Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 03 May 2019 07:18 UTC
Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D86F12006B; Fri, 3 May 2019 00:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxVgT337mQ7v; Fri, 3 May 2019 00:18:26 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7467120044; Fri, 3 May 2019 00:18:25 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1556867511; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=u G8b78UlkMpm8RV8NU02lHmEnDXO4ZiyjVe1Pa3O6G 0=; b=kWUWuTgDg7WipQZ+SJz6T5Ermh7OxW+0fTmnvg0ec9rn YwiR3xJCfgIBBtKyfRIfjSe+w4FK94eg7456JVJApmTUJGbcLv 98VcvYPzPOp2QmNcFIyihpBG/3ThfGkgzfRAICSM5Y/riOGKAq KkJv2ZYH30tl10biSz4Mo9mf+Ms=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 5353_e752_fb61761b_33c8_4f35_8328_8aedc80b01a2; Fri, 03 May 2019 01:11:50 -0600
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 3 May 2019 01:17:59 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Fri, 3 May 2019 01:17:59 -0600
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (10.44.176.243) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 3 May 2019 01:17:58 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2759.namprd16.prod.outlook.com (20.178.233.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.11; Fri, 3 May 2019 07:17:56 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62%5]) with mapi id 15.20.1835.018; Fri, 3 May 2019 07:17:56 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Alissa Cooper <alissa@cooperw.in>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
CC: "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, Liang Xia <frank.xialiang@huawei.com>, "dots@ietf.org" <dots@ietf.org>, IESG <iesg@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>
Thread-Topic: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
Thread-Index: AQHVALdcCadHJmadrkCJI1vhJ5r5G6ZX87EAgAEKLOA=
Date: Fri, 03 May 2019 07:17:55 +0000
Message-ID: <BYAPR16MB27908DC93A4789945C9FEADEEA350@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155676213548.2612.17892772935784304109.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA68A8D@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <95C6D084-9E41-496A-8FD1-4AA5BAA7426E@cooperw.in>
In-Reply-To: <95C6D084-9E41-496A-8FD1-4AA5BAA7426E@cooperw.in>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ae35029d-1c77-4020-adfc-08d6cf977753
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR16MB2759;
x-ms-traffictypediagnostic: BYAPR16MB2759:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <BYAPR16MB275984213D46B203D171D375EA350@BYAPR16MB2759.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0026334A56
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(396003)(366004)(39860400002)(376002)(199004)(189003)(32952001)(8936002)(9326002)(86362001)(25786009)(186003)(66066001)(71200400001)(6246003)(71190400001)(11346002)(446003)(21615005)(53936002)(6506007)(33656002)(5024004)(26005)(102836004)(476003)(55016002)(256004)(9686003)(54896002)(6306002)(236005)(81166006)(81156014)(5660300002)(486006)(68736007)(4326008)(8676002)(606006)(99286004)(53546011)(790700001)(74316002)(76116006)(6436002)(966005)(229853002)(66556008)(64756008)(66446008)(66476007)(73956011)(66946007)(52536014)(14454004)(76176011)(6116002)(2906002)(110136005)(80792005)(2501003)(7736002)(316002)(54906003)(3846002)(478600001)(72206003)(7696005)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2759; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: EHZSLRMAN3C0b9HrVjMcU1kXla1PnUYl13uYwJhRQOZRPuQMVgKy0aUb7Y9+4lxSX9wityQK8BnJ/EHHPxYlPfXYzxUoQhqG3f8kP+fcKQ1Lr3DfqZaD+Xgr+P7voB0ZLxXrzd8v/RgW0gi/RFdhKVsGS2CxTjrGVXDOa/cajeT/RRwIfFGKfbK+7q8plNujC5fwCXMIF/rjsRvuVzsfBZGKJW7PILXBMgRyEDtXb8E597oF3jlbY8rxgM5OlEBB5lih6NoURVPGhiRQ91kUwXnVzJosygfSpNVbPEM/0KQvtfXctfgGh0t8m9MycOUSvSoQeJoR7KwNOv/JV4KsbiD9WG8UR7NqsVprZZi2pGoUdExggIwBxQO55jK8qPnbJgLf7aTgN3cs/qWt8eJryddBcRcFDZN2au61vwot9yA=
Content-Type: multipart/alternative; boundary="_000_BYAPR16MB27908DC93A4789945C9FEADEEA350BYAPR16MB2790namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ae35029d-1c77-4020-adfc-08d6cf977753
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 May 2019 07:17:56.6916 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2759
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6538> : inlines <7072> : streams <1820428> : uri <2839971>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/4Ck_fc1bMMdB5WNvje2s-41UxhA>
Subject: Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2019 07:18:29 -0000
