On Wed, Jul 27, 2011 at 02:22:08PM -0400, Dan Wing wrote: > It's trying to say that today, servers routinely log: > > * timestamp > * source IPv4 address > * resource accessed > > and that servers, compliant with RFC6302, need to additionally log: > > * source port at least the abstract says: In the wake of IPv4 exhaustion and deployment of IP address sharing techniques, this document recommends that Internet-facing servers log port number and accurate timestamps in addition to the incoming IP address. I'd understand when people regard this as encouraging logging. Also in the later text it is hard to identify the precondition that address logging was in place for whatever reason and only then the address sharing considerations come into play. Maybe instead of making rcommendations on the providing side it would have been better to address the - no longer justified - assumptions that the consuming side may have. -Peter _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf