IETF Logo Mail Archive

Re: [Int-area] Logging Recommendations for Internet-Facing Servers

"SHEPPARD, SCOTT" <ss6667@att.com> Tue, 17 June 2014 20:34 UTC

Return-Path: <ss6667@att.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3348E1A016B for <int-area@ietfa.amsl.com>; Tue, 17 Jun 2014 13:34:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.551
X-Spam-Level:
X-Spam-Status: No, score=-4.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rasN1UPSnO5b for <int-area@ietfa.amsl.com>; Tue, 17 Jun 2014 13:34:23 -0700 (PDT)
Received: from nbfkord-smmo07.seg.att.com (nbfkord-smmo07.seg.att.com [209.65.160.93]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 750051A0168 for <int-area@ietf.org>; Tue, 17 Jun 2014 13:34:22 -0700 (PDT)
Received: from unknown [144.160.229.23] (EHLO alpi154.enaf.aldc.att.com) by nbfkord-smmo07.seg.att.com(mxl_mta-7.2.1-0) with ESMTP id e46a0a35.2ba82b80b940.4843194.00-2434.12414842.nbfkord-smmo07.seg.att.com (envelope-from <ss6667@att.com>); Tue, 17 Jun 2014 20:34:22 +0000 (UTC)
X-MXL-Hash: 53a0a64e274722ef-c6b5382ee027e1820126f52eec4cbbbcacb58891
Received: from unknown [144.160.229.23] (EHLO alpi154.enaf.aldc.att.com) by nbfkord-smmo07.seg.att.com(mxl_mta-7.2.1-0) over TLS secured channel with ESMTP id f36a0a35.0.4843037.00-2326.12414395.nbfkord-smmo07.seg.att.com (envelope-from <ss6667@att.com>); Tue, 17 Jun 2014 20:34:19 +0000 (UTC)
X-MXL-Hash: 53a0a64b2e22462b-a33cbfb80b5eb4e951498a9421b36a6de70e3058
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id s5HKY6Ho018419; Tue, 17 Jun 2014 16:34:07 -0400
Received: from alpi132.aldc.att.com (alpi132.aldc.att.com [130.8.217.2]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id s5HKY1DS018334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 17 Jun 2014 16:34:02 -0400
Received: from GAALPA1MSGHUB9A.ITServices.sbc.com (GAALPA1MSGHUB9A.itservices.sbc.com [130.8.36.87]) by alpi132.aldc.att.com (RSA Interceptor); Tue, 17 Jun 2014 20:33:48 GMT
Received: from GAALPA1MSGUSRAF.ITServices.sbc.com ([169.254.6.40]) by GAALPA1MSGHUB9A.ITServices.sbc.com ([130.8.36.87]) with mapi id 14.03.0174.001; Tue, 17 Jun 2014 16:33:48 -0400
From: "SHEPPARD, SCOTT" <ss6667@att.com>
To: S Moonesamy <sm+ietf@elandsys.com>, Suresh Krishnan <suresh.krishnan@ericsson.com>, Juan-Carlos Zúñiga <JuanCarlos.Zuniga@InterDigital.com>
Thread-Topic: [Int-area] Logging Recommendations for Internet-Facing Servers
Thread-Index: AQHPimeJjb6IbTesrUmSr8bliEscrZt1vt/g
Date: Tue, 17 Jun 2014 20:33:47 +0000
Message-ID: <8292A630AF4BC647B64BBD50973882090946307D@GAALPA1MSGUSRAF.ITServices.sbc.com>
References: <6.2.5.6.2.20140616024123.0ba53310@elandnews.com> <787AE7BB302AE849A7480A190F8B9330018425@OPEXCLILM23.corporate.adroot.infra.ftgroup> <8292A630AF4BC647B64BBD509738820909462E3F@GAALPA1MSGUSRAF.ITServices.sbc.com> <6.2.5.6.2.20140617112211.0bb1a980@elandnews.com>
In-Reply-To: <6.2.5.6.2.20140617112211.0bb1a980@elandnews.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.204.104.113]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-AnalysisOut: [v=2.0 cv=Ro1y2laK c=1 sm=1 a=VXHOiMMwGAwA+y4G3/O+aw==:17 a]
X-AnalysisOut: [=Fb9rBCq8oXkA:10 a=ofMgfj31e3cA:10 a=jaRjaomdIKgA:10 a=BLc]
X-AnalysisOut: [eEmwcHowA:10 a=8nJEP1OIZ-IA:10 a=zQP7CpKOAAAA:8 a=XIqpo32R]
X-AnalysisOut: [AAAA:8 a=wPPvXI8NAAAA:8 a=48vgC7mUAAAA:8 a=tnvV_-ysobBY2L0]
X-AnalysisOut: [J6DEA:9 a=wPNLvfGTeEIA:10 a=DswvqmXAlqEA:10 a=6twC2c18jGIA]
X-AnalysisOut: [:10 a=2mDhba3wg4UA:10 a=7Nb30phM6KoA:10 a=Hz7IrDYlS0cA:10 ]
X-AnalysisOut: [a=pOcSzP0BEVkA:10 a=lZB815dzVvQA:10 a=fqmVbpKOml3tncJp:21 ]
X-AnalysisOut: [a=k4qXlG_-biuP39rL:21]
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2014051901)]
X-MAIL-FROM: <ss6667@att.com>
X-SOURCE-IP: [144.160.229.23]
Archived-At: http://mailarchive.ietf.org/arch/msg/int-area/6bRi8n21T45RZP_etWoSVGCnjbc
Cc: Scott Sheppard <Scott.Sheppard@att.com>, "int-area@ietf.org" <int-area@ietf.org>, "alain.durand@me.com" <alain.durand@me.com>
Subject: Re: [Int-area] Logging Recommendations for Internet-Facing Servers
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 20:34:27 -0000

