IETF Logo Mail Archive

Re: [Insipid] Review of draft-ietf-insipid-logme-reqs-02

"Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com> Thu, 18 June 2015 15:12 UTC

Return-Path: <gsalguei@cisco.com>
X-Original-To: insipid@ietfa.amsl.com
Delivered-To: insipid@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68B061A1BED for <insipid@ietfa.amsl.com>; Thu, 18 Jun 2015 08:12:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24OaF3_MePoD for <insipid@ietfa.amsl.com>; Thu, 18 Jun 2015 08:12:03 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5461C1A02F1 for <insipid@ietf.org>; Thu, 18 Jun 2015 08:12:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6020; q=dns/txt; s=iport; t=1434640323; x=1435849923; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=62yHiQtnWCviEsSNHaHmdmaLNWnccgwmfiHUMZwwad0=; b=HgUdFWj7Y8t3JbokXV0WD4QGQRsfKdKnPds+8y2MSeJAPAXyQs2XoZXC 8VLJqyEYe068MxvhBWgdawwabJg+qxC1//aUfLbZrpKXkc1T1E2dIZaVI uZIxc/IFU7wGku7Oz9ZgrcBImUgDIGCo47DFfVUpSWX09f7TJFlJdROd/ g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D6BADo3oJV/4MNJK1cgxBUWgUGgxi5cmYJgWGCSIM0AhyBGzgUAQEBAQEBAYEKhCIBAQEDASMRRQULAgEIGAICJgICAjAVEAIEDgWIJwgIBa8KlisBAQEBAQEBAQEBAQEBAQEBAQEBAQEXgSGKJIQjEQEGCQ8zB4JoL4EUBZNwAYRShnaRFwKHDCaDeW8LAQF4BxcjgQIBAQE
X-IronPort-AV: E=Sophos;i="5.13,638,1427760000"; d="scan'208";a="160723477"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-4.cisco.com with ESMTP; 18 Jun 2015 15:12:02 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id t5IFC2rG022975 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 18 Jun 2015 15:12:02 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.217]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.03.0195.001; Thu, 18 Jun 2015 10:12:02 -0500
From: "Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com>
To: "Vijay K. Gurbani" <vkg@bell-labs.com>
Thread-Topic: Review of draft-ietf-insipid-logme-reqs-02
Thread-Index: AQHQqdFY3CjRvF8vUECkDPX4uQNw/52ysn8A
Date: Thu, 18 Jun 2015 15:12:01 +0000
Message-ID: <2F9A1E5D-6304-4384-82C2-5EE19B953DDE@cisco.com>
References: <5582D306.8070305@bell-labs.com>
In-Reply-To: <5582D306.8070305@bell-labs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.131.44.67]
Content-Type: text/plain; charset="utf-8"
Content-ID: <CBE40F519473E2439058A54C646AE911@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/insipid/W1N0ZIW4kWZ7w5jeA2XHK-HhsiM>
Cc: Keith Drage <keith.drage@ALCATEL-LUCENT.COM>, "insipid@ietf.org" <insipid@ietf.org>, "draft-ietf-insipid-logme-reqs@tools.ietf.org" <draft-ietf-insipid-logme-reqs@tools.ietf.org>
Subject: Re: [Insipid] Review of draft-ietf-insipid-logme-reqs-02
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2015 15:12:05 -0000

Thanks for the detailed review, Vijay.

Peter - Considering the nature of the comments below, a new version addressing Vijay and Christer’s review feedback would be needed before moving to WGLC.

Cheers,

Gonzalo


> On Jun 18, 2015, at 10:17 AM, Vijay K. Gurbani <vkg@bell-labs.com> wrote:
> 
> All: I was asked by the chairs to review
> draft-ietf-insipid-logme-reqs-02.  Review is below.
> 
> Generally, I believe the document needs a non-trivial amount of work to
> flesh it out in a form ready for an Informational RFC.  I hope the
> detailed comments below help the authors.
> 
> - Abstract, second paragraph: "This draft describes requirements for
> adding an indicator to the SIP protocol which can be used to mark
> signalling as of interest to logging."
> 
> Here, it is the SIP message (or protocol data unit, PDU) that is
> deemed to be worthy of logging.  As written above, there is
> conflation between "SIP protocol" and "signalling"; after all,
> signalling *is* the SIP protocol.
> 
> My suggestion would be to rewrite above sentence as:
> This draft describes requirements for adding an indicator to
> the SIP protocol data unit (PDU, or a SIP message) that marks
> the PDU as a candidate for logging.
> 
> - S1.  I think that this paragraph is important and sets the
> tone and expectation of the "log me" marker.  Thus it should be
> as clear and umabiguous as possible.  In its current text, the
> paragraph is rather rambling (sorry).  Here are the salient
> points that the paragraph is making:
> 
> a. Service providers need to find out why users are experiencing
>    signaling problems.
> b. Service providers need to run regression tests when a client
>    software/hardwaare is upgraded.
> c. The diagnostics seeked by service providers may apply only to
>    their network, or service providers may want an end-to-end
>    diagnostic of a message, a set of messages (dialogue).
> d. The end-to-end diagnostics involve a number of caveats:
>    different service providers, different countries, privacy
>    expectations, trust domains, etc.
> 
> New text should weave these points better than the current text does.
> 
> - S4: Number of questions here remain unanswered (at least to me):
>  - It is not clear what is being logged.  The request line?
>    All of the SIP headers, including the top line?  The body?
>    A selected subset of SIP headers?  Selected subsets of the body?
>    Short-form logging?  Long-form logging?
>  - The diagnostic procedure calls for the entity logging the messages
>    to send them to a server coordinating the diagnostics.  How is
>    the URL to that server obtained?  What happens if the entity
>    producing the logs is unable to reach the server?  Should
>    logging continue locally?  Is the intent to reach this server in
>    real-time?  What is the format by which the logging messages
>    get to the server (raw, TLV, ...)?
>  - How is the 'stop event' to terminate logging triggered?  Is
>    the logging expiry time a parameter to the 'log me' marker?
>    Is it in ms?  seconds?  hours?  number of dialogs? a specific
>    dialog?
>  - What is the interplay of the "log me" marker with the native
>    logging support of a SIP entity?  Is it the case that the
>    "log me" marker causes the SIP entity to start producing
>    logs in its native format?  In SIP-CLF format?  This point is
>    very important and some guidance must be provided.
> 
> - S5, REQ6 appears to exist for backwards compatibility.  If so
> just state it for context.
> 
> - S5, REQ7: It is not that the logging is stateless, it is that
> the SIP proxy is stateless (first sentence).  It may help to
> rewrite the first sentence to that effect.
> 
> - S6.1: s/the net hop/the next hop/
> 
> - S6.2.1: "The "log me" marker is not sensitive information,"
> However, in S6 above, you state that "Potential security impacts
> of a "log me" marker are whether the marker itself contains any
> sensitive information..."  So, is it sensitive or not?
> 
> Thanks,
> 
> - vijay
> -- 
> Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
> 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA)
> Email: vkg@{bell-labs.com,acm.org} / vijay.gurbani@alcatel-lucent.com
> Web: http://ect.bell-labs.com/who/vkg/  | Calendar: http://goo.gl/x3Ogq

v2.23.0 | Report a Bug | By Email