Re: Logging the source port?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If people are required to track the source port, it is hardly
unrealistic to expect them to abandon a file format that does not meet
their legal obligations. The technology required to address this issue
has only been around for 13 years.

If I was a part of a police investigation and a site operator had not
logged information that I thought they were obliged to log, I would be
putting them up on a charge irregardless of whether they considered it
the job of the NAT operator to do the work.

It is never safer to say that it is someone else's responsibility to
ensure that you meet your legal obligations.


Some parts of the Internet change very slowly, but others change
quickly. The parts that change quickly are those where the person who
has an interest in the change has the ability to make it.

On Mon, Nov 16, 2009 at 4:47 AM, Arnt Gulbrandsen
<arnt@xxxxxxxxxxxxxxxxxxx> wrote:
> Stephane Bortzmeyer writes:
>>
>> On Fri, Nov 13, 2009 at 10:49:36AM +0100,
>>  Arnt Gulbrandsen <arnt@xxxxxxxxxxxxxxxxxxx> wrote a message of 11  lines
>> which said:
>>
>>>  Therefore, I think it's safer to say that it's the NAT operator's
>>>  responsibility to log enough. Umpteen million web sites will  continue to
>>> use apache's common log format, so the NAT operator has  to log what's
>>> needed to work with that format anyway.
>>
>> How could it be possible? The only way I see for the NAT operator to
>> be able to say that the customer X went to www.priv.no at 2241 UTC is
>> to log not only the source-address/source-port mapping but also the
>> *destinations*, which create obvious privacy issues (and would make the
>> log *much* larger).
>
> Yes. But do you see a way to avoid that, except by unrealistic declarations
> such as "all apache installations that use the common log format must be
> changed"? It's not just apache either, all other (web and other) servers
> that don't log source port.
>
> (Btw, there is no www.priv.no, and these days I don't think you can get
> anything else under .priv.no either. The dozen-odd people who have .priv.no
> domains are allowed to keep them, that's all.)
>
> Arnt
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ietf
>



-- 
-- 
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]