[Insipid] Secdir last call review of draft-ietf-insipid-logme-marking-11

Leif Johansson <leifj@sunet.se> Mon, 09 July 2018 15:15 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: insipid@ietf.org
Delivered-To: insipid@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BC9B12F295; Mon, 9 Jul 2018 08:15:46 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Leif Johansson <leifj@sunet.se>
To: <secdir@ietf.org>
Cc: draft-ietf-insipid-logme-marking.all@ietf.org, insipid@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <153114934615.5366.9894430842150985630@ietfa.amsl.com>
Date: Mon, 09 Jul 2018 08:15:46 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/insipid/zAVfZrqvhDjuOEm_E2waHyFomdE>
Subject: [Insipid] Secdir last call review of draft-ietf-insipid-logme-marking-11
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.27
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 15:15:47 -0000

Reviewer: Leif Johansson
Review result: Ready

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

>From the abstract: This document describes an indicator for the SIP 
protocol which can be used to mark signaling as being of interest to 
logging.

The document is clearly written and feels ready for publication from
a quality standpoint.

My only issue is in 7.4.6 - User Control of Logging: Why is the "must" 
in the first paragraph non-normative? Is it because there is no way
to prove the existence or absence of user consent? I realize this may
be a hard problem to solve but if this issue was considered and rejected 
it might be worth including a discussion about this in the document.