Re: [Insipid] Pre-WGLC INSIPID Session-ID Review Comments
Christer Holmberg <christer.holmberg@ericsson.com> Mon, 15 September 2014 06:02 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: insipid@ietfa.amsl.com
Delivered-To: insipid@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23F621A0663 for <insipid@ietfa.amsl.com>; Sun, 14 Sep 2014 23:02:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BNMt9N4WV_B7 for <insipid@ietfa.amsl.com>; Sun, 14 Sep 2014 23:02:44 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC3781A0666 for <insipid@ietf.org>; Sun, 14 Sep 2014 23:02:43 -0700 (PDT)
X-AuditID: c1b4fb25-f791c6d00000617b-df-54168101fbfe
Received: from ESESSHC022.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 88.0B.24955.10186145; Mon, 15 Sep 2014 08:02:41 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.136]) by ESESSHC022.ericsson.se ([153.88.183.84]) with mapi id 14.03.0174.001; Mon, 15 Sep 2014 08:02:40 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Paul E. Jones" <paulej@packetizer.com>, "Adam Gensler (agensler)" <agensler@cisco.com>
Thread-Topic: [Insipid] Pre-WGLC INSIPID Session-ID Review Comments
Thread-Index: AQHPrCDhKQ90DAn8HkiQQ2+H7MoUs5vCdgmAgAMCVACAK5ScIIAAwu+AgAC44oCAC4l3AIAAJIwQ///lG4CAACRtwP//4XiAgAD7ikKAAiR4gIAAux6g
Date: Mon, 15 Sep 2014 06:02:41 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D44AEB9@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D44A063@ESESSMB209.ericsson.se> <em4dc6ecde-c41e-4de3-ac46-272aa003bc52@sydney>
In-Reply-To: <em4dc6ecde-c41e-4de3-ac46-272aa003bc52@sydney>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.150]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGLMWRmVeSWpSXmKPExsUyM+JvjS5jo1iIwa0GC4ul3++wWcy//4zJ 4vyFDUwOzB5Tfm9k9Viy5CeTR8O+o+wBzFFcNimpOZllqUX6dglcGdtu9TAVHBCoOLRuDksD Y4dAFyMnh4SAicSlV+tZIGwxiQv31rN1MXJxCAkcZZSY/eEwM4SzhFHizv+fTF2MHBxsAhYS 3f+0QRpEBGIlpt9+wgpiMwtoSqxYfJsdxBYWcJKY+3U2C0SNs8SCP9NYQOaICDQxSrxsvArW wCKgKnF88WMwm1fAV+LJr1YwW0igXqLr9iU2EJtTwEaiacdxJhCbEei676fWMEEsE5e49WQ+ E8TVAhJL9pxnhrBFJV4+/scKYStJrNh+iRHkZpDj1u/Sh2hVlJjS/ZAdYq2gxMmZT1gmMIrN QjJ1FkLHLCQds5B0LGBkWcUoWpxanJSbbmSsl1qUmVxcnJ+nl5dasokRGFEHt/xW3cF4+Y3j IUYBDkYlHt6Eu8IhQqyJZcWVuYcYpTlYlMR5F56bFywkkJ5YkpqdmlqQWhRfVJqTWnyIkYmD U6qBsfXtzJAg04031/9XnP/v/6QVX65k3zC0v5XgKu7888hrtjX/r9s3MCUnKTpt3a6i/+Pu DcEZSQWn9Yol127qTL4bred4/bpqVoSSwM2Qe6JZSe1zt1aZyRuKnCvrm9TTt497394bD05e klqY5dbrMOd+mHVoW35a7bwTjHFxQh6vpQ+pWfmvVWIpzkg01GIuKk4EAOcFHj6JAgAA
Archived-At: http://mailarchive.ietf.org/arch/msg/insipid/7_0Cb0512Oo0VW0QIkNR0IgSv_k
Cc: "insipid@ietf.org" <insipid@ietf.org>
Subject: Re: [Insipid] Pre-WGLC INSIPID Session-ID Review Comments
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2014 06:02:47 -0000
Hi Paul, If you want to keep the "MUST NOT" there, I am ok with that :) Regards, Christer -----Original Message----- From: Paul E. Jones [mailto:paulej@packetizer.com] Sent: 14 September 2014 23:52 To: Christer Holmberg; Adam Gensler (agensler) Cc: insipid@ietf.org Subject: Re: [Insipid] Pre-WGLC INSIPID Session-ID Review Comments Christer, >I would use different wording. Something like: > >"The call-id often reveal personal, device, domain or other sensitive >information associated with an end-user, which is why intermediaries, >such as proxies and session border controllers alter the call-id. In >order to ensure the integrity of the end-to-end session identifier, it >is constructed in a way which does not reveal such information, >removing the need for intermediaries to alter it (except as described >in this section)." This is OK, though it removes the "MUST NOT" in the paragraph that I think is important. How about this slight variation? "The Call-ID often reveal personal, device, domain or other sensitive information associated with a user, which is why intermediaries, such as proxies and session border controllers, sometimes alter the Call-ID. In order to ensure the integrity of the end-to-end Session Identifier, it is constructed in a way which does not reveal such information, removing the need for intermediaries to alter it. As such, intermediaries MUST NOT alter the UUID values found in the Session-ID header, except as described in this section." Paul
- [Insipid] Pre-WGLC INSIPID Session-ID Review Comm… Adam Gensler (agensler)
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Gonzalo Salgueiro (gsalguei)
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … R.Jesske
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Adam Gensler (agensler)
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … James Polk
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Paul E. Jones
- Re: [Insipid] Pre-WGLC INSIPID Session-ID Review … Christer Holmberg