Re: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31

<> Wed, 03 April 2019 06:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 83576120395; Tue, 2 Apr 2019 23:35:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4i_wYancnjlZ; Tue, 2 Apr 2019 23:35:54 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F327712049E; Tue, 2 Apr 2019 23:35:53 -0700 (PDT)
Received: from (unknown [xx.xx.xx.4]) by (ESMTP service) with ESMTP id 44YxD80BKLz2xtQ; Wed, 3 Apr 2019 08:35:52 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.98]) by (ESMTP service) with ESMTP id 44YxD76P67zCqkT; Wed, 3 Apr 2019 08:35:51 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM7F.corporate.adroot.infra.ftgroup ([fe80::d9:d3cd:85bd:d331%21]) with mapi id 14.03.0439.000; Wed, 3 Apr 2019 08:35:51 +0200
To: Yoshifumi Nishida <>
CC: Yoshifumi Nishida <>, "" <>, "" <>, "" <>, "" <>
Thread-Topic: Tsvart last call review of draft-ietf-dots-signal-channel-31
Thread-Index: AQHU6Z+uUBMkEiD7EUiAdpk+3/hJ56Yp9W2g
Date: Wed, 03 Apr 2019 06:35:51 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA51A15@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <> <787AE7BB302AE849A7480A190F8B93302EA5053A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B93302EA51A15OPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Apr 2019 06:35:57 -0000

Hi Yoshi,

Please see inline.


De : Yoshifumi Nishida []
Envoyé : mercredi 3 avril 2019 00:02
Cc : Yoshifumi Nishida;;;;
Objet : Re: Tsvart last call review of draft-ietf-dots-signal-channel-31

HI Med,

Thanks for the reply. I put my comments in lines.

On Sun, Mar 31, 2019 at 11:55 PM <<>> wrote:
Hi Yoshi,

Thank you for the review.

Please see inline.


> -----Message d'origine-----
> De : Yoshifumi Nishida via Datatracker [<>]
> Envoyé : dimanche 31 mars 2019 10:53
> À :<>
> Cc :<>;<>;
> Objet : Tsvart last call review of draft-ietf-dots-signal-channel-31
> Reviewer: Yoshifumi Nishida
> Review result: Almost Ready
> This document has been reviewed as part of the transport area review team's
> ongoing effort to review key IETF documents. These comments were written
> primarily for the transport area directors, but are copied to the document's
> authors and WG to allow them to address any issues raised and also to the
> discussion list for information.
> When done at the time of IETF Last Call, the authors should consider this
> review as part of the last-call comments they receive. Please always CC
><> if you reply to or forward this review.
> Summary: This document is almost ready for publication, but it will be better
> to clarify the following points.
> 1:   "it is out of scope of this document to specify the behavior to be
> followed by a DOTS client to send DOTS requests when multiple
>         DOTS servers are provisioned."
>       I'm not sure why it is out of scope. Does it bring a certain
> complexities
>       to the protocol?
>      Or, does it simply mean it is up to implementations?

[Med] This is because of specific considerations such as those discussed in draft-ietf-dots-multihoming. We don't want to overload the base spec with such considerations (discussed in separate documents). The same approach is followed for server discovery (draft-ietf-dots-server-discovery).

Got it. I think it would be useful for readers to mention it in the draft.

[Med] I updated the text as follows :

   Likewise, it is out of scope of this document to specify the behavior
   to be followed by a DOTS client to send DOTS requests when multiple
   DOTS servers are provisioned (e.g., contact all DOTS servers, select
   one DOTS server among the list).  Such behavior is specified in other
   documents (e.g.,  [I-D.ietf-dots-multihoming]).

> 2:   "The DOTS client periodically repeats the mechanism to discover whether
> DOTS signal
>         channel messages with DTLS over UDP becomes available from the DOTS
>         server.."
>        -> Does this mean DOTS clients will not repeat this when it already
> has
>        DTLS over UDP connection?
>            What about if the client has DTLS over UDPv4? Does it try to check
>            DTLS over UDPv6? Also, is this logic MAY or SHOULD or don't want
> to
>            specify?

[Med] The client will retry when the cache flushes out:

   Note that the DOTS client after successfully establishing a
   connection MUST cache information regarding the outcome of each
   connection attempt for a specific time period, and it uses that
   information to avoid thrashing the network with subsequent attempts.

OK, but if you retry anyway after a certain time, why do you need to cache the results?

[Med] “to avoid thrashing the network with subsequent attempts” as the text says. Also, caching avoids the inconvenience of selection during attack times. Typically, the client executes the HE procedure when it initializes and uses the outcome of the procedure for subsequent DOTS signal exchanges during a certain period. Please refer to this text in the draft:

   To overcome these connection setup problems, the DOTS client attempts

   to connect to its DOTS server(s) using both IPv6 and IPv4, and tries

   both DTLS over UDP and TLS over TCP in a manner similar to the Happy

   Eyeballs mechanism [RFC8305].  These connection attempts are

   performed by the DOTS client when it initializes, or in general when

   it has to select an address family and transport to contact its DOTS

   server.  The results of the Happy Eyeballs procedure are used by the

   DOTS client for sending its subsequent messages to the DOTS server.

> 3:   "DOTS agents SHOULD follow the data transmission guidelines discussed
>         in Section 3.1.3 of [RFC8085] and control transmission behavior by
>         not sending more than one UDP datagram per round-trip time (RTT) to
>         the peer DOTS agent on average."
>       ->  How about TCP connections?

[Med] TCP does not have the issue with non-confirmable messages. FWIW, RFC8323 states the following:

   The request/response interaction model of CoAP over TCP is the same
   as CoAP over UDP.  The primary differences are in the message layer.
   The message layer of CoAP over UDP supports optional reliability by
   defining four types of messages: Confirmable, Non-confirmable,
   Acknowledgment, and Reset.


   Since TCP eliminates the need for the message layer to support
   reliability, CoAP over reliable transports does not support
   Confirmable or Non-confirmable message types.

I see. Thanks for the clarification.