On 2018-04-25 07:54, mohamed.boucad...@orange.com wrote: > Dear Amelia, > > I disagree with your comment. > > Section 12 of RFC6269 is about logging at the network side not the server. > Server matters are discussed in Section 13.1 "Abuse Logging and Penalty > Boxes". > > Section 12 is prudent in its language, it starts with " In many > jurisdictions, service providers are legally obliged to..". I don't think > that you claim that all jurisdiction over the world require operators to > maintain some records.
The way I read RFC6302, is that it tries to solve the problems mentioned in Section 12 of RFC6269 in a way that does not create too onerously sized logs (cf. also RFC7768 NATx4 Log Reduction). But it's also a bit obvious that RFC6302 isn't really used, because it doesn't solve any problems for Internet-facing servers that Internet-facing servers have. It appears to want to solve problems for internet service providers/electronic communications providers instead. So what I propose is to make RFC6302 into something which is useful for those of operate Internet-facing servers, and to provide a base-line set of assumptions: from where do we start when deciding on a logging practise? Indeed, deviations from the base-line recommendations were taken into account by a final recommendation to document and make accessible to subscribers the policy under which logging occurs. An administrative cop-out, perhaps, but which hopefully serves to remind server operators to be intentional and clear to subscribers about what they're doing and what the policies are on their server. I would happily take on suggestions for how to improve my draft. best regards, -- Amelia Andersdotter Technical Consultant, Digital Programme ARTICLE19 www.article19.org PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55 _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
