I don't have that spec in front of me, but if it is used directly, that would reveal personally identifiable information. I would hope it is used as input into a hash out something.
The solution spec we're developing would certainly not use such a value directly or allow it to be derived.
Paul
From: SM <sm@xxxxxxxxxxxx>
Sent: Sat Sep 14 12:03:30 EDT 2013
To: ietf@xxxxxxxx
Subject: Re: Last Call: <draft-ietf-insipid-session-id-reqts-08.txt> (Requirements for an End-to-End Session Identification in IP-Based Multimedia Communication Networks) to Informational RFC
At 09:40 10-09-2013, The IESG wrote:The IESG has received a request from the INtermediary-safe SIP session ID
WG (insipid) to consider the following document:
- 'Requirements for an End-to-End Session Identification in IP-Based
Multimedia Communication Networks'
<draft-ietf-insipid-session-id-reqts-08.txt> as Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2013-09-24. Exceptionally, comments may be
Section 4.5 of the draft discusses about logging. It mentions that
"creating a common header field value through all SIP entities will
greatly reduce any challenge for the purpose of" ... "communication trackin! g".
I look a quick look at Reference [6]. It mentions that the IMEI
shall be used for generating an identifier. Is the IMEI covered by REQ4?
Regards,
-sm