Re: [core] I-D Action: draft-ietf-core-echo-request-tag-12.txt
Christian Amsüss <christian@amsuess.com> Mon, 01 February 2021 19:56 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E07E73A148E; Mon, 1 Feb 2021 11:56:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMgHWx68M_mU; Mon, 1 Feb 2021 11:56:10 -0800 (PST)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B70AA3A1475; Mon, 1 Feb 2021 11:56:07 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id 3115C407CF; Mon, 1 Feb 2021 20:56:05 +0100 (CET)
Received: from poseidon-mailbox.amsuess.com (poseidon-mailbox.amsuess.com [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 3B525FD; Mon, 1 Feb 2021 20:56:04 +0100 (CET)
Received: from hephaistos.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:7502:722c:4e86:561f]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id E5D0744; Mon, 1 Feb 2021 20:56:03 +0100 (CET)
Received: (nullmailer pid 153824 invoked by uid 1000); Mon, 01 Feb 2021 19:56:03 -0000
Date: Mon, 01 Feb 2021 20:56:03 +0100
From: Christian Amsüss <christian@amsuess.com>
To: draft-ietf-core-echo-request-tag.all@ietf.org, ops-dir@ietf.org, last-call@ietf.org
Cc: core@ietf.org
Message-ID: <YBhc09JI7YQyROVN@hephaistos.amsuess.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="YV7r01fJNTTiIm05"
Content-Disposition: inline
In-Reply-To: <161220390048.4746.17803268647442993812@ietfa.amsl.com> <20201210083247.obamjgn7sjcu56r2@anna.jacobs.jacobs-university.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/MN1VdUKLnAcC45dEsclyN87bkiA>
Subject: Re: [core] I-D Action: draft-ietf-core-echo-request-tag-12.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 19:56:19 -0000
Hello Barry, hello Jürgen,
I've just uploaded a -12, and Marco has been very quick to update the
write-up.
All the points of the reviews have been addressed, and being nits
probably don't warrant further mention outside the changelog of the -12
(copied below for convenience).
The nontivial point was the lack of explanation about the number given
for OK-to-send responses. It has been recalculated with more
conservative numbers, experssed in what is hoped to be easier to consume
for implementation developers. For the "factor 3" that plays into it it
now refers to the WIP QUIC draft. It's giving the numbers as guidance in
case there's no better basis for making a more situation-adjusted and
more informed decision.
With that, the document should be good to go ahead.
Best regards, and thanks for all your input
Christian
---
* Changes since draft-ietf-core-echo-request-tag-11 (addressing
GenART, TSVART, OpsDir comments)
- Explain the size permissible for responses before amplification
mitigation by referring to the QUIC draft for an OK factor, and
giving the remaining numbers that led to it. The actual number
is reduced from 152 to 136 because the more conservative case
of the attacker not sending a token is considered now.
- Added a definition for "freshness"
- Give more concrete example values in figures 2 and 3 (based on
the appendix suggestions), highlighting the differences between
the figures by telling how they are processed in the examples.
- Figure with option summary: E/U columns removed (for duplicate
headers and generally not contributing)
- MAY capitalization changed for consistency.
- Editorial changes (IV acronym expanded, s/can not/cannot/g)
- Draft ietf-core-stateless has become RFC8974
--
To use raw power is to make yourself infinitely vulnerable to greater powers.
-- Bene Gesserit axiom
- [core] I-D Action: draft-ietf-core-echo-request-t… internet-drafts
- Re: [core] I-D Action: draft-ietf-core-echo-reque… Christian Amsüss
- Re: [core] I-D Action: draft-ietf-core-echo-reque… Barry Leiba