[Insipid] Eric Rescorla's Discuss on draft-ietf-insipid-logme-marking-12: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Mon, 13 August 2018 20:41 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: insipid@ietf.org
Delivered-To: insipid@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2120F131078; Mon, 13 Aug 2018 13:41:14 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Eric Rescorla <ekr@rtfm.com>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-insipid-logme-marking@ietf.org, insipid@ietf.org, gsalguei@cisco.com, insipid-chairs@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.83.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <153419287407.25053.6083538589111644157.idtracker@ietfa.amsl.com>
Date: Mon, 13 Aug 2018 13:41:14 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/insipid/RLt0HIo1PgTCTAbbXIPULLRqsx8>
Subject: [Insipid] Eric Rescorla's Discuss on draft-ietf-insipid-logme-marking-12: (with DISCUSS and COMMENT)
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.27
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2018 20:41:14 -0000

Eric Rescorla has entered the following ballot position for
draft-ietf-insipid-logme-marking-12: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-insipid-logme-marking/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Rich version of this review at:
https://mozphab-ietf.devsvcdev.mozaws.net/D7386



DETAIL
S 6.1.
>   6.1.  "Log Me" Authorization
>   
>      An end user or network administrator MUST give permission for a
>      terminal to perform "log me" marking.  The configuration of a SIP
>      intermediary to perform "log me" marking on behalf of a terminal MUST
>      be authorized by the network administrator.

This seems to contradict S 4.4.2, which describes how you get logging
even when the responding UA doesn't support it (and thus presumably
doesn't give permission). Perhaps you mean "at least one end user or
administrator...?


S 6.4.2.
>      store all the SIP messages that are exchanged within a given dialog.
>      SIP messages can contain the personal identifiers listed in
>      Section 6.4.1 and additionally a user identity, calling party number,
>      IP address, hostname, and other user and device related items.  The
>      SIP message bodies describe the kind of session being set up by the
>      identified end user and device.

This seems to have extremely negative consequences when security
descriptions is used. It seems like you need to prohibit their
combination or at least call this out.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

S 3.6.
>   
>   3.6.  Format of Logged Signaling
>   
>      The entire SIP message (SIP headers and message body) MUST be logged.
>      Logging SHOULD use common standard formats such as the SIP CLF
>      defined in [RFC6873] and Libpcap.  If SIP CLF format is used, the

Reference for libpcap?