Re: [core] [Dots] Large asynchronous notifications under DDoS: New BLOCK Option?

Carsten Bormann <> Thu, 09 April 2020 09:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 454273A0FCE; Thu, 9 Apr 2020 02:26:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id p5LYk2swm3E6; Thu, 9 Apr 2020 02:26:55 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BFED93A0FCD; Thu, 9 Apr 2020 02:26:55 -0700 (PDT)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 48ybPd16jTzyYS; Thu, 9 Apr 2020 11:26:44 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
From: Carsten Bormann <>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330314921C3@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Thu, 9 Apr 2020 11:26:35 +0200
Cc: Achim Kraus <>, Jon Shallow <>, "" <>, "" <>
X-Mao-Original-Outgoing-Id: 608117195.143019-d9284ae29cda676ad60c2c4dafe2b9ce
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <787AE7BB302AE849A7480A190F8B933031490173@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B933031490894@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <019301d60d05$d87fcca0$897f65e0$> <> <> <787AE7BB302AE849A7480A190F8B933031491200@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <023101d60d92$3642ebb0$a2c8c310$> <> <787AE7BB302AE849A7480A190F8B933031491DA6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B933031491E13@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B93303149212D@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B9330314921C3@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [core] [Dots] Large asynchronous notifications under DDoS: New BLOCK Option?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 09 Apr 2020 09:26:58 -0000

Hi Med,

thank you for updating me on this information!

On 2020-04-09, at 09:56, <> <> wrote:
>> (b) the semantics of observe is that a notification is the whole new
>> state of the resource.  Proxies will implement it that way.  Of course
>> block2 modifies this semantics a bit, so nonblock2 might do that too.
>> Still, I think we need to consider what proxies (or client caches)
>> will make out of the mechanism we devise.
> [Med] Agree for the generic CoAP case. 
> For the particular case of DOTS, sessions are established hop-by-hp when a proxy (we called it, gateway) is involved. We have the full visibility on what happens.   

So you have application-aware proxies (which may not even be CoAP proxies).

But that doesn’t mean other proxies aren’t involved; there is also the matter of client caches, which have similar properties (caching, but no multiplexing).  So far, we have tried to keep the proxy/client-caching concept valid with extensions on CoAP; this would be the first one where we would have to say “no CoAP proxies can be used”.  I was wondering whether we can avoid this situation (can = don’t make the solution too complex).

Grüße, Carsten