[secdir] Secdir last call review of draft-ietf-insipid-logme-marking-11

Leif Johansson <leifj@sunet.se> Mon, 09 July 2018 15:15 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Leif Johansson <leifj@sunet.se>
To: secdir@ietf.org
Cc: draft-ietf-insipid-logme-marking.all@ietf.org, insipid@ietf.org, ietf@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <153114934615.5366.9894430842150985630@ietfa.amsl.com>
Date: Mon, 09 Jul 2018 08:15:46 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/uoOSYbTErT_OwZdKU-EIQCK0AD0>
Subject: [secdir] Secdir last call review of draft-ietf-insipid-logme-marking-11

Reviewer: Leif Johansson
Review result: Ready

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

>From the abstract: This document describes an indicator for the SIP 
protocol which can be used to mark signaling as being of interest to 
logging.

The document is clearly written and feels ready for publication from
a quality standpoint.

My only issue is in 7.4.6 - User Control of Logging: Why is the "must" 
in the first paragraph non-normative? Is it because there is no way
to prove the existence or absence of user consent? I realize this may
be a hard problem to solve but if this issue was considered and rejected 
it might be worth including a discussion about this in the document.

[secdir] Secdir last call review of draft-ietf-in… Leif Johansson
Re: [secdir] Secdir last call review of draft-iet… Dawes, Peter, Vodafone Group