IETF Logo Mail Archive

Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field

Anders Nygren <anders.nygren@gmail.com> Tue, 15 March 2011 22:00 UTC

Return-Path: <anders.nygren@gmail.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 46FE93A6E24 for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 15:00:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[AWL=1.192, BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOtr26gDfunW for <sip-clf@core3.amsl.com>; Tue, 15 Mar 2011 15:00:08 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id 73EEE3A6EEB for <sip-clf@ietf.org>; Tue, 15 Mar 2011 15:00:07 -0700 (PDT)
Received: by wwa36 with SMTP id 36so891916wwa.13 for <sip-clf@ietf.org>; Tue, 15 Mar 2011 15:01:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=ImlKCPLHLjm5ltlcmIpOY1xfOwtI+JT7eFk0+5DomAc=; b=PMtHIvxLovcuZ6jecsHgf1h5xxd/QLr4VJavqsFR2PCWiTkvNV62NfnBctKE8DtUq8 yCbFwRH3i0IR5d6Y48+nNCpstfUkIdP2UPE5jsFLBOEuOsy9aTOGUwRTOXXFxC8DyIYT IIfpKlB+a6/yxml1jmvTz+nVcuSe68ArL7dX8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=BkLZ3yEoxgL3ETZphqHGQWB5wCE1hFR2cYlYdgAveqAFmju4DHZdIP/vk/UuhVlE90 UQQP+ypIPfMWNBf7y8UECjfipYQvxZFVGhA8AcIUGjn32JV5RkabMDKqDsUuUSyRGeMN ok5wiEDZe5QcyrQcJuBwmvi/nsGVU8RAANezs=
MIME-Version: 1.0
Received: by 10.216.221.92 with SMTP id q70mr12211738wep.107.1300226492330; Tue, 15 Mar 2011 15:01:32 -0700 (PDT)
Received: by 10.216.25.17 with HTTP; Tue, 15 Mar 2011 15:01:32 -0700 (PDT)
In-Reply-To: <1143C00C-3085-42FE-B6FE-C4E66DAA83C8@cisco.com>
References: <AANLkTinaDKurSgbz3m5A2GV0k-zf21VAsRJzZXKTfH26@mail.gmail.com> <C664DEB6-88D5-44F1-88BC-C9FC123D72FE@cisco.com> <AANLkTi=RvWTVaaqBZwY1vEjZHU-smbXr3u-bMxLtSYG5@mail.gmail.com> <4CDB9960-FC4E-4197-AB64-C708BBE27D80@cisco.com> <33E31883-E842-46C6-A849-748452FDED3A@magorcorp.com> <1143C00C-3085-42FE-B6FE-C4E66DAA83C8@cisco.com>
Date: Tue, 15 Mar 2011 16:01:32 -0600
Message-ID: <AANLkTiknCiZGLWMCg8CacGb3xDbFEbH9hgqqoSutKXx_@mail.gmail.com>
From: Anders Nygren <anders.nygren@gmail.com>
To: Gonzalo Salgueiro <gsalguei@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] draft-ietf-sipclf-format-01, Flag field
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 22:00:11 -0000

On Tue, Mar 15, 2011 at 3:37 PM, Gonzalo Salgueiro <gsalguei@cisco.com> wrote:
> I agree Peter. Based on Ander's search example and some further thought on
> the matter has led me to the conclusion that we really do need to have these
> two separated. As far as the separate security field, I think it comes down
> to whether it is descriptive enough to say it is using TLS versus TLS over
> <blah>.

Since TLS can be run over TCP, UDP or SCTP, (I don't know if all alternatives
apply for SIP), I think it may be useful to separate the transport protocol from
the encryption. It is not something I feel very strongly about but I
prefer to keep
things separate and orthogonal.

