I don't have that spec in front of me, but if it is used directly, that would reveal personally identifiable information. I would hope it is used as input into a hash out something.
The solution spec we're developing would certainly not use such a value directly or allow it to be derived. Paul -------- Original Message -------- From: SM <s...@resistor.net> Sent: Sat Sep 14 12:03:30 EDT 2013 To: ietf@ietf.org Subject: Re: Last Call: <draft-ietf-insipid-session-id-reqts-08.txt> (Requirements for an End-to-End Session Identification in IP-Based Multimedia Communication Networks) to Informational RFC At 09:40 10-09-2013, The IESG wrote: >The IESG has received a request from the INtermediary-safe SIP session ID >WG (insipid) to consider the following document: >- 'Requirements for an End-to-End Session Identification in IP-Based > Multimedia Communication Networks' > <draft-ietf-insipid-session-id-reqts-08.txt> as Informational RFC > >The IESG plans to make a decision in the next few weeks, and solicits >final comments on this action. Please send substantive comments to the >ietf@ietf.org mailing lists by 2013-09-24. Exceptionally, comments may be Section 4.5 of the draft discusses about logging. It mentions that "creating a common header field value through all SIP entities will greatly reduce any challenge for the purpose of" ... "communication tracking". I look a quick look at Reference [6]. It mentions that the IMEI shall be used for generating an identifier. Is the IMEI covered by REQ4? Regards, -sm
