IETF Logo Mail Archive

Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies

Ted Lemon <mellon@fugue.com> Wed, 25 April 2018 13:48 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44706126DEE for <int-area@ietfa.amsl.com>; Wed, 25 Apr 2018 06:48:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OC76z4YuBVwx for <int-area@ietfa.amsl.com>; Wed, 25 Apr 2018 06:48:00 -0700 (PDT)
Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79CAA126D45 for <int-area@ietf.org>; Wed, 25 Apr 2018 06:48:00 -0700 (PDT)
Received: by mail-qt0-x22a.google.com with SMTP id d3-v6so26837322qth.8 for <int-area@ietf.org>; Wed, 25 Apr 2018 06:48:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=7w6Pgs66et9rblVu588YoR8QKvaSXtfKYSnqG7cVe6U=; b=N39NKLl/VdMuhK4zwRLCG7QdBradyRFujypG39p8lyfM5MMvPt1PKq5ajwcRq4EtnJ mJ+H96XKdlTSdqj5URQYw5GBkbRsaoSJZ6QaRywJkp5qXi53Z8rjjjEZHvR0phXRtNLz J3Sb94l+lw4clOfvvZ3Cl30HCJkzIa0QZXaeksNG4+pOqLJDjHlVFkz8sYdgb51Vyz7M 4PUnvMD7UlUfRPuOHayheiWZhrvGkAOGrSoGzuYv1H1JxxDZfGk7N3Rcmx0z3russJKv m5lrQcyDKYeNYBMhPDRR2/IKmjDQX6niL+uvd2vHgSRujIf9GtLZ3rF8RVqUomCCg2Wl /jZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=7w6Pgs66et9rblVu588YoR8QKvaSXtfKYSnqG7cVe6U=; b=ckVYlK1Z1oueceig/kl69+C/AsHlGKMWwsFopkt8fij39knUGd6DbWJjzR2GSfMcGs h1GX5DzZI84gFLrD/HwWtPzBpHuW3f6To8GxGhVL7fvJMXDPIz85k8uzXeYZShAEEqV+ NO8eL0bleOUHricwiV4vje/Si6NlQ0MLDLYs21NlfppHXGmLK8yA1VR8QBkDH5NLXGdB 0ZSmLmlBknpVkboMo1/r7NdQzxx9jnytby0HLCRqSEu89s9zUN2JxQq9rgYGmFWzXDT5 /RnFHCFCDHhcPuR7i1s9B4+PoXAoqKWABovjWW6OhK5w1OmUej99UWzfH+nacvqE/8dQ NxBw==
X-Gm-Message-State: ALQs6tDKEhrB5eRlb4Lbzqo0VYVR87PZAlPn7j43o9EjYk3TFKZ4O92v sAP1/RukfTabbf23ZUwGImUCq9sWxiU=
X-Google-Smtp-Source: AB8JxZpU7GPZ0NFaZjoiosiIVWRGGaPg1cgmrfGq1zRQoQlgCu13e4nCYUnw/pDq6pV0tpxO8FEfgQ==
X-Received: by 2002:ac8:2246:: with SMTP id p6-v6mr33091887qtp.260.1524664079652; Wed, 25 Apr 2018 06:47:59 -0700 (PDT)
Received: from [192.168.1.144] (c-24-60-163-103.hsd1.nh.comcast.net. [24.60.163.103]) by smtp.gmail.com with ESMTPSA id 96sm15084770qkx.71.2018.04.25.06.47.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Apr 2018 06:47:59 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <394E26C5-B363-4F27-A508-77687896AD37@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B0470774-C859-4B89-B171-B93DD86D3A86"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Wed, 25 Apr 2018 09:47:57 -0400
In-Reply-To: <6C7E8E5F-BBEC-48F1-BB90-3274534F82EF@daveor.com>
Cc: "int-area@ietf.org" <int-area@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: Dave O'Reilly <rfc@daveor.com>
References: <a231b336-7e6d-bef1-92ab-001ae05eef0c@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B93302DF0F8FE@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <E802B982-265D-4417-88A6-5731CC5E81E4@fugue.com> <787AE7BB302AE849A7480A190F8B93302DF10666@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <E80E62FD-D4DC-4EAE-8CDB-161DABC58608@fugue.com> <787AE7BB302AE849A7480A190F8B93302DF109EA@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <18C3CE73-7D9F-4DC7-9AB6-9A5E164BB838@fugue.com> <787AE7BB302AE849A7480A190F8B93302DF10A60@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <BB99A1A3-9CA0-4020-BA49-04838C2C4F63@fugue.com> <32F089FA-ACF6-4A1B-BEC6-CFD05393FEF7@daveor.com> <95001838-25C7-47A6-B633-216E5F4F2018@fugue.com> <F0DF84AB-AF5E-4A7C-B793-A9ADA17E3407@daveor.com> <FAA2E3C4-7294-4DEB-B5D6-1E4B6B11B886@fugue.com> <8BAC31A3-1154-4D11-AE29-A3688F53FBEC@daveor.com> <FDB14F73-EBE2-450E-A04C-9230544AFDF1@fugue.com> <6C7E8E5F-BBEC-48F1-BB90-3274534F82EF@daveor.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/FXk98prgYj6fuV2hidhElK1T3JI>
Subject: Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2018 13:48:02 -0000

On Apr 25, 2018, at 9:44 AM, Dave O'Reilly <rfc@daveor.com> wrote:
> Sorry, I may have misread your email. Are you saying that there are times when it makes sense to log IP, but NO times in which it makes sense to log source port? Or something different?

No, I'm saying that if it makes sense to log source IP address, it makes sense to log source port.

Where I think we may disagree is on how often it makes sense to log these things.   But I don't think we disagree on what the technical details of the log should look like.

v2.23.0 | Report a Bug | By Email