Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 03 May 2019 07:18 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D86F12006B; Fri, 3 May 2019 00:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxVgT337mQ7v; Fri, 3 May 2019 00:18:26 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7467120044; Fri, 3 May 2019 00:18:25 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1556867511; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=u G8b78UlkMpm8RV8NU02lHmEnDXO4ZiyjVe1Pa3O6G 0=; b=kWUWuTgDg7WipQZ+SJz6T5Ermh7OxW+0fTmnvg0ec9rn YwiR3xJCfgIBBtKyfRIfjSe+w4FK94eg7456JVJApmTUJGbcLv 98VcvYPzPOp2QmNcFIyihpBG/3ThfGkgzfRAICSM5Y/riOGKAq KkJv2ZYH30tl10biSz4Mo9mf+Ms=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 5353_e752_fb61761b_33c8_4f35_8328_8aedc80b01a2; Fri, 03 May 2019 01:11:50 -0600
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 3 May 2019 01:17:59 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Fri, 3 May 2019 01:17:59 -0600
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (10.44.176.243) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 3 May 2019 01:17:58 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2759.namprd16.prod.outlook.com (20.178.233.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.11; Fri, 3 May 2019 07:17:56 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62%5]) with mapi id 15.20.1835.018; Fri, 3 May 2019 07:17:56 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Alissa Cooper <alissa@cooperw.in>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
CC: "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, Liang Xia <frank.xialiang@huawei.com>, "dots@ietf.org" <dots@ietf.org>, IESG <iesg@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>
Thread-Topic: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
Thread-Index: AQHVALdcCadHJmadrkCJI1vhJ5r5G6ZX87EAgAEKLOA=
Date: Fri, 3 May 2019 07:17:55 +0000
Message-ID: <BYAPR16MB27908DC93A4789945C9FEADEEA350@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155676213548.2612.17892772935784304109.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA68A8D@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <95C6D084-9E41-496A-8FD1-4AA5BAA7426E@cooperw.in>
In-Reply-To: <95C6D084-9E41-496A-8FD1-4AA5BAA7426E@cooperw.in>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ae35029d-1c77-4020-adfc-08d6cf977753
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR16MB2759;
x-ms-traffictypediagnostic: BYAPR16MB2759:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <BYAPR16MB275984213D46B203D171D375EA350@BYAPR16MB2759.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0026334A56
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(396003)(366004)(39860400002)(376002)(199004)(189003)(32952001)(8936002)(9326002)(86362001)(25786009)(186003)(66066001)(71200400001)(6246003)(71190400001)(11346002)(446003)(21615005)(53936002)(6506007)(33656002)(5024004)(26005)(102836004)(476003)(55016002)(256004)(9686003)(54896002)(6306002)(236005)(81166006)(81156014)(5660300002)(486006)(68736007)(4326008)(8676002)(606006)(99286004)(53546011)(790700001)(74316002)(76116006)(6436002)(966005)(229853002)(66556008)(64756008)(66446008)(66476007)(73956011)(66946007)(52536014)(14454004)(76176011)(6116002)(2906002)(110136005)(80792005)(2501003)(7736002)(316002)(54906003)(3846002)(478600001)(72206003)(7696005)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2759; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: EHZSLRMAN3C0b9HrVjMcU1kXla1PnUYl13uYwJhRQOZRPuQMVgKy0aUb7Y9+4lxSX9wityQK8BnJ/EHHPxYlPfXYzxUoQhqG3f8kP+fcKQ1Lr3DfqZaD+Xgr+P7voB0ZLxXrzd8v/RgW0gi/RFdhKVsGS2CxTjrGVXDOa/cajeT/RRwIfFGKfbK+7q8plNujC5fwCXMIF/rjsRvuVzsfBZGKJW7PILXBMgRyEDtXb8E597oF3jlbY8rxgM5OlEBB5lih6NoURVPGhiRQ91kUwXnVzJosygfSpNVbPEM/0KQvtfXctfgGh0t8m9MycOUSvSoQeJoR7KwNOv/JV4KsbiD9WG8UR7NqsVprZZi2pGoUdExggIwBxQO55jK8qPnbJgLf7aTgN3cs/qWt8eJryddBcRcFDZN2au61vwot9yA=
Content-Type: multipart/alternative; boundary="_000_BYAPR16MB27908DC93A4789945C9FEADEEA350BYAPR16MB2790namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ae35029d-1c77-4020-adfc-08d6cf977753
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 May 2019 07:17:56.6916 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2759
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6538> : inlines <7072> : streams <1820428> : uri <2839971>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/4Ck_fc1bMMdB5WNvje2s-41UxhA>
Subject: Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2019 07:18:29 -0000

Hi Alissa,

Please see inline

From: Dots <dots-bounces@ietf.org> On Behalf Of Alissa Cooper
Sent: Thursday, May 2, 2019 8:50 PM
To: mohamed.boucadair@orange.com
Cc: draft-ietf-dots-signal-channel@ietf.org; Liang Xia <frank.xialiang@huawei.com>om>; dots@ietf.org; IESG <iesg@ietf.org>rg>; dots-chairs@ietf.org
Subject: Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi Med,


On May 2, 2019, at 3:18 AM, mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com> wrote:

Hi Alissa,

Please see inline.

Cheers,
Med


-----Message d'origine-----
De : Alissa Cooper via Datatracker [mailto:noreply@ietf.org]
Envoyé : jeudi 2 mai 2019 03:56
À : The IESG
Cc : draft-ietf-dots-signal-channel@ietf.org<mailto:draft-ietf-dots-signal-channel@ietf.org>; Liang Xia; dots-
chairs@ietf.org<mailto:chairs@ietf.org>; frank.xialiang@huawei.com<mailto:frank.xialiang@huawei.com>; dots@ietf.org<mailto:dots@ietf.org>
Objet : Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with
DISCUSS and COMMENT)

Alissa Cooper has entered the following ballot position for
draft-ietf-dots-signal-channel-31: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dots-signal-channel/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

= Section 3 =

"By default, a DOTS signal channel MUST run over port number TBD as
  defined in Section 9.1, for both UDP and TCP, unless the DOTS server
  has a mutual agreement with its DOTS clients to use a different port
  number.  DOTS clients MAY alternatively support means to dynamically
  discover the ports used by their DOTS servers (e.g.,
  [I-D.boucadair-dots-server-discovery])."

MUST implies an absolute requirement, so "MUST .... unless" is a problematic
construction.

[Med] It seems that you missed "By default, “.

Even with “by default” this still is problematic. MUST indicates an absolute requirement.

[TR] “MUST (NOT)..unless” construction is used in several specifications, please see https://tools.ietf.org/html/rfc8094#section-3.1 and https://tools.ietf.org/html/rfc7232#section-2.2.1

-Tiru

Furthermore, it doesn't make sense together with "MAY

alternatively," which indicates that port number discovery is an alternative
to
the fixed to-be-assigned port.

I didn't have time to get very far into draft-boucadair-dots-server-
discovery,

[Med] I updated that reference to I-D.ietf-dots-server-discovery.


but it appears that it does not mandate support for any single discovery
mechanism for clients and servers to support. If so, that "alternatively"
seems
like more of a problem, since it allows for there to be no interoperable
mechanism for clients to discover server ports. I think maybe what was
intended
here was:

s/MUST/SHOULD/
s/MAY alternatively/MAY additionally/

[Med] I implemented the second change.



= Section 4.4.1 =

(1)
"In deployments where server-domain DOTS gateways are enabled,
  identity information about the origin source client domain SHOULD be
  propagated to the DOTS server.  That information is meant to assist
  the DOTS server to enforce some policies such as grouping DOTS
  clients that belong to the same DOTS domain, limiting the number of
  DOTS requests, and identifying the mitigation scope.  These policies
  can be enforced per-client, per-client domain, or both.  Also, the
  identity information may be used for auditing and debugging purposes."

Does "identity information" just refer to cdid, or something else?

[Med] It refers to the information conveyed in cdid.

I think it would be helpful to clarify that.





(2) The constructions "MUST ... (absent explicit policy/configuration
otherwise)" are problematic. I'm assuming these are meant to be SHOULDs.

[Med] I checked this wording with Ben.

Ok, perhaps he can comment then.




= Section 13.1 =

I don't understand why RFC 7951 is a normative reference but
draft-ietf-core-yang-cbor is an informative reference.

[Med] We used to have both as informative references, but unless I'm mistaken 7951 was moved to normative so that at least one method is supported.

This is being discussed in another thread, but if that is the case the normative requirement text needs to change too.

Thanks,
Alissa






----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

= Section 4.4.1 =

"The 'cuid' is intended to be stable when communicating with a
     given DOTS server, i.e., the 'cuid' used by a DOTS client SHOULD
     NOT change over time. "

Why is this the recommended behavior?

[Med] because all resources/state of a DOTS client are bound to this identifier.