Hi Alissa, Please see inline From: Dots <dots-bounces@ietf.org> On Behalf Of Alissa Cooper Sent: Thursday, May 2, 2019 8:50 PM To: mohamed.boucadair@orange.com Cc: draft-ietf-dots-signal-channel@ietf.org; Liang Xia <frank.xialiang@huawei.com>; dots@ietf.org; IESG <iesg@ietf.org>; dots-chairs@ietf.org Subject: Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT) CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe. ________________________________ Hi Med, On May 2, 2019, at 3:18 AM, mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com> wrote: Hi Alissa, Please see inline. Cheers, Med -----Message d'origine----- De : Alissa Cooper via Datatracker [mailto:noreply@ietf.org] Envoyé : jeudi 2 mai 2019 03:56 À : The IESG Cc : draft-ietf-dots-signal-channel@ietf.org<mailto:draft-ietf-dots-signal-channel@ietf.org>; Liang Xia; dots- chairs@ietf.org<mailto:chairs@ietf.org>; frank.xialiang@huawei.com<mailto:frank.xialiang@huawei.com>; dots@ietf.org<mailto:dots@ietf.org> Objet : Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT) Alissa Cooper has entered the following ballot position for draft-ietf-dots-signal-channel-31: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dots-signal-channel/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- = Section 3 = "By default, a DOTS signal channel MUST run over port number TBD as defined in Section 9.1, for both UDP and TCP, unless the DOTS server has a mutual agreement with its DOTS clients to use a different port number. DOTS clients MAY alternatively support means to dynamically discover the ports used by their DOTS servers (e.g., [I-D.boucadair-dots-server-discovery])." MUST implies an absolute requirement, so "MUST .... unless" is a problematic construction. [Med] It seems that you missed "By default, “. Even with “by default” this still is problematic. MUST indicates an absolute requirement. [TR] “MUST (NOT)..unless” construction is used in several specifications, please see https://tools.ietf.org/html/rfc8094#section-3.1 and https://tools.ietf.org/html/rfc7232#section-2.2.1 -Tiru Furthermore, it doesn't make sense together with "MAY alternatively," which indicates that port number discovery is an alternative to the fixed to-be-assigned port. I didn't have time to get very far into draft-boucadair-dots-server- discovery, [Med] I updated that reference to I-D.ietf-dots-server-discovery. but it appears that it does not mandate support for any single discovery mechanism for clients and servers to support. If so, that "alternatively" seems like more of a problem, since it allows for there to be no interoperable mechanism for clients to discover server ports. I think maybe what was intended here was: s/MUST/SHOULD/ s/MAY alternatively/MAY additionally/ [Med] I implemented the second change. = Section 4.4.1 = (1) "In deployments where server-domain DOTS gateways are enabled, identity information about the origin source client domain SHOULD be propagated to the DOTS server. That information is meant to assist the DOTS server to enforce some policies such as grouping DOTS clients that belong to the same DOTS domain, limiting the number of DOTS requests, and identifying the mitigation scope. These policies can be enforced per-client, per-client domain, or both. Also, the identity information may be used for auditing and debugging purposes." Does "identity information" just refer to cdid, or something else? [Med] It refers to the information conveyed in cdid. I think it would be helpful to clarify that. (2) The constructions "MUST ... (absent explicit policy/configuration otherwise)" are problematic. I'm assuming these are meant to be SHOULDs. [Med] I checked this wording with Ben. Ok, perhaps he can comment then. = Section 13.1 = I don't understand why RFC 7951 is a normative reference but draft-ietf-core-yang-cbor is an informative reference. [Med] We used to have both as informative references, but unless I'm mistaken 7951 was moved to normative so that at least one method is supported. This is being discussed in another thread, but if that is the case the normative requirement text needs to change too. Thanks, Alissa ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- = Section 4.4.1 = "The 'cuid' is intended to be stable when communicating with a given DOTS server, i.e., the 'cuid' used by a DOTS client SHOULD NOT change over time. " Why is this the recommended behavior? [Med] because all resources/state of a DOTS client are bound to this identifier.
- [Dots] Alissa Cooper's Discuss on draft-ietf-dots… Alissa Cooper via Datatracker
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… mohamed.boucadair
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… Alexey Melnikov
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… mohamed.boucadair
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… Konda, Tirumaleswar Reddy
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… mohamed.boucadair
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… mohamed.boucadair
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… Barry Leiba
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… mohamed.boucadair
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… mohamed.boucadair
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [Dots] Alissa Cooper's Discuss on draft-ietf-… mohamed.boucadair