[spec] Adapting the HTTP Common Logging Format for use by Gemini servers

Côme Chilliet come at chilliet.eu
Mon Dec 28 11:45:47 GMT 2020

Previous message (by thread): [tech] [spec] Adapting the HTTP Common Logging Format for use by Gemini servers
Next message (by thread): [spec] Adapting the HTTP Common Logging Format for use by Gemini servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le dimanche 27 décembre 2020, 22:48:13 CET colecmac at protonmail.com a écrit :
> > * I do not log the IP but its sha1 hash, because of privacy concerns
> 
> Doesn't this provide no security though? It's trivial to hash all IPv4
> addresses and compare them. Additionally, this doesn't provide any
> security to clients, because they can't guarantee this is in effect.

It’s not for clients, it’s for me. I’m not sure what I am legally allowed to do with IPs so I feel more confident not storing them.
I sha1 IPs the same whether they are v4 or v6. It may indeed be easy to do a dictonnary attack for v4 log entries, but I’m not sure what I can do about that.

Côme

Previous message (by thread): [tech] [spec] Adapting the HTTP Common Logging Format for use by Gemini servers
Next message (by thread): [spec] Adapting the HTTP Common Logging Format for use by Gemini servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list