Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06

"Jon Shallow" <supjps-ietf@jpshallow.com> Fri, 08 November 2019 13:53 UTC

Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2347C1201E4; Fri, 8 Nov 2019 05:53:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ytp1uNCz-gt4; Fri, 8 Nov 2019 05:53:11 -0800 (PST)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8044012003F; Fri, 8 Nov 2019 05:53:11 -0800 (PST)
Received: from mail2.jpshallow.com ([192.168.0.3] helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.92.3) (envelope-from <jon.shallow@jpshallow.com>) id 1iT4hH-0002Fn-U9; Fri, 08 Nov 2019 13:53:08 +0000
From: "Jon Shallow" <supjps-ietf@jpshallow.com>
To: <mohamed.boucadair@orange.com>, "'Valery Smyslov'" <valery@smyslov.net>, <dots@ietf.org>, <dots-chairs@ietf.org>
References: <011c01d58974$74529b00$5cf7d100$@smyslov.net> <1bfc01d594c5$61631810$24294830$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93303135A639@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <1ca401d59549$6839d730$38ad8590$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93303135B754@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <1cbb01d59557$9bfb78e0$d3f26aa0$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93303135B8A2@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93303135B8A2@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Fri, 8 Nov 2019 13:53:01 -0000
Message-ID: <1e6101d5963b$d63f7ee0$82be7ca0$@jpshallow.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFn6BnZPpB4bEUBCFkfkOrfTcwTQQIoyNJKAgLNmFMCZGGj2AN/UZNvAfmPiTgBw9wAfKfuPesA
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Gx-HN230KLzbvwYoDrxSK12cclk>
Subject: Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2019 13:53:14 -0000

Hi Med et al,

I have gone back over the heartbeat call home and have a couple of comments

In
https://tools.ietf.org/html/draft-ietf-dots-signal-channel-38#section-4.5.1 

OLD

   Figure 18 shows how to obtain acceptable configuration parameters for
   the DOTS server.

NEW

   Figure 18 shows how to obtain acceptable configuration parameters for
   the DOTS client.

or NEW

   Figure 18 shows how to obtain acceptable configuration parameters from
   the DOTS server.

With Call Home, the GET Config will still tell the Call Home DOTS Client
what are the acceptable values (which will cover keeping any NAT bindings
"warm"), and then the Call Home DOTS client can optionally do a PUT for
tweaking within the allowed bounds.

As the "saturated" direction will most likely continue to be from the (Call
Home) DOTS server to the (Call Home) DOTS client all the signal draft
recovery / continuing mechanisms still stand which the call home draft just
re-emphasises.

I have not had a chance to separately test this Call Home variant, but
everything is using the same code logic at this point as per the signal
draft.

