Re: [Int-area] draft-andersdotter (was RE: WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies
<mohamed.boucadair@orange.com> Tue, 24 April 2018 05:25 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAEE0124B0A for <int-area@ietfa.amsl.com>; Mon, 23 Apr 2018 22:25:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 78zq3zCqOflR for <int-area@ietfa.amsl.com>; Mon, 23 Apr 2018 22:25:29 -0700 (PDT)
Received: from orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5041612420B for <int-area@ietf.org>; Mon, 23 Apr 2018 22:25:29 -0700 (PDT)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr26.francetelecom.fr (ESMTP service) with ESMTP id 976DE205E5; Tue, 24 Apr 2018 07:25:27 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.63]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 6B01E1A007B; Tue, 24 Apr 2018 07:25:27 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM6E.corporate.adroot.infra.ftgroup ([fe80::f5a7:eab1:c095:d9ec%18]) with mapi id 14.03.0389.001; Tue, 24 Apr 2018 07:25:27 +0200
From: mohamed.boucadair@orange.com
To: Amelia Andersdotter <amelia@article19.org>, "int-area@ietf.org" <int-area@ietf.org>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: draft-andersdotter (was RE: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies
Thread-Index: AQHT2zXYGSW57HSQIUmRzl19mSQPPaQPXkNg
Date: Tue, 24 Apr 2018 05:25:26 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302DF1063D@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B93302DF0FAF6@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <21afe991-a347-8d30-39b4-255042e5bdbd@article19.org>
In-Reply-To: <21afe991-a347-8d30-39b4-255042e5bdbd@article19.org>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/iHxjSb2h39q_Xz4jVtvcPR10FSQ>
Subject: Re: [Int-area] draft-andersdotter (was RE: WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 05:25:32 -0000
Dear Amelia, Please see inline. Cheers, Med > -----Message d'origine----- > De : Amelia Andersdotter [mailto:amelia@article19.org] > Envoyé : lundi 23 avril 2018 21:04 > À : BOUCADAIR Mohamed IMT/OLN; int-area@ietf.org > Cc : Stephen Farrell > Objet : Re: draft-andersdotter (was RE: [Int-area] WG adoption call: > Availability of Information in Criminal Investigations Involving Large-Scale > IP Address Sharing Technologies > > Dear Mohamed, > all, > > On 2018-04-23 10:38, mohamed.boucadair@orange.com wrote: > > Dear Amelia, > > > > Some comments about the main recommendations in draft-andersdotter: > > > > SHOULD only store entire incoming IP addresses for as long as is > > necessary to provide the specific service requested by the user. > > > > Med: This is implementation and deployment-specific. Not sure we can > mandate a server how to service users. > > It's a recommendation. Cf. RFC2119 on the word SHOULD. That said, the > draft is meant to encourage good (best!) practises that can assist with > both privacy focus and regulatory compliance. The IETF cannot stop > anyone from following a poor practise, and certainly I can't. [Med] It is a not a problem with the language of the reco, but its implementation. The IETF cannot dictate which information is required to provide a service and whether an IP address is needed. This is really implementation-specific. > > > SHOULD keep only the first two octets (of an IPv4 address) or the > > first three octets (of an IPv6 address) with remaining octets set > > to zero, when logging. > > > > Med: A server can decide to follow this reco, but it will be difficult for > the owner of the server to claim an abuse and help identifying > responsibilities. > > The recommendation is partially inspired by web analytics > recommendations for Piwik/Matomo installations by French DPA CNIL, but > of course also enjoys support from the data minimization strategies > advanced in RFC6973. [Med] I don't have a problem with the general intent of your text, my concern is that you link those explicitly with RFC6302 which is misleading. RFC6302 has a very clear focus: address sharing. > > > Please note that RFC6302 ** does not recommend to log IP addresses** :. > > > > "It is RECOMMENDED as best current practice that Internet-facing > > servers logging incoming IP addresses from inbound IP traffic also > > log " > > > > which means ** IF ** a server logs source IP address, then it has to log > also the source port. > > Indeed, my proposal is to recommend that servers do not log IP addresses > other than to the extent recommended. If they don't log IP addresses at > all, they would be following the recommendations. [Med] How those servers will react to DDoS attacks or other abuses? > > > SHOULD NOT store logs of incoming IP addresses from inbound > > traffic for longer than three days. > > > > Med: It is out of the scope of the IETF to define the duration of logs. > This is country-specific. > > I'm proposing a recommendation for a best practise. [Med] But there are laws out of there. I don't think that we need to interfere with those. Presumably if for > legal reasons one finds oneself unable to follow best practise, one > follows a worse practise instead. The fact that some people may have to > follow a worse practise is not a reason to recommend a poor practise. > > > SHOULD NOT log unnecessary identifiers, such as source port > > number, time stamps, transport protocol numbers or destination > > port numbers. > > > > Med: Not sure to understand this one. "unnecessary identifiers" is not > clear. I prefer the current language in 6302 which identifies the minimum set > of information. > > The recommendation follows immediately from data minimization in > RFC6973, which is consistently adhered to in IETF drafts with a privacy > focus. [Med] But how this is related to RFC6302 context? > > > SHOULD ensure adequate log access control, with suitable > > mechanisms for keeping track of which entity accesses logged > > identifiers, for what reason and at what time. > > > > Med: I hear you, but this is out of scope of the IETF. Access rights to > retention data is well known and is not altered by the IETF specification. > > I don't understand the objection. The IETF discusses access control and > authentication in various circumstances. [Med] Rules to access regulatory data are well known. > > If anything, the recommendation could be accused of being too inexact to > qualify as a good recommendation. The scope of it is fine and well > within IETFs mandate. > > best regards, > > Amelia > > > Cheers, > > Med > > > >> -----Message d'origine----- > >> De : Int-area [mailto:int-area-bounces@ietf.org] De la part de Amelia > >> Andersdotter > >> Envoyé : lundi 23 avril 2018 10:11 > >> À : int-area@ietf.org > >> Cc : Stephen Farrell > >> Objet : Re: [Int-area] WG adoption call: Availability of Information in > >> Criminal Investigations Involving Large-Scale IP Address Sharing > Technologies > >> > >> I've tabled a similar draft but with a different scope. Happy to discuss > >> with members on the list: > >> > >> https://datatracker.ietf.org/doc/draft-andersdotter-intarea-update-to- > >> rfc6302/ > >> > >> -- > >> > >> Amelia Andersdotter > >> Technical Consultant, Digital Programme > >> > >> ARTICLE19 > >> www.article19.org > >> > >> PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55 > >> > >> _______________________________________________ > >> Int-area mailing list > >> Int-area@ietf.org > >> https://www.ietf.org/mailman/listinfo/int-area > > > -- > Amelia Andersdotter > Technical Consultant, Digital Programme > > ARTICLE19 > www.article19.org > > PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55 >
- [Int-area] draft-andersdotter (was RE: WG adoptio… mohamed.boucadair
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Amelia Andersdotter
- Re: [Int-area] draft-andersdotter (was RE: WG ado… mohamed.boucadair
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Amelia Andersdotter
- Re: [Int-area] draft-andersdotter (was RE: WG ado… mohamed.boucadair
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Brian E Carpenter
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Ted Lemon
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Brian E Carpenter
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Ted Lemon
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Amelia Andersdotter
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Amelia Andersdotter
- Re: [Int-area] draft-andersdotter (was RE: WG ado… mohamed.boucadair
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Dave O'Reilly
- Re: [Int-area] draft-andersdotter (was RE: WG ado… Amelia Andersdotter