Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
"Jon Shallow" <supjps-ietf@jpshallow.com> Fri, 08 November 2019 13:53 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2347C1201E4; Fri, 8 Nov 2019 05:53:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ytp1uNCz-gt4; Fri, 8 Nov 2019 05:53:11 -0800 (PST)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8044012003F; Fri, 8 Nov 2019 05:53:11 -0800 (PST)
Received: from mail2.jpshallow.com ([192.168.0.3] helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.92.3) (envelope-from <jon.shallow@jpshallow.com>) id 1iT4hH-0002Fn-U9; Fri, 08 Nov 2019 13:53:08 +0000
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: mohamed.boucadair@orange.com, 'Valery Smyslov' <valery@smyslov.net>, dots@ietf.org, dots-chairs@ietf.org
References: <011c01d58974$74529b00$5cf7d100$@smyslov.net> <1bfc01d594c5$61631810$24294830$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93303135A639@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <1ca401d59549$6839d730$38ad8590$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93303135B754@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <1cbb01d59557$9bfb78e0$d3f26aa0$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93303135B8A2@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93303135B8A2@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Fri, 08 Nov 2019 13:53:01 -0000
Message-ID: <1e6101d5963b$d63f7ee0$82be7ca0$@jpshallow.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFn6BnZPpB4bEUBCFkfkOrfTcwTQQIoyNJKAgLNmFMCZGGj2AN/UZNvAfmPiTgBw9wAfKfuPesA
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Gx-HN230KLzbvwYoDrxSK12cclk>
Subject: Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2019 13:53:14 -0000
Hi Med et al, I have gone back over the heartbeat call home and have a couple of comments In https://tools.ietf.org/html/draft-ietf-dots-signal-channel-38#section-4.5.1 OLD Figure 18 shows how to obtain acceptable configuration parameters for the DOTS server. NEW Figure 18 shows how to obtain acceptable configuration parameters for the DOTS client. or NEW Figure 18 shows how to obtain acceptable configuration parameters from the DOTS server. With Call Home, the GET Config will still tell the Call Home DOTS Client what are the acceptable values (which will cover keeping any NAT bindings "warm"), and then the Call Home DOTS client can optionally do a PUT for tweaking within the allowed bounds. As the "saturated" direction will most likely continue to be from the (Call Home) DOTS server to the (Call Home) DOTS client all the signal draft recovery / continuing mechanisms still stand which the call home draft just re-emphasises. I have not had a chance to separately test this Call Home variant, but everything is using the same code logic at this point as per the signal draft. Regards Jon > -----Original Message----- > From: Dots [mailto:ietf-supjps-dots-bounces@ietf.org] On Behalf Of ietf- > supjps-mohamed.boucadair@orange.com > Sent: 07 November 2019 12:16 > To: Jon Shallow; 'Valery Smyslov'; dots@ietf.org; dots-chairs@ietf.org > Subject: Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06 > > Re-, > > The NEW wording works for me. > > Thank you. > > Cheers, > Med > > > -----Message d'origine----- > > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] > > Envoyé : jeudi 7 novembre 2019 11:39 > > À : BOUCADAIR Mohamed TGI/OLN; 'Valery Smyslov'; dots@ietf.org; dots- > > chairs@ietf.org > > Objet : RE: [Dots] WGLC on draft-ietf-dots-signal-call-home-06 > > > > Hi Med, > > > > Happy Eyeballs worked fine with me with the Call Home DOTS server > > initiating > > the DTLS and TLS sessions. > > > > Heartbeats work, but I have not tested them under stress / loss conditions. > > I will try to get that tested tomorrow. > > > > In terms of the text I mis-read, perhaps it could be partially re-written > > > > OLD > > > > " If TCP is used, the Call Home DOTS server begins by initiating a > > TCP connection to the Call Home DOTS client. Using this TCP > > connection, the Call Home DOTS server initiates a TLS connection > > to the Call Home DOTS client." > > > > NEW > > > > " If TCP is used, the Call Home DOTS server begins by initiating a > > TCP connection to the Call Home DOTS client. Once connected, the Call > > Home > > DOTS server continues to initiate a TLS connection > > to the Call Home DOTS client." > > > > Regards > > > > Jon > > > > > -----Original Message----- > > > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of > > mohamed.boucadair@orange.com > > > Sent: 07 November 2019 09:34 > > > To: Jon Shallow; 'Valery Smyslov'; dots@ietf.org; dots-chairs@ietf.org > > > Subject: Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06 > > > > > > Re-, > > > > > > Thank you, Jon. > > > > > > BTW, I don't see any issue about HE and HBs for the call home. I assume > > that > > > no problem was encountered to implement it. > > > > > > Cheers, > > > Med > > > > -----Message d'origine----- > > > > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] > > > > Envoyé : jeudi 7 novembre 2019 09:58 > > > > À : BOUCADAIR Mohamed TGI/OLN; 'Valery Smyslov'; dots@ietf.org; > dots- > > > > chairs@ietf.org > > > > Objet : RE: [Dots] WGLC on draft-ietf-dots-signal-call-home-06 > > > > > > > > Hi Med, > > > > > > > > See inline. > > > > > > > > Regards > > > > > > > > Jon > > > > > > > > > -----Original Message----- > > > > > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of > > > > mohamed.boucadair@orange.com > > > > > Sent: 07 November 2019 07:12 > > > > > To: Jon Shallow; 'Valery Smyslov'; dots@ietf.org; dots- > > chairs@ietf.org > > > > > Subject: Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06 > > > > > > > > > > Hi Jon, > > > > > > > > > > Thank you for sharing this cool news. > > > > > > > > > > Please see inline. > > > > > > > > > > Cheers, > > > > > Med > > > > > > > > > > > -----Message d'origine----- > > > > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de Jon Shallow > > > > > > Envoyé : mercredi 6 novembre 2019 18:13 > > > > > > À : 'Valery Smyslov'; dots@ietf.org; dots-chairs@ietf.org > > > > > > Objet : Re: [Dots] WGLC on draft-ietf-dots-signal-call-home-06 > > > > > > > > > > > > Hi All, > > > > > > > > > > > > I have done a preliminary working implementation of DOTS Call- > Home > > > - > > > > > there > > > > > > is still some little used functionality to finish off. > > > > > > > > > > > > *** Issue # 1 - TCP TLS sessions > > > > > > > > > > > > https://tools.ietf.org/html/draft-ietf-dots-signal-call-home- > > > > 06#section- > > > > > 3..1 > > > > > > > > > > > > " If UDP transport is used, the Call Home DOTS server begins by > > > > > > initiating a DTLS connection to the Call Home DOTS client." > > > > > > > > > > > > This works as expected where the UDP + DTLS layer roles are > > switched. > > > > > > > > > > > > " If TCP is used, the Call Home DOTS server begins by initiating a > > > > > > TCP connection to the Call Home DOTS client. Using this TCP > > > > > > connection, the Call Home DOTS server initiates a TLS connection > > > > > > to the Call Home DOTS client." > > > > > > > > > > > > With the current libcoap implementation, I am unable to create a > > CoAP > > > > > > session using TLS on an existing TCP connection - so the DOTS > > Client > > is > > > > > > unable to accept an incoming TCP session and then initiate TLS > > > > integrated > > > > > > with the CoAP session. > > > > > > > > > > [Med] Why the client would initiate the TLS session? Do you want to > > test > > > > a > > > > > RFC8071-like approach? > > > > > > > > Jon> Yesterday was one of those days - word blindness translated "the > > > Call > > > > Home DOTS server initiates a TLS connection to the Call Home DOTS > > > client." > > > > as a separate action to "the Call Home DOTS client initiates a TLS > > > > connection to the Call Home DOTS server.". The actual text is correct. > > > > > > > > > > > > > > I agree that RFC8071 only switches the TCP layer > > > > > > roles. > > > > > > > > > > [Med] Yes. > > > > > > > > > > However all works if the TCP + TLS layer roles are switched - in > > > > > > the > > > > > > same way that UDP + DTLS work. > > > > > > > > > > [Med] Great. We went for this approach because we preserve the > same > > > role > > > > > for both DTLS and TLS: > > > > > > > > > > +-----------+ +-----------+ > > > > > | Call Home | | Call Home | > > > > > | DOTS | | DOTS | > > > > > | server | | client | > > > > > +-----+-----+ +-----+-----+ > > > > > (D)TLS client (D)TLS server > > > > > > > > > > > > > > > > > Enhancing the libcoap code to support only the TCP layer being > > > switched > > > > is > > > > > > doable - but have no idea as to whether other CoAP > implementations > > > can > > > > > > handle this specific requirement. > > > > > > > > > > [Med] Do we really need to do that? > > > > > > > > Jon> No. It was my mis-reading of the text that caused this confusion. > > > > > > > > > > > > > > > > > > > > > *** Not (yet) Implemented #1 - Redirected Signalling > > > > > > > > > > > > https://tools.ietf.org/html/draft-ietf-dots-signal-call-home- > > > > 06#section- > > > > > > 3.2. > > > > > > 2 > > > > > > > > > > > > I do not see any issues here. > > > > > > > > > > > > *** Not (yet) implemented #2 - New Conflict Cause 4 > > > > > > > > > > > > I do not see any issues here. > > > > > > > > > > > > *** Not (yet) Implemented #3 - Address sharing considerations > > > > > > > > > > > > https://tools.ietf.org/html/draft-ietf-dots-signal-call-home- > > > > 06#section- > > > > > > 3.3. > > > > > > 2 > > > > > > > > > > > > I do not see any issues here - just need to interface with the > > > > translators > > > > > > to get the appropriate information. > > > > > > > > > > > > Regards > > > > > > > > > > > > Jon > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Dots [mailto:ietf-supjps-dots-bounces@ietf.org] On Behalf > > Of > > > > > Valery > > > > > > > Smyslov > > > > > > > Sent: 23 October 2019 08:36 > > > > > > > To: dots@ietf.org > > > > > > > Cc: dots-chairs@ietf.org > > > > > > > Subject: [Dots] WGLC on draft-ietf-dots-signal-call-home-06 > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > this message starts a Work Group Last Call (WGLC) for > > > > > > draft-ietf-dots-signal- > > > > > > > call-home-06. > > > > > > > The version to be reviewed is here: > > > > > > https://www.ietf.org/id/draft-ietf-dots- > > > > > > > signal-call-home-06.txt > > > > > > > > > > > > > > The WGLC will last for two weeks and will end on November the > > 7th. > > > > > > > Please send your comments to the list before this date. > > > > > > > > > > > > > > Regards, > > > > > > > Frank & Valery. > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > Dots mailing list > > > > > > > Dots@ietf.org > > > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > > > > > > > _______________________________________________ > > > > > > Dots mailing list > > > > > > Dots@ietf.org > > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > > > > > _______________________________________________ > > > > > Dots mailing list > > > > > Dots@ietf.org > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > _______________________________________________ > > > Dots mailing list > > > Dots@ietf.org > > > https://www.ietf.org/mailman/listinfo/dots > > _______________________________________________ > Dots mailing list > Dots@ietf.org > https://www.ietf.org/mailman/listinfo/dots
- [Dots] WGLC on draft-ietf-dots-signal-call-home-06 Valery Smyslov
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… Jon Shallow
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… Jon Shallow
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… Jon Shallow
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… Jon Shallow
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… Jon Shallow
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… Benjamin Kaduk
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… Valery Smyslov
- Re: [Dots] WGLC on draft-ietf-dots-signal-call-ho… mohamed.boucadair