Working group, I would direct your attention to the current discuss, here:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc6304bis/ballot/ Should we consider recommendations with respect to treatment of logging or storage of queries or the extent to which such queries should be protected? Thanks Joel Sent from my iPhone > On Feb 23, 2015, at 08:25, Kathleen Moriarty > <kathleen.moriarty.i...@gmail.com> wrote: > > > >> On Mon, Feb 23, 2015 at 10:21 AM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: >> On Feb 23, 2015, at 7:13 AM, Kathleen Moriarty >> <kathleen.moriarty.i...@gmail.com> wrote: >> > Thanks for bringing this to my attention. The updated text points out the >> > risk, but it would have been nice seeing it phrased in a way to encourage >> > mitigation of that risk (recommend not to log). It'd easier to attack a >> > system and gain access to logs than to observe session traffic. >> >> AS112 operators do so for the public benefit. There are very good >> operational reasons why they *should* log, in order to help find bugs and to >> provide better service. You are asking that the very tiny chance of a >> privacy breach should trump that operational benefit. > > As an FYI - I wouldn't put this in the privacy bucket, but rather security as > it reveals information about a network that could be used in future attacks > against the organization leaking their data. >> >> The mention of the privacy issue with logging is sufficient, and going >> further would have negative consequences to the operations of this service. > > Mitigating the risks could be helpful and might mean protecting access to > logs in cases where logs must be generated. > > Thanks, > Kathleen >> >> --Paul Hoffman > > > > -- > > Best regards, > Kathleen
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
