[Insipid] Alexey Melnikov's No Objection on draft-ietf-insipid-logme-marking-12: (with COMMENT)
"Dawes, Peter, Vodafone Group" <Peter.Dawes@vodafone.com> Mon, 10 September 2018 07:53 UTC
Return-Path: <Peter.Dawes@vodafone.com>
X-Original-To: insipid@ietfa.amsl.com
Delivered-To: insipid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10A8D130E2E; Mon, 10 Sep 2018 00:53:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jtTPb4ehaJqa; Mon, 10 Sep 2018 00:53:07 -0700 (PDT)
Received: from mail1.bemta26.messagelabs.com (mail1.bemta26.messagelabs.com [85.158.142.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 749A212008A; Mon, 10 Sep 2018 00:53:06 -0700 (PDT)
Received: from [85.158.142.103] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-4.bemta.az-a.eu-central-1.aws.symcld.net id C5/7C-29321-0E2269B5; Mon, 10 Sep 2018 07:53:04 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTW0zTYBTH97VdV5Fq3SAcCXiZUROxFTTo1Af 1Da9RX5aAUYpUNhwdbCXi5UHURJ3RII6JRAGVi6J4R5mXYAZqNIoXHgYmiiAqDhWJxLvElW+i vjS/7/z/5/TfL6cMqf9CRzNSniI5ZNFmpMOoaQttpXy70ZMS/6EvztTQ6yNM+S88OtMR9zJT8 c/9pKmz8ythKmt/Tcynk9w/zmuTvPdu0kkVFd+I5WSy1iqn2fNStZa6hgCRXZCZ1/zAS29FdW tcKIzRc1cQtNW2EfjQiMD/9LB2SNnR+YPGh8dBm7+acqFhwYObgBYXi4UOBPW39pEuxDA0Nw+ Kr69SPRFcItxo6aFUD8n1IijtcmlVwcBlwq6zpwlsssOnq3tDLEBffx1SmeImQsH9r6TKLJcK Ow+dGmTExUJ/PmaSi4Jt/ScHZwLHQcX1hyTmSHj7ckCL/clwoM9P4Po4+FSym8YcC0/K9iA1H HA3ddDVf1iHBR4+FhWFBi2F0oFfWmy6i6DFuw9hYSpUX/CE2A6nao6HUiyG3WXbQzwGavZ2UL i5mYR631NCvSLgYuB47Qpc30XDZf8lqgAJJf98EWYZXnX/QiWDNzAK7h7qonBdgNYiN405Dqq O9pCYeSge8FH/1suRrgaZ0hzWDIuSJVptfEJ8PJ+QMIOfzifOEsRNvChIufxaSVYcYlAUxA1O wbkxa60tXZAl5QIKLl56DjG7Hp2rzPCh0QxhjGRhvCdFPyLNnr7RIjotaxy5NsnpQzEMYwR2c nBB9aMcUoaUt85qC27vHxmYcGMEe1VtZZ3ZYpbTmoGle2g20/TcXUgyjwafP3uLCkk9JdtlKT qKfaM2cGqDJVceGvfnf3iCYqMNLNJoNPrwbMmRZVX+1wMoikFGAztLTRVulZWhtwaCgYhgoDM P3WogRfwrRW9FM6/0BJomKNd0nsS+qEXdNTfm5/jHjI1d0LbaYFBMXFXm6s0aj2PO+BMRU8zf Nevbk5qEg4WytdEcUY3MC4qh4Zn52dyVrxbfyt8y1lJWeaZy4rH3SxqXbW8N5HRLVXeGT9oP3 rDWxObyi9MKkt9+jvHeoTxNqXHmkfZ3t2NaZc5IOS1iwhTS4RR/A7RFxO8KBAAA
X-Env-Sender: Peter.Dawes@vodafone.com
X-Msg-Ref: server-9.tower-228.messagelabs.com!1536565982!215352!4
X-Originating-IP: [47.73.108.158]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received:
X-StarScan-Version: 9.14.24; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 9041 invoked from network); 10 Sep 2018 07:53:03 -0000
Received: from vgdpm16vr.vodafone.com (HELO voxe01hw.internal.vodafone.com) (47.73.108.158) by server-9.tower-228.messagelabs.com with AES256-SHA256 encrypted SMTP; 10 Sep 2018 07:53:03 -0000
Received: from VOEXH10W.internal.vodafone.com (47.73.211.214) by edge1.vodafone.com (195.232.244.46) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 10 Sep 2018 09:53:02 +0200
Received: from voxe03hw.internal.vodafone.com (195.232.244.48) by VOEXH10W.internal.vodafone.com (47.73.211.208) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 10 Sep 2018 09:53:02 +0200
Received: from VOEXH10W.internal.vodafone.com (47.73.211.214) by edge1.vodafone.com (195.232.244.48) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 10 Sep 2018 09:53:01 +0200
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (172.17.213.45) by VOEXH10W.internal.vodafone.com (47.73.211.214) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 10 Sep 2018 09:52:59 +0200
Received: from AM5PR0501MB2465.eurprd05.prod.outlook.com (10.169.150.10) by AM5PR0501MB2595.eurprd05.prod.outlook.com (10.169.152.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1122.16; Mon, 10 Sep 2018 07:52:59 +0000
