[AusNOG] Data Retention - are you kidding me??

David Beveridge dave at bevhost.com
Tue Nov 22 16:40:46 EST 2016


On Tue, Nov 22, 2016 at 3:12 PM, Ross Wheeler <ausnog at rossw.net> wrote:

>
>
> On Tue, 22 Nov 2016, David Beveridge wrote:
>
> https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/Dataset.pdf
>>
>> 2. The source of a communication
>> Identifiers of a related account, service or device from which a
>> communication has been sent or attempted to be sent by means of the
>> relevant service.
>>
>
> ok....
>
>
> Identifiers for the source of a communication may include, but are not
>> limited to:
>>
>
> It doesn't say it must include ALL of them.
> The "source of" doesn't automatically mean an IP address and/or port.
>

But in the case of SMTP it is a TCP Communication between a Client and a
Server, so in light of that I think it would be incomplete, not to log the
client IP at a bare minimum.
Not sure if your DRIP requirements provide any examples of communications
that include an IP address but do not include a port.
And, I can't tell you about my conversations with CAC, but I did start
logging port information right after I spoke with them.

This may also be of interest to you.
https://tools.ietf.org/html/rfc6302 (aka BCP: 162)



> I am not a lawyer, but when we were all thrashing out what these various
> poorly-defined terms might mean, I'm absolutely certain that in the case of
> email, the data in the typical maillog (envelope to/from and which mail
> server it was being sent from and received by) was sufficient.
>
> In any event, I'd expect that we've all defined quite clearly in our DRIP
> how we interpreted the legislation and exactly what we will be capturing.
> Our DRIPs have been either accepted or rejected, after review by the
> various departments. If you do no less than you've undertaken in your DRIP,
> surely that's "enough"?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161122/0e0d169c/attachment.html>


More information about the AusNOG mailing list