If people are required to track the source port, it is hardly unrealistic to expect them to abandon a file format that does not meet their legal obligations. The technology required to address this issue has only been around for 13 years.
If I was a part of a police investigation and a site operator had not logged information that I thought they were obliged to log, I would be putting them up on a charge irregardless of whether they considered it the job of the NAT operator to do the work. It is never safer to say that it is someone else's responsibility to ensure that you meet your legal obligations. Some parts of the Internet change very slowly, but others change quickly. The parts that change quickly are those where the person who has an interest in the change has the ability to make it. On Mon, Nov 16, 2009 at 4:47 AM, Arnt Gulbrandsen <a...@gulbrandsen.priv.no> wrote: > Stephane Bortzmeyer writes: >> >> On Fri, Nov 13, 2009 at 10:49:36AM +0100, >> Arnt Gulbrandsen <a...@gulbrandsen.priv.no> wrote a message of 11 lines >> which said: >> >>> Therefore, I think it's safer to say that it's the NAT operator's >>> responsibility to log enough. Umpteen million web sites will continue to >>> use apache's common log format, so the NAT operator has to log what's >>> needed to work with that format anyway. >> >> How could it be possible? The only way I see for the NAT operator to >> be able to say that the customer X went to www.priv.no at 2241 UTC is >> to log not only the source-address/source-port mapping but also the >> *destinations*, which create obvious privacy issues (and would make the >> log *much* larger). > > Yes. But do you see a way to avoid that, except by unrealistic declarations > such as "all apache installations that use the common log format must be > changed"? It's not just apache either, all other (web and other) servers > that don't log source port. > > (Btw, there is no www.priv.no, and these days I don't think you can get > anything else under .priv.no either. The dozen-odd people who have .priv.no > domains are allowed to keep them, that's all.) > > Arnt > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf > -- -- New Website: http://hallambaker.com/ View Quantum of Stupid podcasts, Tuesday and Thursday each week, http://quantumofstupid.com/ _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