Received: from AM5PR0501MB2465.eurprd05.prod.outlook.com ([fe80::cd89:7dc:63de:8cc3]) by AM5PR0501MB2465.eurprd05.prod.outlook.com ([fe80::cd89:7dc:63de:8cc3%7]) with mapi id 15.20.1122.019; Mon, 10 Sep 2018 07:52:59 +0000
From: "Dawes, Peter, Vodafone Group" <Peter.Dawes@vodafone.com>
To: "aamelnikov@fastmail.fm" <aamelnikov@fastmail.fm>
CC: "insipid-chairs@ietf.org" <insipid-chairs@ietf.org>, "gsalguei@cisco.com" <gsalguei@cisco.com>, "insipid@ietf.org" <insipid@ietf.org>, The IESG <iesg@ietf.org>, "Arun Arunachalam (carunach) (carunach@cisco.com)" <carunach@cisco.com>
Thread-Topic: [Insipid] Alexey Melnikov's No Objection on draft-ietf-insipid-logme-marking-12: (with COMMENT)
Thread-Index: AQHUSNoHYnv+bqxBBUiAkGDSWGteZw==
Date: Mon, 10 Sep 2018 07:52:59 +0000
Message-ID: <AM5PR0501MB24657E50B061B2B41EDA25EB97050@AM5PR0501MB2465.eurprd05.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [47.73.248.57]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM5PR0501MB2595; 6:ZHfOLmZXAesZ98CQASYhp2vXtwzmtH9gtAiGnnlM8J5D0iR6LVok8H7GpYi2UUJxW5Z6+4pLlKYrJwQ2VBvVxmEms/dG4zDGX9qkRvT8r69ySb4EmunYnzUHMjJUABffRvqTcttSn9RazjJhk+79n1xOYXqxtKb4J538YLJjn0ElqUTTzqIDrGfLwntAAxU9Esd2Nhv3QVVPeJM0+TTVpjuaa6gqMSCgmBdnxAEs3dZqmCs03zIpcOBMuzXFqu4sMjMH5Pm4pHcoSt+V1YQTad4Fh7QU0mTWZmckFwtxQdOLJEDjkM4V5oF7OQb23A8M96O734TEPfPnS4jku1tAKzaWKr3+PgVnSF1HWkoB8bcBEcVBLzU2w0fjZd7flkvKygOzsGmI7J1oFBS72N/fwhzAb9mzA2B1OzrCCRrt/Hd9BoxksRK2Ojx0Mt6z32pGfkmAhgUt6frqjcoHuQNgFA==; 5:lMJWHPAlWfa/trYuEqNsU19p0E/5i8Xh+aOv93tAJ4CwZFrsx2JHK5sAM6Xb3+6qqXLcnimy0bQcnYdCH4rA/IUsoWMK1NV/jZ0ach3x1WXMbzvrVXmHCx2dsPVKWQWqZd/8ljL7ZNCdwhpoPVpAARWL1+9G8vWkPFmmVybJKR8=; 7:UDou97a+BRm8+2vYaBmfv31q+X0LZMZY1AItrddgG01ypB5gREGIYXuDw29vzP8buxumGx0jnqB4qVD5eXTxKslNLik+vHLf5kYl9DEzXkkUDFMrz88hvvQCLiE2ZxgsjnUJj2Tm9unHSbjZ7uRoJh7aBwflFU6TlqOfXW4vmQZ7eoAl+l2ixNlYv/at+W1GbA0XSpspIoq7GlrfBsBKeyGta3I3//JcdYDh517pH0yHaJjnEcG7Vj9mgGk+UpoM
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 0dab2fc2-5660-4052-5a24-08d616f26d5a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:AM5PR0501MB2595;
x-ms-traffictypediagnostic: AM5PR0501MB2595:
x-microsoft-antispam-prvs: <AM5PR0501MB2595485CEBA89E15D110CE1497050@AM5PR0501MB2595.eurprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(95692535739014);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231311)(11241501184)(806099)(944501410)(52105095)(10201501046)(3002001)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201708071742011)(7699050); SRVR:AM5PR0501MB2595; BCL:0; PCL:0; RULEID:; SRVR:AM5PR0501MB2595;
x-forefront-prvs: 07915F544A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(366004)(39860400002)(376002)(136003)(199004)(189003)(486006)(4743002)(1857600001)(256004)(5660300001)(81166006)(476003)(2501003)(14444005)(1730700003)(478600001)(53336002)(81156014)(2900100001)(6916009)(6306002)(5640700003)(9686003)(54896002)(53936002)(6606003)(966005)(4326008)(55016002)(86362001)(97736004)(72206003)(7696005)(8676002)(99286004)(2906002)(316002)(68736007)(66066001)(105586002)(106356001)(6506007)(7736002)(6436002)(14454004)(2351001)(102836004)(54906003)(8936002)(186003)(3846002)(6116002)(25786009)(5250100002)(33656002)(26005)(74316002)(19627405001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5PR0501MB2595; H:AM5PR0501MB2465.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: vodafone.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: weKd1W9O/3aunEGGWG29vWItnO1RW/HNVNeo/zoDOfmt3KywC1D0cdd3J99phVson/XeVF3asTGprZ/6oYqVj9dxwBl92X9zOiscwmG3hdgYtYIlaQ6rq+GzJI+9M0XCPo2qkdoZRzUV0yu39WEVswS3Om7VswaKSG+tf2ZELIks3ogqdyA7mi+9+KLsc3uFoNsrDlZchH01RFJWtYCvIrjZpV6RtlgCozv/dG9yOAp0TW5ohu4BLHTxMqI8P2HqwvTelBD0wMEO8S5VoU6UQfCi6j7Qu8ucVUMphaWs6wJJC5nkipxqJdJ9Z4utL5wz8qaB414QrYYxYqCU9KBX/n3ScDRMjV5Q4RIqOJsHLeNKVQxYYBB3w5SR+/LQiMJ2RbbiW8B6o3kwFbVLqTfB9g==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
