[Insipid] Stephen Farrell's No Objection on draft-ietf-insipid-logme-reqs-12: (with COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Wed, 01 February 2017 14:22 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: insipid@ietf.org
Delivered-To: insipid@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D7661293EE; Wed, 1 Feb 2017 06:22:29 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.41.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148595894907.19146.186759558704017451.idtracker@ietfa.amsl.com>
Date: Wed, 01 Feb 2017 06:22:29 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/insipid/sgfZOoVgZiotTEzhsFy2YD25Au8>
Cc: insipid@ietf.org, insipid-chairs@ietf.org, draft-ietf-insipid-logme-reqs@ietf.org, gsalguei@cisco.com
Subject: [Insipid] Stephen Farrell's No Objection on draft-ietf-insipid-logme-reqs-12: (with COMMENT)
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.17
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2017 14:22:29 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-insipid-logme-reqs-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-insipid-logme-reqs/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Note that I'm balloting no-objection here. If some of these things weren't fixed, I'd be a DISCUSS ballot when the protocol spec turned up, should I still be on the IESG at that point (which I guess is unlikely:-) - 3.2: I think "trust domain" isn't a great term, and doesn't really match the definition offered well. You're including the entire "source" operator plus the bits of any other operator that have agreed to help the source-operator with logging. I don't think that set of things is really a domain. Nor are the things in that set "trusted" except to do this logging stuff properly. It's also not clear to me if the relevant set is meant to differ per-call, or to be the same for all calls that a source-operator might originate. - 5.1: REQ1 seems to me to ignore privacy in one bad respect - isn't the right thing to log the entire message *except* bits that are considered sensitive by the logging entity concerned? E.g. any secrets or PII in the SIP message may be best not logged. Forcing everyone to log the entire thing would seem brittle to me - it may cause operators to not co-operate with one another esp if data privacy laws differ between them. (Or maybe more likely, the logs will not have the sensitive bits, or will eventually have them XXXX'd out.) - REQ9: Not quite sure, but I wonder are there additional requirements for intermediaries inserting this that aren't covered. For example, that that not be (ab)used for other than diagnostics and hence ought not be on by default and maybe more. I think the thing to do is to get someone to do a privacy analysis of this situation before the protocol spec is done - some minor changes might make a biggish difference there. - 6.1: See above wrt 3.2. I'm not convinced that there is such a thing as a "trust domain boundary" as you use the term. I think (not sure) that may mean that logme stuff is either dropped on ingress or else never dropped which'd seem like a bad outcome.
- [Insipid] Stephen Farrell's No Objection on draft… Stephen Farrell
- Re: [Insipid] Stephen Farrell's No Objection on d… Dawes, Peter, Vodafone Group
- Re: [Insipid] Stephen Farrell's No Objection on d… Stephen Farrell
- Re: [Insipid] Stephen Farrell's No Objection on d… Ben Campbell