Re: [core] Benjamin Kaduk's No Objection on draft-ietf-core-too-many-reqs-05: (with COMMENT)

Ari Keränen <ari.keranen@ericsson.com> Thu, 01 November 2018 00:50 UTC

Return-Path: <ari.keranen@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB86A130E07 for <core@ietfa.amsl.com>; Wed, 31 Oct 2018 17:50:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.792
X-Spam-Level:
X-Spam-Status: No, score=-3.792 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=EUcJbhIe; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=ericsson.com header.b=MyNAOFFK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xjV4jJx5bZ7g for <core@ietfa.amsl.com>; Wed, 31 Oct 2018 17:50:18 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBEC4130DF3 for <core@ietf.org>; Wed, 31 Oct 2018 17:50:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1541033414; x=1543625414; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=kectEi/eiwOtrnfuHXVhvSTixHGu6CoR0biHSVmp6X4=; b=EUcJbhIe6tqNlfmpd+pZUFTQq8gd+4iSVJ4WpQ7MTUfNJJk76duLtLQ+cwcMNZIV t+nL9AfW6v/Gcq3N7kL/NySWRdvNQRrhsXq4VqfFk4n6ashFOO4YR4wdA9nL5cd2 0NzmJlTvC6jD3WLKPHol840Mn5yrohXyrHEuDkbtDFU=;
X-AuditID: c1b4fb25-ad3ff7000000414e-be-5bda4dc51aa8
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 08.AD.16718.5CD4ADB5; Thu, 1 Nov 2018 01:50:13 +0100 (CET)
Received: from ESESBMB505.ericsson.se (153.88.183.172) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 1 Nov 2018 01:50:13 +0100
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB505.ericsson.se (153.88.183.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 1 Nov 2018 01:50:13 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=04wqQZs1yI9qkgRgEfxsuoejwoZplAYu6o3yy8TRHAU=; b=MyNAOFFKb8XFovmVYCR/CDUaSY44aRNM+tH9UqQYVG9EQ199KF5RAc9B23zLS5qK5QTImM4nzDWnD0VflAAyHjaCAvwQNAz87Eb7c3HhMu+he64BSiM0SuR5ROhw1xjuZBiyqbcUNZYsseM7CzxY3AdbXr5yRyAu8IKiOtm6FJY=
Received: from HE1PR07MB4236.eurprd07.prod.outlook.com (20.176.166.145) by HE1PR07MB3434.eurprd07.prod.outlook.com (10.170.247.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.14; Thu, 1 Nov 2018 00:50:12 +0000
Received: from HE1PR07MB4236.eurprd07.prod.outlook.com ([fe80::b074:afe2:469c:dd95]) by HE1PR07MB4236.eurprd07.prod.outlook.com ([fe80::b074:afe2:469c:dd95%3]) with mapi id 15.20.1294.018; Thu, 1 Nov 2018 00:50:12 +0000
From: =?utf-8?B?QXJpIEtlcsOkbmVu?= <ari.keranen@ericsson.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: The IESG <iesg@ietf.org>, "draft-ietf-core-too-many-reqs@ietf.org" <draft-ietf-core-too-many-reqs@ietf.org>, Carsten Bormann <cabo@tzi.org>, "core-chairs@ietf.org" <core-chairs@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: Benjamin Kaduk's No Objection on draft-ietf-core-too-many-reqs-05: (with COMMENT)
Thread-Index: AQHUawqUowScLHb5SkGvYwH/PHOlTaUt8X8AgAJLkYCACZVaAA==
Date: Thu, 1 Nov 2018 00:50:11 +0000
Message-ID: <D09B1BEF-907A-4E0D-995A-34123BA93317@ericsson.com>
References: <154032461873.31236.9757655812218106074.idtracker@ietfa.amsl.com> <73D663A8-782F-4417-ABB4-E95C657FBE87@ericsson.com> <20181025173843.GC45914@kduck.kaduk.org>
In-Reply-To: <20181025173843.GC45914@kduck.kaduk.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ari.keranen@ericsson.com;
x-originating-ip: [49.229.174.198]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR07MB3434; 6:RPEnM6V4whoeh5OTEBlCIeb41WsHxyh3HBUirAbUTvp8+gAMliJ4R3/UYC462trAWgzeeg5pPR8UuOS0Uimj66agPk84sCX/Ol08EORS42NrY+lKO+8DELiXTSCsAps8yrIs3w7UkSCElgi0CzwgmrMNyW2qhKmF+qrYI0qvNDbv9sH0AdNYOEC3WlWKTRkFlPFB5dEhyGapEF7JKDnObc/d3udZKxIFHWDnUXr85ADUZHV4WUqNOuoHtfG+j1ywmepksuz5tkAbzxzn2GZEFbFR+4o5IQw+89W3DLdu5CyRUADnQrV1Tb0Nt2xxMSId2OwSFbpiGyGFn484ZtXBcCO9bE91Hb06Cp9aKtw5fqgLcx3w9LZW8MsYqAmzbZiFTI43lOq8PZZKC/lCxHEhmg2FEDNN+E2mAn48ZsWCDdzV/vPLhZoiyAMD33tUSHDHQ468v4sF1/ZDzbntZD81pw==; 5:V8g2ANT2uVUgIykvnYBNvbS/pY3y4bLd+fgPt9TVGWhLCoTKqJgStxY5tkmLAyg2qekPtXXYLl6Zu6ENrAjDpaFzQV9TGDoF6a+pE2V5I5LhxtO8UgQu1xr63z84+iWlVe88WJYhEduiGZmfCJx9ZxiU2UVH5yzYBR63ROxmRnI=; 7:lf7Lqgr4z08V3fZ/LqLp+LL8GJKM7ub5X2gJ4slLeEP/QGBXB0rnbNms4h3T43uTd+2uczYD2GhrnwSXIWTsY3jpRUnUxcIPhChI6pV2D4LH5m8txHoypsvSwuLaqa9HBYMutRZZB57Bqh3bSokwaw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: c9e69461-4dd8-45af-c24f-08d63f93fad6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(49563074)(7193020); SRVR:HE1PR07MB3434;
