[AusNOG] Data Retention - are you kidding me??
dave at bevhost.com
Tue Nov 22 16:40:46 EST 2016
On Tue, Nov 22, 2016 at 3:12 PM, Ross Wheeler <ausnog at rossw.net> wrote:
> On Tue, 22 Nov 2016, David Beveridge wrote:
>> 2. The source of a communication
>> Identifiers of a related account, service or device from which a
>> communication has been sent or attempted to be sent by means of the
>> relevant service.
> Identifiers for the source of a communication may include, but are not
>> limited to:
> It doesn't say it must include ALL of them.
> The "source of" doesn't automatically mean an IP address and/or port.
But in the case of SMTP it is a TCP Communication between a Client and a
Server, so in light of that I think it would be incomplete, not to log the
client IP at a bare minimum.
Not sure if your DRIP requirements provide any examples of communications
that include an IP address but do not include a port.
And, I can't tell you about my conversations with CAC, but I did start
logging port information right after I spoke with them.
This may also be of interest to you.
https://tools.ietf.org/html/rfc6302 (aka BCP: 162)
> I am not a lawyer, but when we were all thrashing out what these various
> poorly-defined terms might mean, I'm absolutely certain that in the case of
> email, the data in the typical maillog (envelope to/from and which mail
> server it was being sent from and received by) was sufficient.
> In any event, I'd expect that we've all defined quite clearly in our DRIP
> how we interpreted the legislation and exactly what we will be capturing.
> Our DRIPs have been either accepted or rejected, after review by the
> various departments. If you do no less than you've undertaken in your DRIP,
> surely that's "enough"?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG