[Servercert-wg] Proposal to update logging requirements
Tobias S. Josefowitz
tobij at opera.com
Thu Sep 14 14:56:54 UTC 2023
On Wed, 13 Sep 2023, Martijn Katerbarg via Servercert-wg wrote:
> During our last WebTrust audit cycle it became clear that our
> interpretation of "Firewall and router activities" and CPA Canada's
> interpretation were meaningfully different. In particular it came to
> light that in its most aggressive possible interpretation, the actual
> logging of a firewall activity would itself constitute a firewall
> activity, which would itself require logging, as would the log of the
> log entry of that log entry, the log of this newest log entry, and
> etcetera into infinity. In our opinion, too much "valid traffic"
> logging, makes it harder to find "bad traffic".
That does sound intriguing. Would it be possible for you to go into a
little more detail about what the actual point of contention was? I am
assuming it was not actually the infinite layers of log events, but either
way I would appreciate if you could share a bit more details.
More information about the Servercert-wg