x-ms-traffictypediagnostic: HE1PR07MB3434:
x-microsoft-antispam-prvs: <HE1PR07MB343431A99BA01A290C34AA5685CE0@HE1PR07MB3434.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(788757137089)(240460790083961);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(102415395)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231382)(944501410)(4983020)(52105095)(148016)(149066)(150057)(6041310)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:HE1PR07MB3434; BCL:0; PCL:0; RULEID:; SRVR:HE1PR07MB3434;
x-forefront-prvs: 0843C17679
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(39860400002)(346002)(366004)(396003)(199004)(189003)(36756003)(186003)(85182001)(6116002)(3846002)(97736004)(6436002)(26005)(6486002)(2906002)(6512007)(86362001)(7736002)(14444005)(11346002)(446003)(2616005)(53936002)(6246003)(256004)(102836004)(305945005)(486006)(476003)(66066001)(5250100002)(2171002)(478600001)(25786009)(82746002)(4326008)(6916009)(5660300001)(81156014)(81166006)(99286004)(8676002)(33656002)(6506007)(99936001)(76176011)(14454004)(8936002)(316002)(345774005)(68736007)(66574009)(71190400001)(105586002)(229853002)(106356001)(85202003)(54906003)(71200400001)(83716004)(2900100001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3434; H:HE1PR07MB4236.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: fadGWSSAg5ldY4D8LgEVoBzQWgQuulbTyLfvnbFIFvdASbj/uKcvYq4IVlDODwQ0U5fens47zbtK2xMjpZAoZufXNhTuFEXyAzQYOKRv2CrizrqRNFoAo5C0egcqa7M976lb8m5lQ8tiJnWFUEb2EKz69HJL5myBlb1NuBhAplZfRlgeZ1uRBVMGVypXLHL8sCnby2dyZk5PLxThAXTr6TrZ+olgz7iIxmsKru9SV4pexzRShuQTgKr5onA7rWl/apc3+KLUjg8Y1zLbqHLweQbEMB8XfM17yYk5g0WeNlpe32pJTHFRz3mAAhszOmuGp6fLTSzY9rb6SNFUDuE2DNoE/oGJTZf7o25Q3SrVviU=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; boundary=Apple-Mail-93196EA0-34A9-4F9B-9F22-11B7D6D4EB3D; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c9e69461-4dd8-45af-c24f-08d63f93fad6
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2018 00:50:11.8923 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3434
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRjHec85O56Jg7el+WAZNOpDhpeV1rHsJkhCFwqiQoNceUpTN9sx S4MQKyotzZw6pZpdTPNSWsvMwNpUyEuUXTRMk7kZlAr6wZaY0nZeA7/9nvf//z/P+7y8HK38 JvPjErVpgl6rSVaxnkzpoRdnAtt398eGvM2P4NsMgzK+seEDy7eMP6H58kvPGd74t4DmKxtK qW1s9IMH01R0dnc7HV18L3EvHeMZES8kJ6YL+uAtcZ4JX1/qUv/sOHvtppnOQhNROUjOAQ4F e221LAd5ckrchmB08rfMLSjxFAKrM5MI9ynIszg93AWDb9DQWjzAEMVAgbH5FUUKG4LJDqeU Z/FmcFxqkdgbq+D+u4us20TjEQQWk0USFuM4+HIxmyUmDZSMDlKEI2G4/z3tZgavhCbzLcbN CrwVmuryEJn2GEHZ5wYpLMdhMFT4SAogvAScnbVSIxr7Qr/DRJFVvcHW08US9oGf9jkZ8cfC r84OD3KuAvtcH03YHz6acqVhgHtZuJL7fb5RIEwUFc2bdsPlgo8sMfUg+Fs4i4gQAHnWZleA c3ESmIcyyHEMGBsNDOHlUH3dxtxAIWUL7lomvVIhgu4Rd+HeehF0lDoYYloNr3Mr53kFGHJt HoQ3wfStYUQ4DEbbJ9FCTzniqpGPKIhHU06sXRck6BOPiaJOG6QV0p4i1zezmGdWNaFPY9ut CHNI5aWoCu6PVco06WJGihWtdPUZrq/5gPwYrU4rqLwVs+EuWRGvycgU9Loj+tPJgmhFSzlG 5auwbXgWo8QnNGlCkiCkCvr/KsXJ/bIQ3zpWoTgn3lkVjVpwQRjFrvF+ONLjKLf3VXvtlzev X1ey/nBF6JqalANTcXcNB/0Gui4Ex/vHbDvJhYnLAiIml3XGscYlV/PjNx7neIPOPD7XKa+K emcatYWvnZktaFPXptzbOXD+HP+mXh0Zuajo9vAprI5Mr6/r3VW7b4/zh4oREzTqAFovav4B LoGjGW4DAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/ccT5XbmLGcGGbAP3iBOzefdTMEQ>
Subject: Re: [core] Benjamin Kaduk's No Objection on draft-ietf-core-too-many-reqs-05: (with COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2018 00:50:27 -0000

