Re: [ietf-privacy] Logging Recommendations for Internet-Facing Servers

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 16 June 2014 00:48 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E20531B2990 for <ietf-privacy@ietfa.amsl.com>; Sun, 15 Jun 2014 17:48:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGVMKbxqr2_d for <ietf-privacy@ietfa.amsl.com>; Sun, 15 Jun 2014 17:48:44 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id BEC0D1B298C for <ietf-privacy@ietf.org>; Sun, 15 Jun 2014 17:48:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7AB01BF42; Mon, 16 Jun 2014 01:48:43 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3l1r8ta1NUrN; Mon, 16 Jun 2014 01:48:42 +0100 (IST)
Received: from [10.87.48.12] (unknown [86.45.62.0]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 98088BF3D; Mon, 16 Jun 2014 01:48:41 +0100 (IST)
Message-ID: <539E3ED5.7090705@cs.tcd.ie>
Date: Mon, 16 Jun 2014 01:48:21 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: S Moonesamy <sm+ietf@elandsys.com>, Linus Nordberg <linus@nordberg.se>
References: <6.2.5.6.2.20140605221300.0d300d58@elandnews.com> <87d2eaz7x2.fsf@nordberg.se> <539D96ED.2060901@cs.tcd.ie> <6.2.5.6.2.20140615110808.0bb44ef8@elandnews.com>
In-Reply-To: <6.2.5.6.2.20140615110808.0bb44ef8@elandnews.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/aW1PaZQK7m0YePV1gXh5QfofeTY
Cc: ietf-privacy@ietf.org
Subject: Re: [ietf-privacy] Logging Recommendations for Internet-Facing Servers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jun 2014 00:48:48 -0000

Hiya,

On 15/06/14 19:38, S Moonesamy wrote:
> Hi Stephen,
> At 05:51 15-06-2014, Stephen Farrell wrote:
>> Q: How will that happen?
>> A: Someone will need to write an I-D:-)
>>
>> If someone does such an I-D that is reasonable and improves
>> privacy, I'll be happy to help that progress.
> 
> Ok.
> 
>> Not sure if the BCP's RFC would need replacing or if updating
>> the BCP with a 2nd RFC would be right myself, so talking to
>> the original authors and/or the intarea list would seem wise.
>> They might also have other stuff they'd like to revise, who
>> knows. (The draft leading to this BCP [1] was an intarea [2]
>> draft.)
> 
> In theory a (future) RFC can be added to BCP 162.  In practice people
> won't read it or miss it.

Possibly fair point, but OTOH BCP10 and others consist of >1 RFC
and work. For now at least, I'd concentrate on how to the get the
new privacy-friendly stuff agreed, rather than worry too much as
to how its represented in RFC(s).

> A first step might be to talk to the authors
> to see what they would like to do.  The INTAREA working group [1] lacks
> the expertise to review privacy-related drafts.  People with an actual
> interest in privacy will have to participate in the working group and
> review the proposed update to BCP 162.

Who knows? I would agree that the intarea is probably not a hotbed
of privacy activists. But its also equally true that folks on that
list are probably as clueful as here, and so may well have quite a
good appreciation of how privacy is more important than previously.

So I'd say give it a whirl if you've the energy to write an I-D and
fwiw I'll try push forward with good work regardless of how its
locally received in one or another IETF WG (no matter the relevant
WG is an area-wg). But, equally, I'm not interested in helping with
work on things that haven't even tried to be run by the best list
of relevant/interested folks. I do get that that's not a very clear
distinction (sorry:-) but I hope it helps, and regardless am happy
to chat more, on and/or off list.

Cheers,
S.


> 
> Regards,
> S. Moonesamy
> 
> 1. https://datatracker.ietf.org/wg/intarea/
> 
>