Re: [ietf-privacy] Logging Recommendations for Internet-Facing Servers

S Moonesamy <sm+ietf@elandsys.com> Tue, 17 June 2014 20:06 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 707ED1A011C for <ietf-privacy@ietfa.amsl.com>; Tue, 17 Jun 2014 13:06:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.441
X-Spam-Level:
X-Spam-Status: No, score=-2.441 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.651, T_DKIM_INVALID=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ECaFQVm8iA1F for <ietf-privacy@ietfa.amsl.com>; Tue, 17 Jun 2014 13:05:54 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id A42031A00DF for <ietf-privacy@ietf.org>; Tue, 17 Jun 2014 13:05:48 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.224.146.13]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s5HK5S5L004005 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 17 Jun 2014 13:05:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1403035546; x=1403121946; bh=Nq1XiQoNwHltH/+yUFnEL2kq3ucMIX+x7iVsJqSKIW0=; h=Date:To:From:Subject:In-Reply-To:References; b=Ny7jUWJ94+rD4r1ab6nA55A4LC51LE6/eJdYpYDGKw+vGyse0ATmQ5IxnvJXGS7Rn RTDXG9ovTwtXsnFAp0/oyoonuheY0cF7fG3lHscU9Htr/ViDDY1R7+AKqui8XdGoXb KjBt2065swIEkRO47XCz0mU8cxtAilDb2PwHYD9Y=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1403035546; x=1403121946; i=@elandsys.com; bh=Nq1XiQoNwHltH/+yUFnEL2kq3ucMIX+x7iVsJqSKIW0=; h=Date:To:From:Subject:In-Reply-To:References; b=J9+KPORUO47nYowfZ5ymvLxAqhWX/v3wSdzSNLqfBfMYouCIvk/b2k9ckgjxjGYb7 /wA5oUFTjclUvgR7YQRrhPnrN7dXZjWir+g/QEd3n/o74wnNm+NmHuSNUGoCXjk8oR jiopCC3azBqqHXJXBTnIStnqCkFEhunDoPNybKjc=
Message-Id: <6.2.5.6.2.20140617121255.0bb1ac10@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Tue, 17 Jun 2014 13:03:10 -0700
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, ietf-privacy@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <53A08F5A.1090103@fifthhorseman.net>
References: <6.2.5.6.2.20140605221300.0d300d58@elandnews.com> <87d2eaz7x2.fsf@nordberg.se> <539D96ED.2060901@cs.tcd.ie> <6.2.5.6.2.20140615110808.0bb44ef8@elandnews.com> <539E3ED5.7090705@cs.tcd.ie> <6.2.5.6.2.20140617094116.0b82a330@elandnews.com> <53A08F5A.1090103@fifthhorseman.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/qAoPp668BFtgspzR7RfdOXq-ul4
Subject: Re: [ietf-privacy] Logging Recommendations for Internet-Facing Servers
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 20:06:06 -0000

Hi Daniel,
At 11:56 17-06-2014, Daniel Kahn Gillmor wrote:
>I'm surprised to hear you say this, given that you're thanked in the
>acknowledgments section of RFC 6973 (Privacy Considerations for Internet
>Protocols).  Do you think that RFC doesn't provide useful guidance or
>vocabulary?

RFC 6973 was published in the IAB Stream [1].  Someone could argue 
that it is not an IETF document.  It is not possible to argue against 
that.  I reviewed RFC 6973 before it was published as a RFC.  In my 
opinion it contains useful guidance and vocabulary.  There is the 
following in RFC 6973:

   "Protecting against stored data compromise is typically outside the
    scope of IETF protocols.  However, a number of common protocol
    functions -- key management, access control, or operational logging,
    for example -- require the storage of data about initiators of
    communications.  When requiring or recommending that information
    about initiators or their communications be stored or logged by end
    systems (see, e.g., RFC 6302 [RFC6302]), it is important to recognize
    the potential for that information to be compromised and for that
    potential to be weighed against the benefits of data storage.  Any
    recipient, intermediary, or enabler that stores data may be
    vulnerable to compromise.  (Note that stored data compromise is
    distinct from purposeful disclosure, which is discussed in
    Section 5.2.4.)"

With hindsight I would say that I did not pay sufficient attention to 
the RFC 6302 reference in the above.  For what it is worth my last 
comments about RFC 6973 was dated February 2013.

Regards,
S. Moonesamy

1. http://www.rfc-editor.org/info/rfc6973