[Servercert-wg] Proposal to update logging requirements
Tobias S. Josefowitz
tobij at opera.com
Wed Sep 20 14:52:19 UTC 2023
On Wed, 20 Sep 2023, Martijn Katerbarg wrote:
> The discussion we had was around the amount of log events and details
> required in accordance with the BRs. This in essence, it boiled down to
> the interpretation of the word "activities". Yes, routing a packet is a
> router activity. So, must it be logged? Depending on the interpretation
> that one may have, it may have to be logged, because it's a router
> activity, and router activities must be logged, right? In our eyes
> however, this is not a reasonable interpretation of the requirement.
Thank you! I can certainly agree that, without any context, a hypothetical
requirement "Record all firewall and router activities." will easily lead
to nonsensical results depending on the definition/interpretation of
activities. I can also agree that, even with the context of 5.4.1, it may
not necesarily be very clear what the interpretation should be.
I was just hoping that getting a brief insight into the point of
discussion that you had come up might be helpful in delineating more where
the line should be, and then how to express it in 5.4.1.
The changes in
however look like they are falling a bit short. There are many more types
of "activities" that I would think should be encompassed by 5.4.1, too
many to give a list. But to single one out just to illustrate my point, I
think that logins to the router's/firewall's management interface are a
kind of "activity" that would be very useful to have covered by 5.4.1.
If you could provide any insight into how differing interpretations are
clashing in practice, it would help me a lot, and I would really
More information about the Servercert-wg