Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Mon, 06 May 2019 16:02 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A75B12018E; Mon, 6 May 2019 09:02:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gL-Hvp1EH0wz; Mon, 6 May 2019 09:02:32 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32F62120091; Mon, 6 May 2019 09:02:31 -0700 (PDT)
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x46G2F9D028985 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 6 May 2019 12:02:17 -0400
Date: Mon, 6 May 2019 11:02:14 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>
Cc: Alissa Cooper <alissa@cooperw.in>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, Liang Xia <frank.xialiang@huawei.com>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "dots@ietf.org" <dots@ietf.org>, IESG <iesg@ietf.org>
Message-ID: <20190506160214.GG19509@kduck.mit.edu>
References: <155676213548.2612.17892772935784304109.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA68A8D@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <95C6D084-9E41-496A-8FD1-4AA5BAA7426E@cooperw.in> <BYAPR16MB27908DC93A4789945C9FEADEEA350@BYAPR16MB2790.namprd16.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <BYAPR16MB27908DC93A4789945C9FEADEEA350@BYAPR16MB2790.namprd16.prod.outlook.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/-cCIk0OjxVeJr3mP16GQANKDfy8>
Subject: Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2019 16:02:36 -0000

On Fri, May 03, 2019 at 07:17:55AM +0000, Konda, Tirumaleswar Reddy wrote:
> Hi Alissa,
> 
> Please see inline
> 
> From: Dots <dots-bounces@ietf.org> On Behalf Of Alissa Cooper
> Sent: Thursday, May 2, 2019 8:50 PM
> To: mohamed.boucadair@orange.com
> Cc: draft-ietf-dots-signal-channel@ietf.org; Liang Xia <frank.xialiang@huawei.com>om>; dots@ietf.org; IESG <iesg@ietf.org>rg>; dots-chairs@ietf.org
> Subject: Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
> 
> 
> CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
> 
> 
> ________________________________
> Hi Med,
> 
> 
> On May 2, 2019, at 3:18 AM, mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com> wrote:
> 
> Hi Alissa,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> 
> -----Message d'origine-----
> De : Alissa Cooper via Datatracker [mailto:noreply@ietf.org]
> Envoyé : jeudi 2 mai 2019 03:56
> À : The IESG
> Cc : draft-ietf-dots-signal-channel@ietf.org<mailto:draft-ietf-dots-signal-channel@ietf.org>; Liang Xia; dots-
> chairs@ietf.org<mailto:chairs@ietf.org>; frank.xialiang@huawei.com<mailto:frank.xialiang@huawei.com>; dots@ietf.org<mailto:dots@ietf.org>
> Objet : Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with
> DISCUSS and COMMENT)
> 
> Alissa Cooper has entered the following ballot position for
> draft-ietf-dots-signal-channel-31: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-dots-signal-channel/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> = Section 3 =
> 
> "By default, a DOTS signal channel MUST run over port number TBD as
>   defined in Section 9.1, for both UDP and TCP, unless the DOTS server
>   has a mutual agreement with its DOTS clients to use a different port
>   number.  DOTS clients MAY alternatively support means to dynamically
>   discover the ports used by their DOTS servers (e.g.,
>   [I-D.boucadair-dots-server-discovery])."
> 
> MUST implies an absolute requirement, so "MUST .... unless" is a problematic
> construction.
> 
> [Med] It seems that you missed "By default, “.
> 
> Even with “by default” this still is problematic. MUST indicates an absolute requirement.
> 
> [TR] “MUST (NOT)..unless” construction is used in several specifications, please see https://tools.ietf.org/html/rfc8094#section-3.1 and https://tools.ietf.org/html/rfc7232#section-2.2.1

Alissa is correct that MUST is absolute within the realm that it applies
to, so we need to be clear about what domain the requirement applies to.
The text in the -31 here is particularly problematic because of the
following "MAY alternatively" which is in a different sentence and has a
confusing relationship to the previous text.  A (hopefully clearer)
proposal:

In some cases, a DOTS client and server may have mutual agreement to use a
specific port number, such as by explicit configuration or dynamic
discovery [I-D.boucadair-dots-server-discvory].  Absent such mutual
agreement, the DOTS signal channel MUST run over port number TBD as defined
in Section 9.1, for both UDP and TCP.

-Ben