IETF Logo Mail Archive

Re: [siprec] Ben Campbell's No Objection on draft-ietf-siprec-metadata-20: (with COMMENT)

"Ben Campbell" <ben@nostrum.com> Wed, 16 March 2016 04:06 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: siprec@ietfa.amsl.com
Delivered-To: siprec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D6F712D7A7 for <siprec@ietfa.amsl.com>; Tue, 15 Mar 2016 21:06:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HhmalQTLJl2r for <siprec@ietfa.amsl.com>; Tue, 15 Mar 2016 21:06:31 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9353C12D665 for <siprec@ietf.org>; Tue, 15 Mar 2016 21:06:31 -0700 (PDT)
Received: from [10.0.1.10] (cpe-70-119-203-4.tx.res.rr.com [70.119.203.4]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id u2G46TQT006934 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 15 Mar 2016 23:06:29 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-119-203-4.tx.res.rr.com [70.119.203.4] claimed to be [10.0.1.10]
From: Ben Campbell <ben@nostrum.com>
To: Ram Mohan R <rmohanr@cisco.com>
Date: Tue, 15 Mar 2016 23:06:28 -0500
Message-ID: <815C00AF-652C-4090-9370-E97AE2BBCE9E@nostrum.com>
In-Reply-To: <D30ECEB4.54AFA%rmohanr@cisco.com>
References: <20160302002515.30664.79446.idtracker@ietfa.amsl.com> <D2FD1094.53195%rmohanr@cisco.com> <2025D20B-7234-4CE3-9E34-E3C0AAFAD5BC@nostrum.com> <D306EF2B.53FCA%rmohanr@cisco.com> <D0FA9505-C980-427F-9ECC-EB72CCF911DA@nostrum.com> <D30E0649.54969%rmohanr@cisco.com> <A00B8D51-2512-404B-A980-D5BE238A9216@nostrum.com> <D30ECEB4.54AFA%rmohanr@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <http://mailarchive.ietf.org/arch/msg/siprec/gFiRpA1gYWTzv27JGFMO-ZD9oiU>
Cc: "siprec-chairs@ietf.org" <siprec-chairs@ietf.org>, "draft-ietf-siprec-metadata@ietf.org" <draft-ietf-siprec-metadata@ietf.org>, "siprec@ietf.org" <siprec@ietf.org>, The IESG <iesg@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [siprec] Ben Campbell's No Objection on draft-ietf-siprec-metadata-20: (with COMMENT)
X-BeenThere: siprec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Recording Working Group Discussion List <siprec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/siprec>, <mailto:siprec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/siprec/>
List-Post: <mailto:siprec@ietf.org>
List-Help: <mailto:siprec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/siprec>, <mailto:siprec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2016 04:06:33 -0000

I'm going to be on the road for the rest of the week. I will try to fit 
in a look at the diff, but please do not hold submission on my behalf 
(revisions are cheap). Failing that, I should be able to look at it by 
Monday or Tuesday.

Ben.

On 15 Mar 2016, at 22:15, Ram Mohan R (rmohanr) wrote:

