[Insipid] Review of draft-ietf-insipid-logme-marking-08

Paul Giralt <pgiralt@cisco.com> Thu, 09 November 2017 04:30 UTC

Return-Path: <pgiralt@cisco.com>
X-Original-To: insipid@ietfa.amsl.com
Delivered-To: insipid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC47C12E041 for <insipid@ietfa.amsl.com>; Wed, 8 Nov 2017 20:30:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lG-ufz2msRmU for <insipid@ietfa.amsl.com>; Wed, 8 Nov 2017 20:30:33 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C28EC12E040 for <insipid@ietf.org>; Wed, 8 Nov 2017 20:30:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7083; q=dns/txt; s=iport; t=1510201832; x=1511411432; h=from:mime-version:subject:message-id:date:cc:to; bh=jsWZdoj3ovAwrLhLWcksdlDv1V8RVx9ooC4ncrLPveE=; b=iEE8hdRTC9IuHaaKt+2ZJndQzvWxOW5yRE54wVwzVkKZsrw2uqmpVEag lFpbMIhfb7N+0h5P1Ovi1ClTPGLfdmfhLTNX/SVK1h4xazxR1j7fTAHPy ceU8taK12w1KgFIlqVq8yyVrlPCKO/7z5+CVPOGSSphvvQDJ5L82x492M M=;
X-Files: signature.asc : 833
X-IronPort-AV: E=Sophos;i="5.44,367,1505779200"; d="asc'?scan'208";a="312118516"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 09 Nov 2017 04:30:32 +0000
Received: from rtp-vpn2-447.cisco.com (rtp-vpn2-447.cisco.com [10.82.241.191]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id vA94UV7T013013 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Nov 2017 04:30:31 GMT
From: Paul Giralt <pgiralt@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_3EA575A8-7DFD-46FA-9FEE-D3CE3EB9090B"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\))
Message-Id: <DD3EE82F-ED47-4136-B1EC-295CBA96C28F@cisco.com>
Date: Wed, 8 Nov 2017 23:30:29 -0500
Cc: "Arun Arunachalam (carunach) (carunach@cisco.com)" <carunach@cisco.com>, "Dawes, Peter, Vodafone Group" <Peter.Dawes@vodafone.com>
To: insipid@ietf.org
X-Mailer: Apple Mail (2.3445.1.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/insipid/D5hPFygvlzPQR7JR582ajqwm7EA>
Subject: [Insipid] Review of draft-ietf-insipid-logme-marking-08
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2017 04:30:36 -0000

Here is my review of draft-ietf-insipid-logme-marking-08:

Section 3.6 - Does this specification require that the entire SIP message be logged? If so, it should be called out as a normative statement (SIP messages MUST be logged). If not, we should be more specific and indicate that they SHOULD be logged.

Section 3.7 - "ends with the final 200 OK of dialog1” first of all doesn’t really indicate which 200 OK it is referring to (I’m assuming 200 OK in response to BYE), but there is a good chance, especially if someone is trying to diagnose a call failure, that the dialog will terminate with a reason code other than a 200 OK. I think this should read something like “ends when the last message in the dialog is sent or received.” Subsequent sentences in this section have similar wording indicating the last message in the dialog instead of a 200 OK.

While the example shown in section 3.7 is clear, I don’t think it represents a typical example of a call transfer and the more typical case highlights a potential hole in the draft - namely, what happens when the device wishing to initiate the logging is the UAS instead of the UAC? A more typical call transfer scenario would be Alice *receiving* the call from Bob and transferring to Carol (as opposed to Alice calling Bob then transferring to Carol). If, as stipulated in the draft, Alice is the one reporting issues transferring calls and therefore is where we have enabled “log me” marking, how would this work? Section 4 clearly stipulates that “log me” marking is initiated on a dialog creating side which seems to imply that devices receiving a call cannot initiate a “log me” request. This seems like a hole to me.

Of course allowing the UAS to initiate a “log me” request has implications on the UAC that supports “log me”, but did not intend to log the call when it created the dialog. If we were to allow the UAS to insert a “log me” in response to a request that did not have a “log me” parameter, it would be desirable for the UAC to also log the dialog-initiating request. This means that a device supporting this specification must maintain a copy of any dialog-initiating request at least until the point where it can determine whether or not the receiving endpoint would like to log the call or not. This could be upon receiving the first response other than a 100 Trying. Has any thought been put into this scenario?

Section 4.2 - This first part of the section is talking specifically about intermediaries being configured to handle “log me” markings on behalf of a user agent, but then the subsections (4.2.1 and 4.2.2) revolve around handling of the marking by intermediaries independent of whether or not it’s being done on behalf of a UA. I think this should just be organized better so that 4.2.1 and 4.2.2 are peers with what’s in the 4.2 section as opposed to subsections as they seem to describe entirely different things.

Section 4.2.2.2.2 - In this scenario Proxy 1 is removing the “log me” parameter so as to not impose logging on Network B, however it would still be beneficial for Network A to log all requests and responses from Proxy 1 to Proxy 2, as these messages are still being initiated / terminated in Network A. This section indicates that Proxy 1 does not log the INVITE request F2 (and subsequent messages between Proxy 1 and Proxy 2). I feel we should at the very least indicate it is permissible and perhaps even desirable to log these messages even though the “log me” indication has been removed. Instead of "Proxy 1 does not log INVITE request F2” perhaps say “Proxy 1 MAY log INVITE request F2 even though it does not contain a “log me” marking”

Section 4.2.2.2.4 - Related to the comment above, this section does not stipulate at all which messages Proxy 1 MUST / SHOULD / MAY log. Are the messages between Proxy 1 and Proxy 2 logged by Proxy 1?


Nits:

Section 3.1 - sentence "This ability requires "log me" marker to be passed through SIP intermediaries. Session-ID header defined in ([RFC7989]) was chosen to carry the "log me" marker as a "logme" parameter since the session identifier is passed through SIP B2BUAs or other intermediaries.”

I think should read:

 "This ability requires a "log me" marker to be passed through SIP intermediaries. The Session-ID header defined in ([RFC7989]) was chosen to carry the "log me" marker as a "logme" parameter since the session identifier is passed through SIP B2BUAs or other intermediaries.”

Section 3.5 -  This is a comma splice and should be separated into two sentences or use a semicolon. For example:

   An originating or terminating user agent and SIP entities on the
   signaling path can log multiple SIP dialogs simultaneously. These
   dialogs are differentiated by their test case identifier (the local
   UUID of the Session-ID header field at the originating device).

Section 4.2 - This scenario suggests the following principles
   when a SIP intermediary is configured to initiate or handle "log me"
   marking on behalf of user agent:

Should have the word ‘a’ added before ‘user agent':

This scenario suggests the following principles
   when a SIP intermediary is configured to initiate or handle "log me"
   marking on behalf of a user agent: