Re: [Insipid] WG Last Call: draft-ietf-insipid-logme-reqs

"Arun Arunachalam (carunach)" <carunach@cisco.com> Thu, 29 September 2016 18:13 UTC

Return-Path: <carunach@cisco.com>
X-Original-To: insipid@ietfa.amsl.com
Delivered-To: insipid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D70B12B1FC for <insipid@ietfa.amsl.com>; Thu, 29 Sep 2016 11:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.836
X-Spam-Level:
X-Spam-Status: No, score=-16.836 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id neLUe_OMe_ET for <insipid@ietfa.amsl.com>; Thu, 29 Sep 2016 11:13:19 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B83A812B1A1 for <insipid@ietf.org>; Thu, 29 Sep 2016 11:13:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=23394; q=dns/txt; s=iport; t=1475172798; x=1476382398; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=94GBTFK88dl0kRQA118J0UWghkyYW70LoTwoDkgbaKY=; b=mgqyB9BJ5s8MeMBcP5Q7rYJ3LsO6lVuyQ6/q+dAqiXyvdR58BIc4x4Ir LDEqSvHpRotohN5CjZA+SRWhIkGrrXRAvw3aCorKlm14B58/TNbHXnbtC 4iignUfwfTFCa4tJM0Hbf47FL29jrLUtUDvY6iNNYy8sab6Y3wGQrLBwV g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D5AQBMWe1X/4kNJK1RDBoBAQEBAgEBA?= =?us-ascii?q?QEIAQEBAYMJNgEBAQEBHldtDweNK6YNhRKCBiSFegIcgUs4FAECAQEBAQEBAV4?= =?us-ascii?q?nhGIBAQQdBlYQAgEIPwMCAgIwFBECBAoEBRmINA6uR4xqAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBFwWINIJYhBEBHAaDFCuCLwWONYVqhVgBhiaJSYFuhGaJGocKhWK?= =?us-ascii?q?DfAEeNoMdHIFQcoZGgQABAQE?=
X-IronPort-AV: E=Sophos;i="5.31,268,1473120000"; d="scan'208,217";a="156694913"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 29 Sep 2016 18:13:17 +0000
Received: from XCH-RCD-014.cisco.com (xch-rcd-014.cisco.com [173.37.102.24]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id u8TIDHqL016460 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 29 Sep 2016 18:13:17 GMT
Received: from xch-aln-015.cisco.com (173.36.7.25) by XCH-RCD-014.cisco.com (173.37.102.24) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 29 Sep 2016 13:13:16 -0500
Received: from xch-aln-015.cisco.com ([173.36.7.25]) by XCH-ALN-015.cisco.com ([173.36.7.25]) with mapi id 15.00.1210.000; Thu, 29 Sep 2016 13:13:16 -0500
From: "Arun Arunachalam (carunach)" <carunach@cisco.com>
To: "Paul Giralt (pgiralt)" <pgiralt@cisco.com>
Thread-Topic: [Insipid] WG Last Call: draft-ietf-insipid-logme-reqs
Thread-Index: AQHSGmo7kO+NAsnrMkyJwBUIwYUrX6CRGUkA
Date: Thu, 29 Sep 2016 18:13:16 +0000
Message-ID: <6EE9E419-BCE8-4E5A-B0F1-2E0AE53C8BF0@cisco.com>
References: <4C52DDE4-07CF-4F5F-8DB7-8CEB51119A6A@cisco.com> <7FA11A21-D8BC-4829-B6D5-EE2B44200D8E@cisco.com> <984E4584-C850-4198-8F78-1839A027C36A@cisco.com> <79D6B8EF-4C53-40B1-A7B9-C8C8479E153B@cisco.com> <38281C26-6FDD-4755-AFBB-F6AC93D2EC48@cisco.com> <F5241F4A-B1FE-41D9-BD20-6C31B67B80A5@cisco.com>
In-Reply-To: <F5241F4A-B1FE-41D9-BD20-6C31B67B80A5@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.150.52.55]
Content-Type: multipart/alternative; boundary="_000_6EE9E419BCE84E5AB0F12E0AE53C8BF0ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/insipid/MFGUo0kW_2Dc8qTio4jHxYXhics>
Cc: "Arun Arunachalam \(carunach\)" <carunach@cisco.com>, "ben@nostrum.com" <ben@nostrum.com>, "Dawes, Peter, Vodafone Group" <Peter.Dawes@vodafone.com>, "insipid@ietf.org" <insipid@ietf.org>, "Gonzalo Salgueiro \(gsalguei\)" <gsalguei@cisco.com>
Subject: Re: [Insipid] WG Last Call: draft-ietf-insipid-logme-reqs
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 18:13:21 -0000

Thanks Paul !

(1) Agree, let’s have a random test id given REQ 4 of RFC 7206<https://tools.ietf.org/html/rfc7206#section-5>-5>.

(2) We can update REQ 6 as shown below to incorporate your comment:

 REQ6: A SIP intermediary MAY insert a "log me" marker into requests and
      responses.  The typical case for which a intermediary needs to insert a
      "log me" marker is for compatibility with UAs that have not
      implemented "logme" marking, i.e. when a UA has not marked a
      request or when responses received on a dialog of interest for
      logging do not contain an echoed "log me" marker.  Another use
      case is when the session origination UA that inserted log me marker
      is no longer participating in the session (e.g: call transfer scenarios)
      and the intermediary adds "log me" marker in related sessions to enable
      end-to-end signaling analysis. In these cases, the entity that inserts a
      "log me" marker is stateful inasmuch as it must remember when a dialog is
      of interest for logging.  An entity that inserts a "log me" marker
      SHOULD also log the SIP request or response as per REQ4.


Arun




On Sep 29, 2016, at 11:57 AM, Paul Giralt (pgiralt) <pgiralt@cisco.com<mailto:pgiralt@cisco.com>> wrote:

Hi Arun,

Sorry for not replying earlier. Inline…


On Sep 22, 2016, at 10:13 AM, Arun Arunachalam (carunach) <carunach@cisco.com<mailto:carunach@cisco.com>> wrote:

Hi Paul,

Please see inline.

On Sep 14, 2016, at 7:30 PM, Paul Giralt (pgiralt) <pgiralt@cisco.com<mailto:pgiralt@cisco.com>> wrote:

Thanks Arun. See below…

On Sep 14, 2016, at 6:36 PM, Arun Arunachalam (carunach) <carunach@cisco.com<mailto:carunach@cisco.com>> wrote:

REQ8: Should update to latest session-id draft. Also, I have some concerns about using Session-ID as the test case identifier. The Session-ID can change (in fact will change for every session because the initial INVITE will have a null remote UUID).

How about using the local UUID of the Session-ID generated by the originating UA / proxy as a test identifier (if the admin wants the system to auto-generate a test ID)?


I think using just the local UUID makes more sense because this will be consistent throughout the life of the session as long as the originating endpoint is still in the call. It’s possible that some B2BUA could remove the originator from the session (e.g. call gets transferred) but at that point, the device that requested the session be logged is no longer in an active session anyway.

That said, what if the admin doesn’t want the system to auto-generate a test ID? Where would that go? The local UUID must be in a very specific format to comply with drafy-ietf-insipid-session-id, so you can’t put any arbitrary text in for the local UUID. I think either you need to stipulate that the test ID will always be automatically generated or find some other place to put it.

I think there is value in giving the admin the ability to specify their own identifier.

One option would be to have a user defined test identifier as shown below:

   test-identifier = (alphanum / "_") *(alphanum "_")

If the user defined test identifier is not present, the log analysis server would use the local UUID of the originator’s Session-ID as the test identifier.



I like this in concept. The concern I have is whether it meets the privacy requirements stipulated for additional parameters in the Session-ID header. If someone puts a value of the person’s name or perhaps a ticket number, that could be considered personally identifiable information which is not allowed to be present in the Session-ID header. I’m not sure how we’d reconcile these requirements. We may have to just live with the test ID being something random.



Also, should intermediaries be required to or at least allowed to continue indicating log me markings on other messages related to the session even if the originating device is no longer participating in the session?

This will be useful to perform an end-to-end call flow analysis.

The good thing about originator based log me marking is the “ability / control” to disable logging simply by disconnecting the call at the originator (the device requesting to enable logging).

This control no longer exists if we allow the intermediaries to continue marking even after the originator is no longer in the session.

I guess this could be left up to the implementation of the intermediary. It is free to add a logme marker to whatever it wants to, so even if the originator drops off, there is no reason why it can’t add the identifier to related sessions. This is probably something worth mentioning in the draft, but might not be necessary in the requirements doc.

-Paul