x-ms-exchange-crosstenant-network-message-id: 0dab2fc2-5660-4052-5a24-08d616f26d5a
x-ms-exchange-crosstenant-originalarrivaltime: 10 Sep 2018 07:52:59.1347 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 68283f3b-8487-4c86-adb3-a5228f18b893
x-ms-exchange-transport-crosstenantheadersstamped: AM5PR0501MB2595
Content-Type: multipart/alternative; boundary="_000_AM5PR0501MB24657E50B061B2B41EDA25EB97050AM5PR0501MB2465_"
MIME-Version: 1.0
X-OriginatorOrg: vodafone.com
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/insipid/HMo4yV99ZxaJcjdTAqnfteGCLSQ>
Subject: [Insipid] Alexey Melnikov's No Objection on draft-ietf-insipid-logme-marking-12: (with COMMENT)
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Sep 2018 07:53:10 -0000
Hello Alexej, Thanks a lot for reviewing the draft, please find responses and proposed resolutions inline below. Best regards, Peter and Arun >From: Alexey Melnikov <aamelnikov@fastmail.fm> >Sent: 16 August 2018 14:34 >To: The IESG >Cc: draft-ietf-insipid-logme-marking@ietf.org; insipid-chairs@ietf.org; >gsalguei@cisco.com; insipid@ietf.org >Subject: Alexey Melnikov's No Objection on draft-ietf-insipid-logme- >marking-12: (with COMMENT) > >Alexey Melnikov has entered the following ballot position for >draft-ietf-insipid-logme-marking-12: No Objection > >When responding, please keep the subject line intact and reply to all email addresses included in the To >and CC lines. (Feel free to cut this introductory paragraph, however.) > > >Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >for more information about IESG DISCUSS and COMMENT positions. > > >The document, along with other ballot positions, can be found here: >https://datatracker.ietf.org/doc/draft-ietf-insipid-logme-marking/ > > > >---------------------------------------------------------------------- >COMMENT: >---------------------------------------------------------------------- > >Similar to Benjamin, I am uneasy about this document and dual use of this mechanism. I think the advice >it gives for an attacker is to inject the "log me" attribute at the beginning of a session that is of interest, >closer to the originator ;-). We have tried to prevent misuse for example by including the protocol safeguards described in 4.1 Scope of Marking, the need for authorization in 7.1, and the user control described in 8.6. If an attacker injects marking, this should be removed by the network, or ignored by non-supporting entities. Also the user will see that troubleshooting/testing is happening. > >Also one small nit: > >In Section 1: > > This document defines a new header field parameter "logme" for the > "Session-ID" header field [RFC7989]. Implementations of this > document MUST implement session identity. > >Is "session identity" defined in RFC 7989? RFC 7989 doesn't use the term "session identity" anywhere. If >you mean that in order to support this extension one needs to implement support for the Session-ID >header field I suggest you rephrase the 2nd sentence to say something like this: > > Implementations of this document MUST implement [RFC7989]. > Revised the final paragraph Section 1 Introduction as follows as per the comment. This document defines a new header field parameter "logme" for the "Session-ID" header field [RFC7989]. Implementations of this document MUST implement [RFC7989]. >
- [Insipid] Alexey Melnikov's No Objection on draft… Dawes, Peter, Vodafone Group