[sip-clf] AD review: draft-ietf-sipclf-format-06

Robert Sparks <rjsparks@nostrum.com> Mon, 30 April 2012 18:57 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: sip-clf@ietfa.amsl.com
Delivered-To: sip-clf@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 26AAE21F87D2 for <sip-clf@ietfa.amsl.com>; Mon, 30 Apr 2012 11:57:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YJMKuynn+cBp for <sip-clf@ietfa.amsl.com>; Mon, 30 Apr 2012 11:57:41 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id 2542521F86CE for <sip-clf@ietf.org>; Mon, 30 Apr 2012 11:57:41 -0700 (PDT)
Received: from dn3-177.estacado.net (vicuna-alt.estacado.net []) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id q3UIveqS043616 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <sip-clf@ietf.org>; Mon, 30 Apr 2012 13:57:40 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
Message-ID: <4F9EE0A4.2000905@nostrum.com>
Date: Mon, 30 Apr 2012 13:57:40 -0500
From: Robert Sparks <rjsparks@nostrum.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Content-Type: multipart/alternative; boundary="------------030500050400050906080809"
Received-SPF: pass (nostrum.com: is authenticated by a trusted mechanism)
Subject: [sip-clf] AD review: draft-ietf-sipclf-format-06
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Apr 2012 18:57:42 -0000

Summary: there are still a few remaining clarifications to capture 
before IETFLC on this document.

This is an update to the AD review on -05. Thanks for addressing the 
majority of the concerns in that review. There are a few that remain, 
and the changes introduced some new ones.

1) Thanks for adding the additional description motivating replacing 
tabs with spaces when creating log entries. The new text says that this 
replacement SHOULD occur when logging bodies or entire messages. Why is 
this a SHOULD? When would you not do this replacement?

The new text says the decision to do this substitution was based on 
there being "no known use of tabs in SIP messages". What possible 
unknown uses are there? It would be better to say "No standardized use 
of tabs". I also think you mean to scope that claim to SIP header 
fields. We allow logging arbitrary bodies, and I don't think we have 
done the research to claim that tabs are meaningless (other than as 
whitespace) in all possible body types.

2) The description of escaping and encoding in Tag=01 is still 
ambiguous. You say you must base64 encode any binary body. You also say 
you must escape CRLFs. I suspect you intend for those to be mutually 
exclusive? What are you expecting the implementer to use to decide if 
the body is binary or not? We should be making much more precise use of 
the terms defined in the media type specifications to make this clear 
(to avoid things like encoding a body that's already encoded).

I don't remember a response to my question about whether log readers 
should unescape anything (apologies if I'm just not finding a response 
as I'm rereading the threads).
I think from the context of the conversations, the intent was that such 
a reader would never unescape (since you want to read these with grep 
and the like). Someone reading a logged body isn't going to be able to 
tell that the logging system re-encoded a body into base64 unless you're 
leaving evidence of having done something somewhere else. Are you?

3) This sentence needs adjusting: " It should be noted that as a result 
of the escaping mechanisms used in this document ('-' and '?') a field 
that would normally be able to parse if it appeared in a SIP header (as 
opposed to a log file) may not be syntactically parsable by a SIP 
parser." I suggest this replacement: "It should be noted that any field 
value that is modified by the escaping mechanisms defined in this 
document before logging ('-','?', and CRLF) is likely no longer 
well-formed SIP and will fail when given to such a parser".

4) Section 4.2's description of To and From tags still doesn't say what 
to do when the tags aren't present (or am I missing that discussion)?

5) (Nit: the change of text from 'Internet-Draft' to 'RFC' highlighted a 
problem for me that was already in -05:
I suggest this change:)
    A Base64 encoded version of this log entry (without the changes
    required to format it for an RFC) is shown below.
    A Base64 encoded version of this log entry (modified as
    required to format it for an RFC) is shown below.