I don't have that spec in front of me, but if it is used directly, that would
reveal personally identifiable information. I would hope it is used as input
into a hash out something.
The solution spec we're developing would certainly not use such a value
directly or allow it to be derived.
Paul
-------- Original Message --------
From: SM <sm(_at_)resistor(_dot_)net>
Sent: Sat Sep 14 12:03:30 EDT 2013
To: ietf(_at_)ietf(_dot_)org
Subject: Re: Last Call: <draft-ietf-insipid-session-id-reqts-08.txt>
(Requirements for an End-to-End Session Identification in IP-Based
Multimedia Communication Networks) to Informational RFC
At 09:40 10-09-2013, The IESG wrote:
The IESG has received a request from the INtermediary-safe SIP session ID
WG (insipid) to consider the following document:
- 'Requirements for an End-to-End Session Identification in IP-Based
Multimedia Communication Networks'
<draft-ietf-insipid-session-id-reqts-08.txt> as Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2013-09-24. Exceptionally, comments
may be
Section 4.5 of the draft discusses about logging. It mentions that
"creating a common header field value through all SIP entities will
greatly reduce any challenge for the purpose of" ... "communication tracking".
I look a quick look at Reference [6]. It mentions that the IMEI
shall be used for generating an identifier. Is the IMEI covered by REQ4?
Regards,
-sm