Hi Dan, I missed your mail. Sorry.
Yes, I understand what the document is trying to say. The insight that the presence of NAT also requires you to log the port number is certainly not a new insight. My worry with the document is that if you have to give someone who deploys services such trivial information (as it is done with the draft) then it is quite likely that they also need to be told something about privacy. As the discussion around Web tracking shows there is little understanding of meet the privacy expectations of regulators. Cullen had also raised privacy concerns in his review, see http://www6.ietf.org/mail-archive/web/ietf/current/msg65610.html, but his remarks had not been taken into consideration. Ciao Hannes On Jul 27, 2011, at 9:22 PM, Dan Wing wrote: >> -----Original Message----- >> From: ietf-boun...@ietf.org [mailto:ietf-boun...@ietf.org] On Behalf Of >> Hannes Tschofenig >> Sent: Wednesday, July 27, 2011 1:52 PM >> To: ietf@ietf.org IETF >> Subject: RFC 6302: "Internet-Facing Server Logging": No Word about >> Privacy? >> >> Hi all, >> >> I just noticed this document about "Internet-Facing Server Logging": >> http://tools.ietf.org/html/rfc6302 >> >> It does not contain any privacy considerations even thought it would be >> a very natural thing to do. >> >> Does anyone know the history of this document? > > It's trying to say that today, servers routinely log: > > * timestamp > * source IPv4 address > * resource accessed > > and that servers, compliant with RFC6302, need to additionally log: > > * source port > > -d > >> Ciao >> Hannes >> >> _______________________________________________ >> Ietf mailing list >> Ietf@ietf.org >> https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