> Hi All,
>
> Please find the diffs attached. This addresses Stephen¹s and Ben¹s 
> IESG
> comments. Please check and let me know if this is fine. I will publish 
> the
> revision by end of this week.
>
> Regards,
> Ram
>
> -----Original Message-----
> From: Ben Campbell <ben@nostrum.com>
> Date: Tuesday, 15 March 2016 at 7:52 PM
> To: Cisco Employee <rmohanr@cisco.com>
> Cc: "draft-ietf-siprec-metadata@ietf.org"
> <draft-ietf-siprec-metadata@ietf.org>, "siprec@ietf.org"
> <siprec@ietf.org>, Brian Rosen <br@brianrosen.net>,
> "siprec-chairs@ietf.org" <siprec-chairs@ietf.org>
> Subject: Re: Ben Campbell's No Objection on 
> draft-ietf-siprec-metadata-20:
> (with COMMENT)
>
>> Hi Ram,
>>
>> It all looks good to me.
>>
>> Thanks!
>>
>> Ben.
>>
>> On 15 Mar 2016, at 8:00, Ram Mohan R (rmohanr) wrote:
>>
>>> Hi Ben,
>>>
>>> Thanks for review. See inline. Removed those that does not need any
>>> response (which you have accepted). Will send diffs to WG and 
>>> reviewers
>>> soon with all the comments incorporated.
>>>
>>> -----Original Message-----
>>> From: Ben Campbell <ben@nostrum.com>
>>> Date: Tuesday, 15 March 2016 at 12:36 AM
>>> To: Cisco Employee <rmohanr@cisco.com>
>>> Cc: "draft-ietf-siprec-metadata@ietf.org"
>>> <draft-ietf-siprec-metadata@ietf.org>, "siprec@ietf.org"
>>> <siprec@ietf.org>, Brian Rosen <br@brianrosen.net>, The IESG
>>> <iesg@ietf.org>, "siprec-chairs@ietf.org" <siprec-chairs@ietf.org>
>>> Subject: Re: Ben Campbell's No Objection on
>>> draft-ietf-siprec-metadata-20:
>>> (with COMMENT)
>>>
>>>>
>>>>>>
>>>>>> Now that you've added the reference, you may not need the 
>>>>>> normative
>>>>>> language here. Is the RECOMMENDED something new beyond what is
>>>>>> already
>>>>>> required in siprec-protocol? (I am pretty sure the MUST is 
>>>>>> already
>>>>>> covered there.)
>>>>>
>>>>> Right. I have fixed this after discussion with Stephen. New text 
>>>>> for
>>>>> para
>>>>> 1 in Security Consideration is:
>>>>> Para 2 is removed.
>>>>>
>>>>> NEW:
>>>>> This document describes an extensive set of metadata that may be
>>>>> recorded
>>>>> by the SRS. Most of the
>>>>> metadata could be considered private data.   The procedures 
>>>>> mentioned
>>>>> in
>>>>> security consideration
>>>>> section of <xref target="I-D.ietf-siprec-protocol"/> MUST be
>>>>> implemented
>>>>> by SRC and SRS for
>>>>>  mutual authentication and to protect the content of the metadata 
>>>>> in
>>>>> the
>>>>> RS.
>>>>>
>>>>> Some implementations may have the SRC choose parts of metadata 
>>>>> that
>>>>> can be
>>>>> sent to the SRS.
>>>>> In other cases, SRCs may send metadata that is not appropriate for 
>>>>> the
>>>>> SRS
>>>>> to record. Which
>>>>>  metadata is actually recorded by the SRS must be carefully 
>>>>> considered
>>>>> to
>>>>> balance privacy
>>>>> concerns with usability. Implementations MUST control what 
>>>>> metadata is
>>>>> recorded, and MUST NOT
>>>>>  save metadata sent by the SRC that does not conform to the 
>>>>> recording
>>>>> policy of the SRS.
>>>>> Metadata in storage needs to be provided with a level of security 
>>>>> that
>>>>> is
>>>>> comparable to that
>>>>> of the recording session.
>>>>
>>>> Perhaps s/"control what metadata is recorded"/"limit what metadata 
>>>> is
>>>> recorded" ?
>>>
>>> I see that Paul and you have discussed in the other thread and came 
>>> up
>>> with text for this part. I will use that text here.
>>>
>>> NEW: (Taken from your mail with Paul)
>>>
>>> "An SRC MAY, by policy, choose to limit the parts of the metadata 
>>> sent
>>> to the SRS for recording. And the policy of the SRS might not 
>>> require
>>> all the metadata it receives. For the sake of data minimization, the 
>>> SRS
>>> MUST NOT record additional metadata that is not explicitly required 
>>> by
>>> local policy. Metadata in storage needs to be provided with a level 
>>> of
>>> security that is comparable to that of the recording session."
>>>
>>>
>>>
>>>
>>>>
>>>>>
>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> - 13.2: I think RFCs 3325 and 3326 need to be normative 
>>>>>>>> references.
>>>>>>>> That's an issue for 3325, but section 6.5.1 normatively states 
>>>>>>>> that
>>>>>>>> P-AID
>>>>>>>> is a potential source for nameID. (which should probably be 
>>>>>>>> scoped
>>>>>>>> to
>>>>>>>> only be true for deployments where P-AID makes sense.)
>>>>>>>
>>>>>>> Fine. We can make reference to 3325 and 3326 normative.
>>>>>>
>>>>>> On reflection, I think I've changed my mind on suggesting 3325 be
>>>>>> normative. In the description of the nameID attribute, it would 
>>>>>> be
>>>>>> better to say that nameID is the AoR of the participant, and then
>>>>>> non-normatively mention examples of where that might come from
>>>>>> (including P-AID as one of those examples.)
>>>>>
>>>>> WFM. I will modify the text to make it non-normative.
>>>>>
>>>>> NEW:
>>>>> The AoR is drawn from From header or P-Asserted-Identity header or
>>>>> Remote-Party-ID header.
>>>>
>>>> I suggest going a little further, such as "... For example, the AoR 
>>>> may
>>>> be drawn from the From header field or P-Asserted-Identity header
>>>> field." (eliding RPID as mentioned earlier)
>>>
>>> WFM. Will add the suggested text.
>>>
>>>>
>>>>>
>>>>>>
>>>>>> And now that I look at that paragraph again, I wonder if an
>>>>>> RFC4424/4424bis identity assertion should be listed as an example
>>>>>> source?
>>>>>
>>>>> I am fine with adding RFC4424 Identity assertion header as one 
>>>>> source
>>>>> for
>>>>> nameID.
>>>>
>>>> On reflection, the actual AoR would still come from From, etc, even
>>>> with
>>>> 4474/4474bis. So the mention is probably not needed.
>>>
>>> Ok. Will not add this.
>>>
>>> I will send out diffs with all the comments incorporated soon.
>>>
>>> Regards,
>>> Ram
>>>>
>>>>>
>>>>> Ram
>>>>>
>>>>>>
>>>>>> [...]

v2.23.0 | Report a Bug | By Email