> On 25 Oct 2018, at 20.39, Benjamin Kaduk <kaduk@mit.edu>; wrote:
> 
>> On Wed, Oct 24, 2018 at 06:35:44AM +0000, Ari Keränen wrote:
[...]
>>> On 23 Oct 2018, at 22.57, Benjamin Kaduk <kaduk@mit.edu>; wrote:
>>> 
>>> Benjamin Kaduk has entered the following ballot position for
>>> draft-ietf-core-too-many-reqs-05: No Objection
[... trimming cleared issues]
>>>  If a client repeats a request that was answered with 4.29 before Max-
>>>  Age time has passed, it is possible the client did not recognize the
>>>  error code and the server MAY respond with a more generic error code
>>>  (e.g., 5.03).
>>> 
>>> Isn't it also possible that the additional requests were already in flight
>>> when the 4.29 was generated?  (It's unclear whether that needs to be
>>> specifcially mentioned in the document.)
>> 
>> Yes. I clarified this now in the end of server behavior section.
>> 
>>> Section 5
>>> 
>>> As per the previous comment, a server that erroneously returns 4.29 to too
>>> many (i.e., including well-behaving) clients would unnecessarily DoS the
>>> well-behaved clients.
>> 
>> Are you referring to “many requests in flight” issue? For a client sending too many requests before receiving an answer a 4.29 seems like appropriate answer. Or which well-behaving client do you mean here?
> 
> I had in mind a rather more unlikely scenario.  The easiest to explain
> version would be a server operator that misreads this document as "a new
> response code 4.29 to replace 5.03 when requests are coming in too fast",
> and sends 4.29 responses to *all* requests during an overload condition,
> regardless of how frequently any individual client is sending requests. The
> desired behavior is that 4.29 is restricted to just the clients that are
> behaving poorly, and if the server sends 4.29 to a broader audience than
> that, some well-behaved clients will be DoSed.  Looking back, I'm not sure
> why I wrote "as per the previous comment", so my apologies for seeding
> confusion.

Thank you for the clarification! I don’t think that’s actually a big problem since both 5.03 and 4.29 have the same semantics for the back-off period. 5.03 is basically just more generic and gives client less information on what it could actually do. Also there’s not much we can do in general if implementation chooses to use inappropriate response codes.


Cheers,
Ari