[Dots] Signal Channel 4.5.3 Configuration Freshness and Notifications
"Jon Shallow" <supjps-ietf@jpshallow.com> Mon, 16 July 2018 16:57 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCE1F130EA7 for <dots@ietfa.amsl.com>; Mon, 16 Jul 2018 09:57:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3t0KYakFPjt for <dots@ietfa.amsl.com>; Mon, 16 Jul 2018 09:57:00 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 170FA130DDF for <dots@ietf.org>; Mon, 16 Jul 2018 09:57:00 -0700 (PDT)
Received: from [127.0.0.1] (helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.90_1) (envelope-from <jon.shallow@jpshallow.com>) id 1ff6nx-0006ym-2Y for ietf-supjps-dots@ietf.org; Mon, 16 Jul 2018 17:56:57 +0100
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: dots@ietf.org
Date: Mon, 16 Jul 2018 17:56:57 +0100
Message-ID: <039801d41d26$019dab60$04d90220$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0399_01D41D2E.636324D0"
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-gb
Thread-Index: AdQdJgGARlwaeM+cRY+n8P4Pc4NOBQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/GJnWZTiiREjxZ_4SZEmRJVRI51M>
Subject: [Dots] Signal Channel 4.5.3 Configuration Freshness and Notifications
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jul 2018 16:57:03 -0000
Hi there, I think that a GET request needs to be added into the following (OLD) text to support a DOTS server configuration change getting to the DOTS client when Max-Age expires, otherwise the DOTS client will override the DOTS server configuration with the PUT of the old (pre configuration change) values. OLD 4.5.3. Configuration Freshness and Notifications Max-Age Option (Section 5.10.5 of [RFC7252]) SHOULD be returned by a DOTS server to associate a validity time with a configuration it sends. This feature allows the update of the configuration data if a change occurs at the DOTS server side. For example, the new configuration may instruct a DOTS client to cease heartbeats or reduce heartbeat frequency. .. If a non-zero value of Max-Age Option is received by a DOTS client, it MUST issue a PUT request to refresh the configuration parameters for the signal channel before the expiry of the value enclosed in the Max-Age option. When a DDoS attack is active, refresh requests MUST NOT be sent by DOTS clients and the DOTS server MUST NOT terminate the (D)TLS session after the expiry of the value returned in Max-Age Option. NEW 4.5.3. Configuration Freshness and Notifications Max-Age Option (Section 5.10.5 of [RFC7252]) SHOULD be returned by a DOTS server to associate a validity time with a configuration it sends. This feature allows the update of the configuration data if a change occurs at the DOTS server side. For example, the new configuration may instruct a DOTS client to cease heartbeats or reduce heartbeat frequency. .. If a non-zero value of Max-Age Option is received by a DOTS client, it first MUST do a GET to retrieve the current notion of the DOTS server's configuration, and then it MUST issue a PUT request to refresh the configuration parameters for the signal channel before the expiry of the value enclosed in the Max-Age option. When a DDoS attack is active, refresh requests MUST NOT be sent by DOTS clients and the DOTS server MUST NOT terminate the (D)TLS session after the expiry of the value returned in Max-Age Option. Or should it be that a GET causes the DOTS server to refresh its internal remaining lifetime of the signal configuration and there is no need to do the PUT refresh? [This would be akin to requesting the time of a clock, it returns the current time with a Max-Age of 1 (second), so the next time GET would be have to be done a second later to get the new values.] Regards Jon
- [Dots] Signal Channel 4.5.3 Configuration Freshne… Jon Shallow
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… mohamed.boucadair
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… Jon Shallow
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… mohamed.boucadair
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… Konda, Tirumaleswar Reddy
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… Jon Shallow
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… Konda, Tirumaleswar Reddy
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… Jon Shallow
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… Konda, Tirumaleswar Reddy
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… mohamed.boucadair
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… Jon Shallow
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… Konda, Tirumaleswar Reddy
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… mohamed.boucadair
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… kaname nishizuka
- Re: [Dots] Signal Channel 4.5.3 Configuration Fre… mohamed.boucadair