Regards

Jon

> -----Original Message-----
> From: Dots [mailto:ietf-supjps-dots-bounces@ietf.org] On Behalf Of ietf-
> supjps-mohamed.boucadair@orange.com
> Sent: 07 November 2019 12:16
> To: Jon Shallow; 'Valery Smyslov'; dots@ietf.org; dots-chairs@ietf.org
> Subject: Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
> 
> Re-,
> 
> The NEW wording works for me.
> 
> Thank you.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com]
> > Envoyé : jeudi 7 novembre 2019 11:39
> > À : BOUCADAIR Mohamed TGI/OLN; 'Valery Smyslov'; dots@ietf.org; dots-
> > chairs@ietf.org
> > Objet : RE: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
> >
> > Hi Med,
> >
> > Happy Eyeballs worked fine with me with the Call Home DOTS server
> > initiating
> > the DTLS and TLS sessions.
> >
> > Heartbeats work, but I have not tested them under stress / loss
conditions.
> > I will try to get that tested tomorrow.
> >
> > In terms of the text I mis-read, perhaps it could be partially
re-written
> >
> > OLD
> >
> > " If TCP is used, the Call Home DOTS server begins by initiating a
> > TCP connection to the Call Home DOTS client.  Using this TCP
> > connection, the Call Home DOTS server initiates a TLS connection
> > to the Call Home DOTS client."
> >
> > NEW
> >
> > " If TCP is used, the Call Home DOTS server begins by initiating a
> > TCP connection to the Call Home DOTS client.  Once connected,  the Call
> > Home
> > DOTS server continues to initiate a TLS connection
> > to the Call Home DOTS client."
> >
> > Regards
> >
> > Jon
> >
> > > -----Original Message-----
> > > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of
> > mohamed.boucadair@orange.com
> > > Sent: 07 November 2019 09:34
> > > To: Jon Shallow; 'Valery Smyslov'; dots@ietf.org; dots-chairs@ietf.org
> > > Subject: Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
> > >
> > > Re-,
> > >
> > > Thank you, Jon.
> > >
> > > BTW, I don't see any issue about HE and HBs for the call home. I
assume
> > that
> > > no problem was encountered to implement it.
> > >
> > > Cheers,
> > > Med
> > > > -----Message d'origine-----
> > > > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com]
> > > > Envoyé : jeudi 7 novembre 2019 09:58
> > > > À : BOUCADAIR Mohamed TGI/OLN; 'Valery Smyslov'; dots@ietf.org;
> dots-
> > > > chairs@ietf.org
> > > > Objet : RE: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
> > > >
> > > > Hi Med,
> > > >
> > > > See inline.
> > > >
> > > > Regards
> > > >
> > > > Jon
> > > >
> > > > > -----Original Message-----
> > > > > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of
> > > > mohamed.boucadair@orange.com
> > > > > Sent: 07 November 2019 07:12
> > > > > To: Jon Shallow; 'Valery Smyslov'; dots@ietf.org; dots-
> > chairs@ietf.org
> > > > > Subject: Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
> > > > >
> > > > > Hi Jon,
> > > > >
> > > > > Thank you for sharing this cool news.
> > > > >
> > > > > Please see inline.
> > > > >
> > > > > Cheers,
> > > > > Med
> > > > >
> > > > > > -----Message d'origine-----
> > > > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de Jon
Shallow
> > > > > > Envoyé : mercredi 6 novembre 2019 18:13
> > > > > > À : 'Valery Smyslov'; dots@ietf.org; dots-chairs@ietf.org
> > > > > > Objet : Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
> > > > > >
> > > > > > Hi All,
> > > > > >
> > > > > > I have done a preliminary working implementation of DOTS Call-
> Home
> > > -
> > > > > there
> > > > > > is still some little used functionality to finish off.
> > > > > >
> > > > > > *** Issue # 1 - TCP TLS sessions
> > > > > >
> > > > > > https://tools.ietf.org/html/draft-ietf-dots-signal-call-home-
> > > > 06#section-
> > > > > 3..1
> > > > > >
> > > > > > " If UDP transport is used, the Call Home DOTS server begins by
> > > > > > initiating a DTLS connection to the Call Home DOTS client."
> > > > > >
> > > > > > This works as expected where the UDP + DTLS layer roles are
> > switched.
> > > > > >
> > > > > > " If TCP is used, the Call Home DOTS server begins by initiating
a
> > > > > > TCP connection to the Call Home DOTS client.  Using this TCP
> > > > > > connection, the Call Home DOTS server initiates a TLS connection
> > > > > > to the Call Home DOTS client."
> > > > > >
