Re: [DMM] Mirja Kühlewind's Discuss on draft-ietf-dmm-4283mnids-04: (with DISCUSS)

[Mirja Kühlewind <ietf@kuehlewind.net>]

Hi Charlie,

can you please also answer the question below on SHOULD vs. MUST? Thanks!

Also, does it maybe make sense to then add something in the security section 
that information should/must not be leaked to other networks?

Thanks!
Mirja


On 13.02.2017 22:06, Charlie Perkins wrote:
> Hello Mirja and Suresh,
>
> I am happy to make the proposed changes as agreed below.
>
> Regards,
> Charlie P.
>
>
> On 2/11/2017 1:00 AM, Mirja Kuehlewind (IETF) wrote:
>> Hi Suresh,
>>
>> sounds all good! I’m happy to quickly resolve my discuss if the authors agree!
>>
>> Mirja
>>
>>
>>> Am 11.02.2017 um 05:05 schrieb Suresh Krishnan <suresh.krishnan@ericsson.com>:
>>>
>>> HI Mirja,
>>>
>>>> On Feb 10, 2017, at 12:08 PM, Mirja Kuehlewind <ietf@kuehlewind.net> wrote:
>>>>
>>>> Mirja Kühlewind has entered the following ballot position for
>>>> draft-ietf-dmm-4283mnids-04: Discuss
>>>>
>>>> When responding, please keep the subject line intact and reply to all
>>>> email addresses included in the To and CC lines. (Feel free to cut this
>>>> introductory paragraph, however.)
>>>>
>>>>
>>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>>> for more information about IESG DISCUSS and COMMENT positions.
>>>>
>>>>
>>>> The document, along with other ballot positions, can be found here:
>>>> https://datatracker.ietf.org/doc/draft-ietf-dmm-4283mnids/
>>>>
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>> DISCUSS:
>>>> ----------------------------------------------------------------------
>>>>
>>>> I would realy like to see the following changes in the security
>>>> considerations section:
>>>> OLD
>>>> "If used in the MNID extension as defined in this
>>>>   document, the packet including the MNID extension should be
>>>> encrypted
>>>>   so that personal information or trackable identifiers would not be
>>>>   inadvertently disclosed to passive observers."
>>>> NEW
>>>> "If used in the MNID extension as defined in this
>>>>   document, the packet including the MNID extension SHOULD be
>>>> encrypted
>>>>   so that personal information or trackable identifiers would not be
>>>>   inadvertently disclosed to passive observers.”
>>> Is this just for changing the "should" to upper case? I think that makes sense.
>>>
>>>> Or even better make it a MUST? Is there a reason for only having a
>>>> SHOULD?
>>> Authors, any specific reason for this to be a SHOULD?
>>>
>>>> as well as the following change:
>>>> OLD
>>>> "Moreover, MNIDs containing sensitive identifiers might only be used
>>>>   for signaling during initial network entry. "
>>>> NEW
>>>> "Moreover, MNIDs containing sensitive identifiers MUST only be used
>>>>   for signaling during initial network entry and MUST NOT be leaked to
>>>>   other networks.”
>>> The statement in OLD: is just a statement of fact that in some networks use temporary identifiers for reattachment and they use long term (and hence sensitive) identifiers only at initial attach. I don’t think it makes sense to change this to 2119 language.
>>>
>>> Thanks
>>> Suresh
>>>
>>
>