IETF Logo Mail Archive

Re: [Int-area] Logging Recommendations for Internet-Facing Servers

Suresh Krishnan <suresh.krishnan@ericsson.com> Tue, 17 June 2014 20:47 UTC

Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 473291A0110 for <int-area@ietfa.amsl.com>; Tue, 17 Jun 2014 13:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9brj_Mh0bxjb for <int-area@ietfa.amsl.com>; Tue, 17 Jun 2014 13:47:53 -0700 (PDT)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D80FC1A010F for <int-area@ietf.org>; Tue, 17 Jun 2014 13:47:52 -0700 (PDT)
X-AuditID: c6180641-f79df6d000002de0-c2-53a055e25601
Received: from EUSAAHC005.ericsson.se (Unknown_Domain [147.117.188.87]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id 98.AF.11744.2E550A35; Tue, 17 Jun 2014 16:51:14 +0200 (CEST)
Received: from [142.133.113.185] (147.117.188.8) by smtps-am.internal.ericsson.com (147.117.188.87) with Microsoft SMTP Server (TLS) id 14.3.174.1; Tue, 17 Jun 2014 16:47:44 -0400
Message-ID: <53A0A96E.3050006@ericsson.com>
Date: Tue, 17 Jun 2014 16:47:42 -0400
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: "SHEPPARD, SCOTT" <ss6667@att.com>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, S Moonesamy <sm+ietf@elandsys.com>, Igor Gashinsky <igor@yahoo-inc.com>, Donn Lee <donn@fb.com>, Scott Sheppard <Scott.Sheppard@att.com>, "alain.durand@me.com" <alain.durand@me.com>
References: <6.2.5.6.2.20140616024123.0ba53310@elandnews.com> <787AE7BB302AE849A7480A190F8B9330018425@OPEXCLILM23.corporate.adroot.infra.ftgroup> <8292A630AF4BC647B64BBD509738820909462E3F@GAALPA1MSGUSRAF.ITServices.sbc.com>
In-Reply-To: <8292A630AF4BC647B64BBD509738820909462E3F@GAALPA1MSGUSRAF.ITServices.sbc.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [147.117.188.8]
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrGLMWRmVeSWpSXmKPExsUyuXRPuO6j0AXBBq+uiVv0zljCbvHv53xW i8YvE1ksbsy6yWKx5dp3dovDb5+yW1xpVbd41X+T1eLSiRVsDpweL/vnMHrce/ORyWNi8zt2 jyVLfjJ5vDhf4TGn4z67R8uzk2wed1b9YgzgiOKySUnNySxLLdK3S+DKmHBlKkvBPO6KfZu+ szQwNnN2MXJySAiYSPyY1cQKYYtJXLi3nq2LkYtDSOAoo0TLk3vMEM52Romm43fAqngFtCXW XJ8DZrMIqEos+bsEzGYDmrRh52cmEFtUIEyi/cJMZoh6QYmTM5+wgAwSEVjEJDH92yRGkASz QKDEvtVtbCC2sIC3ROvF5awQ2+4zSqy7tZYFJMEpECVx/NcUZogGW4kLc66zQNjyEtvfzgGL CwloSmxd8x3qB0WJF8d/Mk1gFJqFZPksJO2zkLQvYGRexchRWpxalptuZLiJERgxxyTYHHcw LvhkeYhRgINRiYf3geeCYCHWxLLiytxDjNIcLErivJrV84KFBNITS1KzU1MLUovii0pzUosP MTJxcEo1MDJwZ7B+fJlXLWEWePGGgtesmx5PHC4/qci5eMH9XpGcy5FNXa84/s7pvrJ1zxKl rhavC41ezHFSYlyZukoBB0sStOfMnLb9+4sr2Rsuuu+9q6HDYmhq8rAgvPLI6uR7jLdk3v6K zius+f7ps/FzIbOd+4tf+d355+i5+qvrgpbWl1fm7K8TnK/EUpyRaKjFXFScCAARzQtAeQIA AA==
Archived-At: http://mailarchive.ietf.org/arch/msg/int-area/m0-EXSoxNcvGpMpuTuSI3H8vgoY
Cc: Linus Nordberg <linus@nordberg.se>, "int-area@ietf.org" <int-area@ietf.org>
Subject: Re: [Int-area] Logging Recommendations for Internet-Facing Servers
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 20:47:54 -0000

Hi Scott,
(with Chair hat on)

On 06/17/2014 10:36 AM, SHEPPARD, SCOTT wrote:
> Folks
>
> To close this for now.
>
> I see no compelling reason to change the BCP RFC 6302.

Thanks for providing your opinion. I think opinions from operators are 
extremely useful and helpful.

>
> Privacy is important. But equally so is the need to protect our customers, ourselves and the population against cyber criminals and they are legion. There is a compelling need for Law Enforcement Agencies and Governments to know some information about traffic as it relates to criminal and military acts (state sponsored cyber espionage etc.,). It is up to the civil authorities to define what is "acceptable reach" for the above agencies actions. It is up to us as citizens to then hold the civil authorities accountable at least in the US.
>
> This is far beyond an IETF discussion.

I think there is a delicate balance between protecting the users' 
privacy and implementing the operators' requirements for traceability. 
If by "far beyond an IETF discussion" you mean that recommendations from 
the IETF are only one consideration among many for real life 
deployments, I fully agree with you. But what the IETF publishes as a 
BCP is within the purview of the IETF, and it is entirely reasonable for 
people to initiate discussion on whether the recommendations in RFC6302 
are current in light of RFC7258.

Thanks
Suresh

v2.23.0 | Report a Bug | By Email