Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-serviceid-header-12: (with DISCUSS and COMMENT)
mohamed.boucadair@orange.com Tue, 10 November 2020 05:51 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C81033A0112; Mon, 9 Nov 2020 21:51:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GZCDovLPSBR4; Mon, 9 Nov 2020 21:51:08 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 478D43A00D9; Mon, 9 Nov 2020 21:51:08 -0800 (PST)
Received: from opfednr07.francetelecom.fr (unknown [xx.xx.xx.71]) by opfednr22.francetelecom.fr (ESMTP service) with ESMTP id 4CVcRZ4ZgZzyvs; Tue, 10 Nov 2020 06:51:06 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1604987466; bh=amuOEbj2QgEuGi96h0EtfiU6vteeH4n45XeYSGqeEv0=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=kKJgTZd5JvqHiZhRUjNKcFh6ibqclLeZ8XglJgFMyytmNFBkbbqPlQdmJAVA+rxUJ WldqccV+ugNcvPkNcFUSsjGW7hBTGw6O1HyxQJpPu6udQXQzn0EUdcxgeB2tJisPtc TrxWxPBoumSKsSTBDNGP+55BczzsqZb6yiwceeLqYZFrg3aTPCtFH7fgnHaw4wGHcM c9t6aBZ/w+iSywOrtekfrBeVmuohGGSZsuABTQi4e2x3Bs8tm7ZNLutXXnfC7USPcI Sd5JVETlEp2LAfQRUCfb+zjlS29pFDSR6SGSaLauzGH3053LWgcawIAc1mxU4a99Qw ksMwWNxW6xFoQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.98]) by opfednr07.francetelecom.fr (ESMTP service) with ESMTP id 4CVcRZ3nLVzFpl0; Tue, 10 Nov 2020 06:51:06 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "draft-ietf-sfc-serviceid-header@ietf.org" <draft-ietf-sfc-serviceid-header@ietf.org>, Greg Mirsky <gregimirsky@gmail.com>, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, The IESG <iesg@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>
Thread-Topic: [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-serviceid-header-12: (with DISCUSS and COMMENT)
Thread-Index: AQHWtudbf7lbSYoDjEm8C0H2F7eGw6nA2NsQ
Date: Tue, 10 Nov 2020 05:51:05 +0000
Message-ID: <4778_1604987466_5FAA2A4A_4778_334_1_787AE7BB302AE849A7480A190F8B9330315744E6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <160446460674.32614.15877665689972040502@ietfa.amsl.com> <3869_1604486007_5FA28377_3869_203_1_787AE7BB302AE849A7480A190F8B93303156FA8C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20201106201530.GI39170@kduck.mit.edu> <16598_1604925760_5FA93940_16598_414_1_787AE7BB302AE849A7480A190F8B933031573AB9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20201109222555.GA39170@kduck.mit.edu>
In-Reply-To: <20201109222555.GA39170@kduck.mit.edu>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/YiLNF5FVIZk8nRllcwZXLbXHW3E>
Subject: Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-serviceid-header-12: (with DISCUSS and COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 05:51:10 -0000
Hi Ben, Thank you for checking. Fixed the nit. Focusing on this last one: > > because such information should be available to very few network > operator personnel. Furthermore, access to subscriber data > usually > requires specific access privilege levels. To maintain that > protection, an SF keeping operational logs should not log the > content > of a Subscriber and Performance Policy Context Headers unless the > SF > actually uses the content of these headers for its operation. > [...] > > It's not clear to me that "don't log it" would actually help all the > way if it's "having the information available on the node at all is > a legal violation" that is problem. If it's only "operator access" > that's the problem [Med] Yes. , then the question of what kind of network > capture/visibility processes are available and to which operator > personnel, which is probably more detail than we want to get into at > this point [Med] Agree. The key message here for operators is to carefully check the access levels and avoid that some of the access rules are bypassed. , so I'm not entirely sure what the best option is. (I'm > also not entirely sure if this mechanism would be fit for purpose at > all if the legal requirements prohibits "available at all on the > node", but maybe that's not actually a relevant requirement.) > [Med] The requirement is to control who can access the information, not the availability on a given node. Cheers, Med _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-… Benjamin Kaduk via Datatracker
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… Dirk.von-Hugo
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair