IETF Logo Mail Archive

Re: [siprec] Ben Campbell's No Objection on draft-ietf-siprec-metadata-20: (with COMMENT)

"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Tue, 15 March 2016 13:00 UTC

Return-Path: <rmohanr@cisco.com>
X-Original-To: siprec@ietfa.amsl.com
Delivered-To: siprec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0DA512DA10; Tue, 15 Mar 2016 06:00:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5QIr_Ika0GhX; Tue, 15 Mar 2016 06:00:17 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BF7F12DA02; Tue, 15 Mar 2016 06:00:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4514; q=dns/txt; s=iport; t=1458046816; x=1459256416; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=mdAaIqdN7d884IgOy1JCAKnhiYBqkv80bHXoBea+k/o=; b=A33UEfMaHTmuowR3FhDXKeGOBvmhi122pjfqrP38M2DRqps/pLS7TVMi svYhsHOHvyvjN7BF0tFymbP0Azv4vxebxRUsGSx6pijNV6bb5ACaWA7Va MjwXgkiKLc6kZXz+KWdbM0vxpkWG606T0NiUTNCdehMVf78DM6NYg+Vea 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CrBABuBuhW/xbLJq1VCYUIBrg6hAuGDQKCBAEBAQEBAWUnhEEBAQEEDiwrFAwEAgEIEQMBAh8QMh0IAgQOBYgmvTEBAQEBAQEBAQEBAQEBAQEBAQEBF4pchAoIBAYBAQeEUAEEl08BjgCPBY5+AWKCAxkUgTVqiSkIFx1+AQEB
X-IronPort-AV: E=Sophos;i="5.24,339,1454976000"; d="scan'208";a="636265404"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2016 13:00:14 +0000
Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id u2FD0DRG000834 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 15 Mar 2016 13:00:13 GMT
Received: from xch-rtp-017.cisco.com (64.101.220.157) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 15 Mar 2016 09:00:12 -0400
Received: from xch-rtp-017.cisco.com ([64.101.220.157]) by XCH-RTP-017.cisco.com ([64.101.220.157]) with mapi id 15.00.1104.009; Tue, 15 Mar 2016 09:00:12 -0400
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Ben Campbell <ben@nostrum.com>
Thread-Topic: Ben Campbell's No Objection on draft-ietf-siprec-metadata-20: (with COMMENT)
Thread-Index: AQHRfrqcv3zeXzELJEWADty/AKjYZQ==
Date: Tue, 15 Mar 2016 13:00:12 +0000
Message-ID: <D30E0649.54969%rmohanr@cisco.com>
References: <20160302002515.30664.79446.idtracker@ietfa.amsl.com> <D2FD1094.53195%rmohanr@cisco.com> <2025D20B-7234-4CE3-9E34-E3C0AAFAD5BC@nostrum.com> <D306EF2B.53FCA%rmohanr@cisco.com> <D0FA9505-C980-427F-9ECC-EB72CCF911DA@nostrum.com>
In-Reply-To: <D0FA9505-C980-427F-9ECC-EB72CCF911DA@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.1.160122
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.65.63.88]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <30E54268FD579A45A632D553CA9932B7@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/siprec/mFLk58gR_E3B1RCHJSt2XW95Ku4>
Cc: "draft-ietf-siprec-metadata@ietf.org" <draft-ietf-siprec-metadata@ietf.org>, "siprec@ietf.org" <siprec@ietf.org>, "siprec-chairs@ietf.org" <siprec-chairs@ietf.org>
Subject: Re: [siprec] Ben Campbell's No Objection on draft-ietf-siprec-metadata-20: (with COMMENT)
X-BeenThere: siprec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Recording Working Group Discussion List <siprec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/siprec>, <mailto:siprec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/siprec/>
List-Post: <mailto:siprec@ietf.org>
List-Help: <mailto:siprec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/siprec>, <mailto:siprec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2016 13:00:18 -0000

Hi Ben,

Thanks for review. See inline. Removed those that does not need any
response (which you have accepted). Will send diffs to WG and reviewers
soon with all the comments incorporated.

