logging or not: > > The above recommendations apply to current logging practices. They > do not require any changes in the way logging is performed; e.g., > which packets are examined and logged. > > Further, 6302 says explicitly: > > Discussions about data-retention policies are out of scope for this > document. > > Cheers, > Med > > De : Int-area [mailto:[email protected]] De la part de Joe Touch > Envoyé : mercredi 9 mai 2018 17:02 > À : int-area > Objet : Re: [Int-area] WG adoption call: Availability of Information in > Criminal Investigations Involving Large-Scale IP Address Sharing Technologies > > > > > > From: Int-area <[email protected] <mailto:[email protected]>> > on behalf of "[email protected] > <mailto:[email protected]>" <[email protected] > <mailto:[email protected]>> > Date: Wednesday, May 9, 2018 at 7:26 AM > To: Juan Carlos Zuniga <[email protected] > <mailto:[email protected]>>, "[email protected] > <mailto:[email protected]>" <[email protected] <mailto:[email protected]>> > Subject: Re: [Int-area] WG adoption call: Availability of Information in > Criminal Investigations Involving Large-Scale IP Address Sharing Technologies > > Hi all, <> > > There is no reason to revisit or deprecate RFC6302: > · The root technical issues as documented by intarea (RC6269) are > still valid. Those issues will be experienced by more and more in the future. > · RFC6302 records a valid technical recommendation for servers > logging IP addresses for abuse purposes. > > I don’t think that the IETF has to mandate or preclude (IP address) logging. > > I agree with the last sentence above, but I also think that the IETF > shouldn’t be making “recommendations” in this area either (i.e., the last > sentence implies to me that RFC6302 needs to be deprecated). 6302 is about > identifying customers - not protocol or network diagnostics. > > IMO: > > - the IETF should speak to logging only when it relates to *protocol or > network diagnostics* > - this means that the current document should not proceed > - this means that RFC6302 should be deprecated > > Joe
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