S. Moonesamy

I am not going to debate with you. "Pervasive surveillance is an attack". To me this is a debate : Resolved: Pervasive surveillance is an attack.

I will read and, if needed, comment where appropriate with interest RFC 7258 with a technical not political view.   

I thank you for bringing this to my attention. 

As I am work, I will not respond any further from my work address. I will create an email alias for this discussion and distribute it. I do welcome the discussion. 

Peace

Scott Sheppard
LMTS AT&T ATS
IPNSG 
404 499 5539 desk
732 861 3383 cell
ss6667@att.com email

Two messages
Authentic power is service - Pope Francis 
Sillyness is Essential - The Three Stooges
Both are important 

This e-mail and any files transmitted with it are the property
Of the AT&T companies, are confidential, and are intended solely
For the use of the individual or entity to whom this e-mail is 
Addressed. If you are not the one of the named recipients or 
Otherwise have reason to believe that you have received this
Message in error, please notify the sender at (732) 420-0965 and 
Delete this message immediately from your computer. Any other
Use, retention, dissemination, forwarding, printing, or copying
Of this e-mail is strictly prohibited.




-----Original Message-----
From: S Moonesamy [mailto:sm+ietf@elandsys.com] 
Sent: Tuesday, June 17, 2014 2:59 PM
To: Suresh Krishnan; Juan-Carlos Zúñiga
Cc: int-area@ietf.org; Scott Sheppard
Subject: RE: [Int-area] Logging Recommendations for Internet-Facing Servers

Hi Suresh, Juan-Carlos,
At 07:36 17-06-2014, SHEPPARD, SCOTT wrote:
>To close this for now.
>
>I see no compelling reason to change the BCP RFC 6302.
>
>Privacy is important. But equally so is the need to protect our 
>customers, ourselves and the population against cyber criminals and 
>they are legion. There is a compelling need for Law Enforcement 
>Agencies and Governments to know some information about traffic as 
>it relates to criminal and military acts (state sponsored cyber 
>espionage etc.,). It is up to the civil authorities to define what 
>is "acceptable reach" for the above agencies actions. It is up to us 
>as citizens to then hold the civil authorities accountable at least in the US.
>
>This is far beyond an IETF discussion.

The following in an excerpt of a message posted by the IAB Chair to 
ietf@ietf.org in 2013:

  "1.  The IETF is willing to respond to the pervasive surveillance attack?

       Overwhelming YES.  Silence for NO.

   2. Pervasive surveillance is an attack, and the IETF needs to 
adjust our threat model
      to consider it when developing standards track specifications.

      Very strong YES.  Silence for NO."

Some persons raised concerns about those hums.  I would not ignore 
the concerns of those persons or argue that they have to agree to the 
excerpt quoted above.  There was a four-weeks Last Call for RFC 
7258.  Several persons raised concerns about the document.  I would 
not argue that they have to agree to RFC 7258.

I would like to have your opinion about which points (see quoted 
message) are appropriate or inappropriate for INTAREA discussion.

Regards,
S. Moonesamy

v2.23.0 | Report a Bug | By Email