Re: [sip-ops] [dispatch] SIP-CLF: Results on ASCII vs. binary representation

"Vijay K. Gurbani" <> Wed, 29 April 2009 21:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9B6493A71C2; Wed, 29 Apr 2009 14:44:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.518
X-Spam-Status: No, score=-2.518 tagged_above=-999 required=5 tests=[AWL=0.081, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5H2VwhEsNbc8; Wed, 29 Apr 2009 14:44:35 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 6FD7C3A71B4; Wed, 29 Apr 2009 14:44:34 -0700 (PDT)
Received: from ( []) by (8.13.8/IER-o) with ESMTP id n3TLjrVI006430 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 29 Apr 2009 16:45:53 -0500 (CDT)
Received: from [] ( []) by (8.13.8/TPES) with ESMTP id n3TLjqIZ007923; Wed, 29 Apr 2009 16:45:53 -0500 (CDT)
Message-ID: <>
Date: Wed, 29 Apr 2009 16:45:52 -0500
From: "Vijay K. Gurbani" <>
Organization: Bell Labs Security Technology Research Group
User-Agent: Thunderbird (Windows/20070728)
MIME-Version: 1.0
To: Hadriel Kaplan <>
References: <> <> <> <> <> <E6C2E8958BA59A4FB960963D475F7AC31915E3E5B1@mail>
In-Reply-To: <E6C2E8958BA59A4FB960963D475F7AC31915E3E5B1@mail>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on
Cc: "" <>, "" <>
Subject: Re: [sip-ops] [dispatch] SIP-CLF: Results on ASCII vs. binary representation
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Operations <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 29 Apr 2009 21:44:36 -0000

Hadriel Kaplan wrote:
> Depends on how you plan to disambiguate legal characters in the
> fields from the field separators.  In binary the length field removes
> the need for disambiguation, or a CRLF itself does it (depending on
> the format).  In ascii, if you have to escape characters, then that
> escaping and de-escaping could be a big hit.

Right; this is a nagging problem at the back of my head ever
since Dale pointed it out.  The least impacting way to deal
with this, I believe, will be not to save display-name type
of constructs but only addr-spec for URIs.  The generic-param
construct is another potential problem.  Spaces in it need
to be escaped or generic-param could be simply unallowed.  I
don't know what the right answer should be right now.

> But anyway, I think the real question that needs to be answered
> *first* is "what is the purpose of the CLF?"  What is it going to
> help admins do?  Is it for troubleshooting, or for registration audit
> logging, or for IDS systems, etc?

 From the list above, at least for troubleshooting, logging, and
IDS systems.  What I do not envision CLF being used for is
debugging (distinct from troubleshooting) and CDR.


- vijay
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: vkg@{,,}