Using the Mobile Equipment Identity (MEID) URN as an Instance ID
draft-atarius-dispatch-meid-urn-as-instanceid-08
Note: This ballot was opened for revision 05 and is now closed.
(Ben Campbell) Yes
(Alia Atlas) No Objection
Deborah Brungard No Objection
(Benoît Claise) No Objection
Alissa Cooper No Objection
Comment (2018-01-09 for -06)
No email
send info
send info
I tend to agree with the last call commenters about the likely leakiness of this despite all the good normative language in this document, but don't see a justification not to publish this given that we published RFC 7255.
(Spencer Dawkins) No Objection
(Suresh Krishnan) No Objection
Warren Kumari No Objection
(Mirja Kühlewind) No Objection
(Alexey Melnikov) No Objection
(Kathleen Moriarty) No Objection
Comment (2018-01-10 for -06)
No email
send info
send info
I agree with Adam's request for additional text in the security considerations section. Thanks for addressing the SecDir review comments: https://mailarchive.ietf.org/arch/msg/secdir/lZ_SwtRm1tBvuB7UPF-awcrsv60
Alvaro Retana No Objection
(Adam Roach) No Objection
Comment (2018-01-09 for -06)
No email
send info
send info
I think the security section would be improved by adding a blanket warning about not accidentally leaking the MEID in other contexts, such as (and in particular) when application servers subscribe to user registration state using the event package defined in RFC 3680.