[ietf-privacy] Logging Recommendations for Internet-Facing Servers

S Moonesamy <sm+ietf@elandsys.com> Fri, 06 June 2014 07:15 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED29E1A03DA for <ietf-privacy@ietfa.amsl.com>; Fri, 6 Jun 2014 00:15:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.651
X-Spam-Level:
X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GB3Nyecb1mdb for <ietf-privacy@ietfa.amsl.com>; Fri, 6 Jun 2014 00:15:32 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EE861A0047 for <ietf-privacy@ietf.org>; Fri, 6 Jun 2014 00:15:32 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.224.138.226]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s567FDLh008013 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-privacy@ietf.org>; Fri, 6 Jun 2014 00:15:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1402038925; x=1402125325; bh=+53F1KDf3trKCZp1ZQs+o8kCWFv7oU5x5BWnI/uVj1s=; h=Date:To:From:Subject; b=FRmvjcevLegXzbx44szz7R4jsdE+vafgW0IGl7UtuY9O8Aoiw5+ybdkvttaklTaIa j0TcA8kSBnm2qM1U4IvvyAKT3shX1PAIF7hZ+HARaptQXAvzj8Aj7EwzsC+wiBhE4o 8PHni5lDhLmcFmIaq16fp6LzCiAX4zmt4CyhEGaQ=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1402038925; x=1402125325; i=@elandsys.com; bh=+53F1KDf3trKCZp1ZQs+o8kCWFv7oU5x5BWnI/uVj1s=; h=Date:To:From:Subject; b=PJIXvTCIE0TxqEGsDrqz1EYopIiOWJPyndHZ3acXtMHhYVzav+s9UXF0vhhdSuQoA Op/gxXnoXx4JxKJe/TwAv7KpdW77POb6WnOivxGM8sKyT//GfEkQ/yZuof/+iodzX+ buaT/kU61WCxJmmkq3KVUGCKrlKkwgiedhW1LSU8=
Message-Id: <6.2.5.6.2.20140605221300.0d300d58@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 05 Jun 2014 23:39:53 -0700
To: ietf-privacy@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/-j_DGyG0jzeWtEo2UF_Qj5C5ryg
Subject: [ietf-privacy] Logging Recommendations for Internet-Facing Servers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 07:15:38 -0000

Hello,

BCP 162 contains logging recommendations for internet-facing 
servers.  Quoting the document:

   "Discussions about data-retention policies are out of scope for this
    document.  Server security and transport security are important for
    the protection of logs for Internet-facing systems.  The operator of
    the Internet-facing server must consider the risks, including the
    data and services on the server, to determine the appropriate
    measures.  The protection of logs is critical in incident
    investigations.  If logs are tampered with, evidence could be
    destroyed."

In other words, the BCP makes a recommendation without any discussion 
about privacy considerations.  The issue is traceability.  It has 
been the practice to log IP addresses.  Keeping the logs for years is 
not a good idea as it is difficult to argue that the information is necessary.

I suggest that the BCP be reconsidered given the lack of privacy 
considerations.

Regards,
S. Moonesamy