Hi Dan, Thanks for taking the time to review the LogMe requirements draft and providing feedback! We will discuss about load related attacks and recommended approaches to mitigate in LogMe solutions draft under security considerations section. Thanks! Arun > On Jan 12, 2017, at 11:17 AM, Dan Romascanu <dromasca@xxxxxxxxx> wrote: > > Reviewer: Dan Romascanu > Review result: Ready > > I have reviewed this document as part of the Operational directorate's > > ongoing effort to review all IETF documents being processed by the > IESG. These > comments were written with the intent of improving the operational > aspects of the > IETF drafts. Comments that are not addressed in last call may be > included in AD reviews > during the IESG review. Document editors and WG chairs should treat > these comments > just like any other last call comments. > > This informational document describes requirements for adding an > indicator to the SIP > protocol data unit (PDU, or a SIP message) that marks the PDU as a > candidate for logging. Such marking will typically be applied as > part of network testing controlled by the network operator and not > used in regular client signaling. However, such marking can be > carried end-to-end including the SIP terminals, even if a session > originates and terminates in different networks. > > It's a short, focused and well-written document. It is interesting for > the operators of networks that use SIP, as this indicator can be used > to trigger testing or debugging in the networks that they operate. It > seems that different implications on security and network behavior > were considered, although some of them are not explicitly mentioned - > such as the potential overload or DoS attacks in case of > mis-configuration or malicious configuration of a big number of > terminals in a SIP network leading to simultaneous activation of debug > modes. It may be good to explicitly mentions these, but otherwise this > document is READY from an OPS-DIR perspective. > > _______________________________________________ > insipid mailing list > insipid@xxxxxxxx > https://www.ietf.org/mailman/listinfo/insipid