Re: [Insipid] Review of draft-ietf-insipid-logme-reqs-11

"Arun Arunachalam (carunach)" <carunach@cisco.com> Tue, 17 January 2017 22:20 UTC

Return-Path: <carunach@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 585111294A1; Tue, 17 Jan 2017 14:20:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.721
X-Spam-Level:
X-Spam-Status: No, score=-17.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24UOBfnF51TB; Tue, 17 Jan 2017 14:20:13 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D99041294B2; Tue, 17 Jan 2017 14:20:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2269; q=dns/txt; s=iport; t=1484691612; x=1485901212; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=NXz1SM067YM//8+H32E9SULjGitpr8+AQit933bimzQ=; b=jy5blQK5g3ev9kr4M0Jv14QNUbLHbvAjkkKRdzZGqyoiWUAxwPIzcI8x aAp3YLVSb1NT0r65c7DV+PaOVkku/oPgRmPgtQTDF3WDF/RYDeLqZnmZF aiwo6Y/Je9E/Gro+QT4BFViwO5gq0scLe7nd7kPQ/rW2Y03laeRegXbaw g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AUAQC4l35Y/5pdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgzkBAQEBAR9fgQkHjVGSGIgEjSiCCx8LhS5KAoFePxgBAgEBAQE?= =?us-ascii?q?BAQFjKIRpAQEBAwEBATgtBwsFCwIBCA4KHhAhBgslAgQOBRuITQMQCA6xWYc8D?= =?us-ascii?q?YJhAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWIR4JlglCBeIMzgjEFiGeSGzgBjVq?= =?us-ascii?q?EBJBtihiIUwEfOIFEFToQAYYhc4dLgQ0BAQE?=
X-IronPort-AV: E=Sophos;i="5.33,246,1477958400"; d="scan'208";a="196216035"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jan 2017 22:20:11 +0000
Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v0HMKCCD027945 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 17 Jan 2017 22:20:12 GMT
Received: from xch-aln-015.cisco.com (173.36.7.25) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 17 Jan 2017 16:20:11 -0600
Received: from xch-aln-015.cisco.com ([173.36.7.25]) by XCH-ALN-015.cisco.com ([173.36.7.25]) with mapi id 15.00.1210.000; Tue, 17 Jan 2017 16:20:11 -0600
From: "Arun Arunachalam (carunach)" <carunach@cisco.com>
To: Dan Romascanu <dromasca@gmail.com>
Subject: Re: [Insipid] Review of draft-ietf-insipid-logme-reqs-11
Thread-Topic: [Insipid] Review of draft-ietf-insipid-logme-reqs-11
Thread-Index: AQHSbO9bbCtSiQ1pmUGC2nUSCFaAdqE9qnKA
Date: Tue, 17 Jan 2017 22:20:11 +0000
Message-ID: <8CA648A4-7DDC-4EA7-B7B4-0BF69957DA83@cisco.com>
References: <148423783701.29293.15508238136822500989.idtracker@ietfa.amsl.com>
In-Reply-To: <148423783701.29293.15508238136822500989.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.155.254.159]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <FB6A9C2B56D955479D4B6EBE13EBFA92@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/3kqkAnbLJb-sFB0YGQL4J4KjtEE>
Cc: "ops-dir@ietf.org" <ops-dir@ietf.org>, "insipid@ietf.org" <insipid@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-insipid-logme-reqs.all@ietf.org" <draft-ietf-insipid-logme-reqs.all@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 22:20:14 -0000

Hi Dan,

Thanks for taking the time to review the LogMe requirements draft and providing feedback!

We will discuss about load related attacks and recommended approaches to mitigate in LogMe solutions draft under security considerations section. 

Thanks!
Arun

> On Jan 12, 2017, at 11:17 AM, Dan Romascanu <dromasca@gmail.com> wrote:
> 
> Reviewer: Dan Romascanu
> Review result: Ready
> 
> I have reviewed this document as part of the Operational directorate's
> 
> ongoing effort to review all IETF documents being processed by the
> IESG.  These 
> comments were written with the intent of improving the operational
> aspects of the 
> IETF drafts. Comments that are not addressed in last call may be
> included in AD reviews 
> during the IESG review.  Document editors and WG chairs should treat
> these comments 
> just like any other last call comments. 
> 
>   This informational document describes requirements for adding an
> indicator to the SIP
>   protocol data unit (PDU, or a SIP message) that marks the PDU as a
>   candidate for logging.  Such marking will typically be applied as
>   part of network testing controlled by the network operator and not
>   used in regular client signaling.  However, such marking can be
>   carried end-to-end including the SIP terminals, even if a session
>   originates and terminates in different networks.
> 
> It's a short, focused and well-written document. It is interesting for
> the operators of networks that use SIP, as this indicator can be used
> to trigger testing or debugging in the networks that they operate. It
> seems that different implications on security and network behavior
> were considered, although some of them are not explicitly mentioned -
> such as the potential overload or DoS attacks in case of
> mis-configuration or malicious configuration of a big number of
> terminals in a SIP network leading to simultaneous activation of debug
> modes. It may be good to explicitly mentions these, but otherwise this
> document is READY from an OPS-DIR perspective. 
> 
> _______________________________________________
> insipid mailing list
> insipid@ietf.org
> https://www.ietf.org/mailman/listinfo/insipid