An observation about client certificates

[Sean Conner]

It was thus said that the Great Dave Huseby once stated:
> On Mon, May 11, 2020, at 2:21 AM, Sean Conner wrote:
> > > We should talk about logging formats some time.  Molly Brown keeps logs
> > > too (I keep meaning to make a nice graph showing the wave of traffice
> > > that came in after we hit HN), in an ad-hoc format that doesn't match
> > > yours below at all (unsurprisingly).  Having a standard format would
> > > facilitate tools to monitor/visualise logs.
> > 
> >   I log via syslog(), which handles the timestamps for me (and log rotation,
> > and a whole bunch of other stuff related to logging).  I place the name of
> > the fields to make later processing a bit easier, but as far as I can tell,
> > the only thing I log that you don't is the issuer and subject from any
> > certificates presented, and that was to satisfy my own curiousity (and to
> > potentially troubleshoot any issues).
> 
> I think by default, any logging we do should be at a bare minimum and not
> contain the IP address of the client or any other data that would link the
> log line to them. I added logging to my hacked up version of Pollux but it
> only logs which page was loaded and when. My purpose was to track basic
> traffic and any errors that occur and nothing else.

  One misbehaving client on an IP address can present a headache by repeated
making requests and (especially if it's behind a larger pipe than yours)
sawmp the server.  By recording the IP address, it can be identified and
blocked.

  Or a mishevaving client always makes the same request to a non-existant
resource.  I had this happen on my gopher server---some web bot kept trying
to fetch the main index.html page.  Very annoying.  Again, easy to block if
you have the IP.

  -spc (Oooh, that reminds me, I have a bug to patch in GLV-1.12556 ... )