/Anders

> Gonzalo
> On Mar 15, 2011, at 4:57 PM, Peter Musgrave wrote:
>
> Hi,
> I am a fan of keeping separate things separate. So I agree transport and
> send/receive would benefit from being untangled (IIRC, I may be the one
> responsible for entangling them).
> The transport field was intended to match the SIP transport protocol - so I
> think one byte for UDP, TCP, TLS, SCTP is ok.
> I don't see the need to have a separate security field (since we already
> have TCP/TLS sharing a byte) - so I would continue in the same vein. It's
> not a biggie for me - so if others want a secure/not secure byte that would
> be okay.
> Peter Musgrave
> (as individual)
> On 2011-03-15, at 3:58 PM, Gonzalo Salgueiro wrote:
>
> Anders -
> The notion of adding both SCTP and TLS the flag was brought up on the list
> back in October and it went unreplied to (far as I can tell). Here is the
> snippet:
> Although, given that TLS can ride on top of UDP or TCP, we may want to think
> of a second letter added to "L" to
> denote TLS-over-TCP and TLS-over-UDP (I doubt any implementations are using
> TLS-over-UDP for signaling only, but given that SCTP is starting
> to appear in kernels, maybe our flags ought to be "u, t, s, lu, lt, ls, U,
> T, S, LU, LT, LS").
> The fact that this is the second time this has been raised leads me to
> believe there is a need. I will raise this as a discussion topic in the
> upcoming meeting Prague.
> Regards,
> Gonzalo
>
> On Mar 15, 2011, at 3:13 PM, Anders Nygren wrote:
>
> On Tue, Mar 15, 2011 at 12:38 PM, Gonzalo Salgueiro <gsalguei@cisco.com>
> wrote:
>
> On Mar 15, 2011, at 1:49 PM, Anders Nygren wrote:
>
> Hi
>
> I will start writing one email for each issue in order to make it
>
> easier to track the different discussions.
>
> Thanks. That should help.
>
> I would like to propose that the Flag Field is moved from the
>
> <IndexPointers> to <MandatoryFields>. That way the <IndexPointers>
>
> will be pure metadata that can be ignored if wanted and all interesting
>
> data about the message is in the second line of the record.
>
> I have no real preference on this one. I'll let others weigh in with their
>
> thoughts.
>
> Also I think it would be good to change the Sent/Received flag from
>
> Sent/Received flag
>
>         u = received UDP mesage
>
>         t = received TCP mesage
>
>         l = received TLS mesage
>
>         U = sent UDP mesage
>
>         T = sent TCP mesage
>
>         L = sent TLS mesage
>
> To
>
> Sent/Received flag [1 byte]
>
>         r = received message
>
>         s = sent message
>
> And add
>
> Protocol [1 byte]
>
>         u = UDP
>
>         t = TCP
>
>         l = TLS
>
> Since the proposed CLF already requires quite a lot of space there is
>
> little reason to
>
> try to pack different parameters into the same byte.
>
> This is what was proposed early on, but the group decided on consolidating
>
> the two. I'm not violently opposed or in favor of either, but I don't see
>
> any real benefit to separating the two out since all permutations are
>
> covered in a single easy byte.
>
> It is not a big deal but for instance if You want to find all sent messages
> it
> is 3 tests instead of one for each record, (and if we add SCTP, see below),
> then it would be 4. And when searching for all messages on a specific
> protocol
> it is 2 tests instead of one.
>
> A quick check found RFC 4168, "The Stream Control Transmission
> Protocol (SCTP) as a Transport for the Session Initiation Protocol
> (SIP)"
>
> So maybe SCTP should be added as a protocol. I do not know if there is
> something
> similar to TLS over SCTP, but I suspect things may get messy with a lot of
> permutations in the future.
>
> So maybe we should consider 3 parameters
> send/receive    sent, received
> protocol           tcp, udp, sctp
> secure             encrypted, plain text
>
> /Anders
>
> Regards,
>
> Gonzalo
>
> /Anders
>
> _______________________________________________
>
> sip-clf mailing list
>
> sip-clf@ietf.org
>
> https://www.ietf.org/mailman/listinfo/sip-clf
>
>
>
> _______________________________________________
> sip-clf mailing list
> sip-clf@ietf.org
> https://www.ietf.org/mailman/listinfo/sip-clf
>
>
>

v2.23.0 | Report a Bug | By Email