-----Original Message-----
From: Ben Campbell <ben@nostrum.com>
Date: Tuesday, 15 March 2016 at 12:36 AM
To: Cisco Employee <rmohanr@cisco.com>
Cc: "draft-ietf-siprec-metadata@ietf.org"
<draft-ietf-siprec-metadata@ietf.org>, "siprec@ietf.org"
<siprec@ietf.org>, Brian Rosen <br@brianrosen.net>, The IESG
<iesg@ietf.org>, "siprec-chairs@ietf.org" <siprec-chairs@ietf.org>
Subject: Re: Ben Campbell's No Objection on draft-ietf-siprec-metadata-20:
(with COMMENT)

>
>>>
>>> Now that you've added the reference, you may not need the normative
>>> language here. Is the RECOMMENDED something new beyond what is
>>> already
>>> required in siprec-protocol? (I am pretty sure the MUST is already
>>> covered there.)
>>
>> Right. I have fixed this after discussion with Stephen. New text for
>> para
>> 1 in Security Consideration is:
>> Para 2 is removed.
>>
>> NEW:
>> This document describes an extensive set of metadata that may be
>> recorded
>> by the SRS. Most of the
>> metadata could be considered private data.   The procedures mentioned
>> in
>> security consideration
>> section of <xref target="I-D.ietf-siprec-protocol"/> MUST be
>> implemented
>> by SRC and SRS for
>>  mutual authentication and to protect the content of the metadata in
>> the
>> RS.
>>
>> Some implementations may have the SRC choose parts of metadata that
>> can be
>> sent to the SRS.
>> In other cases, SRCs may send metadata that is not appropriate for the
>> SRS
>> to record. Which
>>  metadata is actually recorded by the SRS must be carefully considered
>> to
>> balance privacy
>> concerns with usability. Implementations MUST control what metadata is
>> recorded, and MUST NOT
>>  save metadata sent by the SRC that does not conform to the recording
>> policy of the SRS.
>> Metadata in storage needs to be provided with a level of security that
>> is
>> comparable to that
>> of the recording session.
>
>Perhaps s/"control what metadata is recorded"/"limit what metadata is
>recorded" ?

I see that Paul and you have discussed in the other thread and came up
with text for this part. I will use that text here.

NEW: (Taken from your mail with Paul)

"An SRC MAY, by policy, choose to limit the parts of the metadata sent
to the SRS for recording. And the policy of the SRS might not require
all the metadata it receives. For the sake of data minimization, the SRS
MUST NOT record additional metadata that is not explicitly required by
local policy. Metadata in storage needs to be provided with a level of
security that is comparable to that of the recording session."




>
>>
>>>
>>>>
>>>>>
>>>>> - 13.2: I think RFCs 3325 and 3326 need to be normative references.
>>>>> That's an issue for 3325, but section 6.5.1 normatively states that
>>>>> P-AID
>>>>> is a potential source for nameID. (which should probably be scoped
>>>>> to
>>>>> only be true for deployments where P-AID makes sense.)
>>>>
>>>> Fine. We can make reference to 3325 and 3326 normative.
>>>
>>> On reflection, I think I've changed my mind on suggesting 3325 be
>>> normative. In the description of the nameID attribute, it would be
>>> better to say that nameID is the AoR of the participant, and then
>>> non-normatively mention examples of where that might come from
>>> (including P-AID as one of those examples.)
>>
>> WFM. I will modify the text to make it non-normative.
>>
>> NEW:
>> The AoR is drawn from From header or P-Asserted-Identity header or
>> Remote-Party-ID header.
>
>I suggest going a little further, such as "... For example, the AoR may
>be drawn from the From header field or P-Asserted-Identity header
>field." (eliding RPID as mentioned earlier)

WFM. Will add the suggested text.

>
>>
>>>
>>> And now that I look at that paragraph again, I wonder if an
>>> RFC4424/4424bis identity assertion should be listed as an example
>>> source?
>>
>> I am fine with adding RFC4424 Identity assertion header as one source
>> for
>> nameID.
>
>On reflection, the actual AoR would still come from From, etc, even with
>4474/4474bis. So the mention is probably not needed.

Ok. Will not add this.

I will send out diffs with all the comments incorporated soon.

Regards,
Ram
>
>>
>> Ram
>>
>>>
>>> [...]

v2.23.0 | Report a Bug | By Email