On Tue, 18 Sep 2007 14:04:32 +0200 Adam Hasselbalch Hansen <[EMAIL PROTECTED]> wrote:
> You can read the entire thing in Danish here: > > http://www.folketinget.dk/samling/20061/Lovforslag/L63/Bilag/7/351262.PDF Looks more like legislation for ISPs than folks with a webserver. > The relevant part is Section 5, which says (losely translated): > > § 5. A provider of electronic communication nets or services for end > users must register the following information about an internet > session's initiating and terminating package: The word "session" doesn't sit easily with a stateless protocol (HTTP), and neither does the information required: > 6. Time of start and end of communication. ... which tends to suggest they really do mean sessions. I'd be sceptical about that applying to non-sessions such as HTTP requests. § 5 Part 2: [user's identity & contact details]. Yeah, right. Part 3: [applies to mobile access] Part 4: [Requirements don't apply if they're not technically possible to meet] So if Apache doesn't support this, you're exempt, yesno? :-) I was kind-of wondering whether anyone's thinking in terms of fingerprinting botnet/malware attacks rather more than tracing death-threats or naughty pictures back to the last anonymiser or zombie in their path. If governments are doing that, it'll just induce botnets to randomise a bit more, or mimic patterns of legitimate users. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/