> > > > > > With the current libcoap implementation, I am unable to create a
> > CoAP
> > > > > > session using TLS on an existing TCP connection - so the DOTS
> > Client
> > is
> > > > > > unable to accept an incoming TCP session and then initiate TLS
> > > > integrated
> > > > > > with the CoAP session.
> > > > >
> > > > > [Med] Why the client would initiate the TLS session? Do you want
to
> > test
> > > > a
> > > > > RFC8071-like approach?
> > > >
> > > > Jon> Yesterday was one of those days - word blindness  translated
"the
> > > Call
> > > > Home DOTS server initiates a TLS connection to the Call Home DOTS
> > > client."
> > > > as a separate action to  "the Call Home DOTS client initiates a TLS
> > > > connection to the Call Home DOTS server.".  The actual text is
correct.
> > > >
> > > > >
> > > > >  I agree that RFC8071 only switches the TCP layer
> > > > > > roles.
> > > > >
> > > > > [Med] Yes.
> > > > >
> > > > > However all works if the TCP + TLS layer roles are switched - in
> > > > > > the
> > > > > > same way that UDP + DTLS work.
> > > > >
> > > > > [Med] Great. We went for this approach because we preserve the
> same
> > > role
> > > > > for both DTLS and TLS:
> > > > >
> > > > >               +-----------+                        +-----------+
> > > > >               | Call Home |                        | Call Home |
> > > > >               |    DOTS   |                        |    DOTS   |
> > > > >               |   server  |                        |   client  |
> > > > >               +-----+-----+                        +-----+-----+
> > > > >               (D)TLS client                        (D)TLS server
> > > > >
> > > > > >
> > > > > > Enhancing the libcoap code to support only the TCP layer being
> > > switched
> > > > is
> > > > > > doable - but have no idea as to whether other CoAP
> implementations
> > > can
> > > > > > handle this specific requirement.
> > > > >
> > > > > [Med] Do we really need to do that?
> > > >
> > > > Jon> No.  It was my mis-reading of the text that caused this
confusion.
> > > >
> > > > >
> > > > > >
> > > > > > *** Not (yet) Implemented #1 - Redirected Signalling
> > > > > >
> > > > > > https://tools.ietf.org/html/draft-ietf-dots-signal-call-home-
> > > > 06#section-
> > > > > > 3.2.
> > > > > > 2
> > > > > >
> > > > > > I do not see any issues here.
> > > > > >
> > > > > > *** Not (yet) implemented #2 - New Conflict Cause 4
> > > > > >
> > > > > > I do not see any issues here.
> > > > > >
> > > > > > *** Not (yet) Implemented #3 - Address sharing considerations
> > > > > >
> > > > > > https://tools.ietf.org/html/draft-ietf-dots-signal-call-home-
> > > > 06#section-
> > > > > > 3.3.
> > > > > > 2
> > > > > >
> > > > > > I do not see any issues here - just need to interface with the
> > > > translators
> > > > > > to get the appropriate information.
> > > > > >
> > > > > > Regards
> > > > > >
> > > > > > Jon
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Dots [mailto:ietf-supjps-dots-bounces@ietf.org] On
Behalf
> > Of
> > > > > Valery
> > > > > > > Smyslov
> > > > > > > Sent: 23 October 2019 08:36
> > > > > > > To: dots@ietf.org
> > > > > > > Cc: dots-chairs@ietf.org
> > > > > > > Subject: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > this message starts a Work Group Last Call (WGLC) for
> > > > > > draft-ietf-dots-signal-
> > > > > > > call-home-06.
> > > > > > > The version to be reviewed is here:
> > > > > > https://www.ietf.org/id/draft-ietf-dots-
> > > > > > > signal-call-home-06.txt
> > > > > > >
> > > > > > > The WGLC will last for two weeks and will end on November the
> > 7th.
> > > > > > > Please send your comments to the list before this date.
> > > > > > >
> > > > > > > Regards,
> > > > > > > Frank & Valery.
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Dots mailing list
> > > > > > > Dots@ietf.org
> > > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > > >
> > > > > > _______________________________________________
> > > > > > Dots mailing list
> > > > > > Dots@ietf.org
> > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > >
> > > > > _______________________________________________
> > > > > Dots mailing list
> > > > > Dots@ietf.org
> > > > > https://www.ietf.org/mailman/listinfo/dots
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots