Re: [core] Large asynchronous notifications under DDoS: New BLOCK Option?

Jim Schaad <> Tue, 07 April 2020 15:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1B33D3A0C42; Tue, 7 Apr 2020 08:18:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id r-oAboI2pnJa; Tue, 7 Apr 2020 08:18:45 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5D2203A0C46; Tue, 7 Apr 2020 08:18:44 -0700 (PDT)
Received: from Jude ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 7 Apr 2020 08:18:38 -0700
From: Jim Schaad <>
CC: 'Jon Shallow' <>,
References: <787AE7BB302AE849A7480A190F8B933031490173@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B933031490173@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Tue, 07 Apr 2020 08:18:36 -0700
Message-ID: <049201d60cef$d1299a50$737ccef0$>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0493_01D60CB5.24CB3780"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGFUV4cZbdAMYpJNEeLLEh4F2cKc6kPPIrA
Content-Language: en-us
X-Originating-IP: []
Archived-At: <>
Subject: Re: [core] Large asynchronous notifications under DDoS: New BLOCK Option?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 07 Apr 2020 15:18:47 -0000

I do not believe that there is anything today that says the observer is
required to do a GET to receive the next fragment in the event that it does
not care about what it says.   The question that sprints to mind is how
should the server/client decide that it does or does not want to retrieve
the entire content?





From: core <> On Behalf Of
Sent: Tuesday, April 7, 2020 4:11 AM
Cc: Jon Shallow ( <>;
Subject: [core] Large asynchronous notifications under DDoS: New BLOCK


Hi all,


We are using Observe to receive notifications during attack events. These
notifications are set as NON messages for reasons specific to DDoS


With DDoS telemetry information included (see draft-ietf-dots-telemetry), a
notification may not fit one single message. The use of BLOCK2 is not
convenient during attack times. A full description of the issue is described


We are considering some mechanisms to solve this issue. One of them is to
define a new BLOCK option (similar to BLOCK2) that does not require the
observer to send a GET to receive the next fragment. The server will send
all the fragments. The observer will follow a SACK-like approach to request
retransmission of missing fragments. 


Please let us know whether you think this is a generic issue that should be
solved at the CoAP or not. Suggestions are welcome.


Thank you. 



Jon & Med