Re: [Insipid] WG Review: INtermediary-safe SIP session ID (insipid)

["DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>]

This seems to be more a comment on the existing charter rather than the additional new bits.

In that respect, comments against that might be better made against the requirements document that is with IESG at the moment.

https://datatracker.ietf.org/doc/draft-ietf-insipid-session-id-reqts/ 

In regard to the extended charter, my understanding at least is that it adds nothing to the correlation aspects. What gets added is an extra indicator that goes with the session-id as defined, and indicates the the network entities involved that they should create a log of the information contained in all messages with this session i-d.

How those logs are collected together and analysed does not form part of the charter. It is certainly not expected that those logs would be available to an end user or indeed to another operator, as part of any work performed under this charter. That does not preclude the indicator being passed between operators or to the end user, rather than removed, but I am not sure I see a privacy concern with that.

Regards

Keith



> -----Original Message-----
> From: insipid-bounces@ietf.org [mailto:insipid-bounces@ietf.org] On Behalf
> Of SM
> Sent: 29 September 2013 15:15
> To: Gonzalo Camarillo
> Cc: insipid@ietf.org
> Subject: Re: [Insipid] WG Review: INtermediary-safe SIP session ID
> (insipid)
> 
> Hi Gonzalo,
> 
> Thanks for bringing this up.
> 
> At 06:18 29-09-2013, Gonzalo Camarillo wrote:
> >note that as a result of this rechartering, the milestones will be the
> >following:
> >
> >Dec 2012 Requirements and use cases for new identifier sent to IESG
> >(as informational)
> >
> >Feb 2013 Specification of the new identifier sent to the IESG (PS)
> 
> The above milestones are in the past.  I suggest updating the dates
> if the work items are still due or removing them is they have already
> been delivered.
> 
> >On 27/09/2013 7:08 PM, The IESG wrote:
> > > This group will focus on two documents:
> 
> The proposed charter discusses about two documents whereas there are
> four milestones.
> 
> > > The first document will specify a SIP identifier that has the same aim
> > > as the From-tag, To-tag and Call-ID conjunction, but is less likely to
> > > be mangled by intermediaries.  In doing this work, the group will pay
> > > attention to the privacy implications of a "session ID", for example
> > > considering the possibility to make it intractable for nodes to
> > > correlate "session IDs" generated by the same user for different
> > > sessions.
> 
> It is not clear whether the working group would have to pay attention
> to privacy implications for the last two work items.  Does the
> privacy implications cover the work items, wherever it is relevant,
> or examples of "session ID" only?
> 
> Is the privacy implications only about correlation?  I am asking the
> question as correlation is only one of the privacy-specific threats
> identified by the IAB?
> 
> Regards,
> -sm
> 
> _______________________________________________
> insipid mailing list
> insipid@ietf.org
> https://www.ietf.org/mailman/listinfo/insipid