IETF Logo Mail Archive

Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 21 January 2019 14:19 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95FE4130F2B; Mon, 21 Jan 2019 06:19:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.854
X-Spam-Level:
X-Spam-Status: No, score=-8.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ylGtoQbNaQRf; Mon, 21 Jan 2019 06:19:35 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49B74130EFC; Mon, 21 Jan 2019 06:19:34 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1548080349; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-office365-filtering-correlation-id:x-microsoft-antispam: x-ms-traffictypediagnostic:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=Q CPwJ6pQQSQC6poqTOQ9ZJmQyhQRB9QSmDO0TDUA2H E=; b=P8TAGEyAlQk+md27AFv7B3sr7UC0WMMJbVZiDENEm9jr kegsVc9xLwgJ0v8amySEntVtLMRo0xaJgtUHow9zVaT4DrypbI mphImVR0gq6xrn7XWWzkHzwrjGyR6mDSZGvYXvJslc8ecvHQPB yxpWHOeOmmv/kwWqIfYuTCfbtmU=
Received: from DNVEXAPP1N06.corpzone.internalzone.com (DNVEXAPP1N06.corpzone.internalzone.com [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 6491_4e7c_758fe18a_da8a_4df2_bfed_28e55d6ace7f; Mon, 21 Jan 2019 07:19:08 -0700
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 21 Jan 2019 07:19:16 -0700
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Mon, 21 Jan 2019 07:19:16 -0700
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 21 Jan 2019 07:19:15 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2984.namprd16.prod.outlook.com (20.178.235.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.25; Mon, 21 Jan 2019 14:19:14 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::202f:5967:73ad:130f]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::202f:5967:73ad:130f%5]) with mapi id 15.20.1537.031; Mon, 21 Jan 2019 14:19:14 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
Thread-Index: AdSuMPs4z5rRJt5UT++zbKjLtGqWuABQDVAAAAzXK9AAbbFEAAAAVkFwAAi2QcAABRzd4A==
Date: Mon, 21 Jan 2019 14:19:14 +0000
Message-ID: <BYAPR16MB2790DC712BC83345A849C875EA9F0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <787AE7BB302AE849A7480A190F8B93302EA08D24@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190118210258.GO81907@kduck.mit.edu> <BYAPR16MB279063917ED17BF8D0331060EA9D0@BYAPR16MB2790.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302EA0ABE9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <BYAPR16MB2790DC3745D572E9671660D5EA9F0@BYAPR16MB2790.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302EA0AE14@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA0AE14@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.100.18
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR16MB2984; 6:LY4XjO8EOxOC7uR4gF/KjFE6OiVpbj5L5LNHDCJE3onsOvYbRHWR8lOxUSnSeUJRPqPAvOarlu6A5LR4xLdBhGrs2aTPBtt3xJg7T/mWKifrQQJorB0ZmAY46qahMiRhw2ysbIZoDRbqXYyCbvAG2cpSw47GLH04aAusZE3zebAaa/NYN82Wbckbvt3swsn3nOaTk+o8XkiKa6n+Y80HI1vqzeGvf4CDewqtpPQbVE+TBVs6qwDJVFmj0JeSBpzvnBJUTIc/Gk++y3AufUYroxo3ABmFsl//Ms/bIZVEgk7RnviOF+lrMd2Pyr5YXRW8SoKW7n76aR+o1icadUSO5sxhUyFF87RDauq7lfXg66J8xq4cZlBacGJLhsPZWedCBszyyGEgnEnosEqYuSXo0wKy0R1XVx2zrn+3slZ8sYcCHFxA73n1G6nrNx6TKouQEotn7xpN0H+5pHQYzz/Whg==; 5:erZHbdfR1fPz7RzjXb4apxwek38cNMj/ZOdtMuxD0MeHJmf1txHfXBkua5xeK6LlSLHKzPLJwvZiinmDNMUlzQLZBt3TXQ/fzBlVtQWOalQeSIfyE7xl7/gd1OEaaiKj1Dt/ibSC3dgBFJ/LdAEMQoBM8jgfYGf5G6l68ShfqZPZiZcQdorkjcH/NbUvMZ6I1MhkpgC3YqkEARFP40EUkg==; 7:YN1oLU+yVFFiDfwxHwjflIvZel/joH/ERMTNN0AcXauli4tPhfq0GQCeucx29dGzYpNI4a5iTM1kG13XPxOZZLrLaRfWJSlfRC8XlHW+nnUoEietNq5odQASWBMX3qDjT7U8NI02A//jREUAfzcfuw==
x-ms-office365-filtering-correlation-id: a5483274-49e9-4bdb-d7d9-08d67fab6c0e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2984;
x-ms-traffictypediagnostic: BYAPR16MB2984:
x-microsoft-antispam-prvs: <BYAPR16MB298418CEBD8F6694D8C26799EA9F0@BYAPR16MB2984.namprd16.prod.outlook.com>
x-forefront-prvs: 0924C6A0D5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(366004)(136003)(396003)(376002)(189003)(51444003)(199004)(53754006)(55784004)(13464003)(32952001)(86362001)(2501003)(74316002)(105586002)(80792005)(2906002)(229853002)(33656002)(6506007)(102836004)(53546011)(106356001)(97736004)(30864003)(305945005)(966005)(72206003)(14454004)(71190400001)(71200400001)(4744004)(478600001)(7736002)(7696005)(68736007)(256004)(14444005)(54906003)(110136005)(316002)(6246003)(2171002)(25786009)(6306002)(55016002)(26005)(9686003)(3846002)(4326008)(11346002)(66066001)(53946003)(446003)(93886005)(5024004)(486006)(186003)(8936002)(53936002)(76176011)(81166006)(81156014)(8676002)(99286004)(476003)(6116002)(6436002)(85282002)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2984; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: YAkqgQBeT1AQM/W8hArflvZPWHpcSQMyGfMdXnHBc9KH8q3Q/+bUwnpL71Ze0EpgA3Ezi5DJ0zXs4/WwUV/WbFxGC7dSrwE84oddB4LhTEYmQcW4aGLPukkIAapMgAFdil8N7LMyN3QKQPF5aPgwbfps7lTktN/ipIIt45kvIdvItg/jGEqkDZTRi11y7B69F1zpa4MaUh9bIQJrRKmMyTPTniUFY1g3JsdK3oo2YZRCdwA+SAP7LXZbLJbKE4WyqYmaCTsNdoqM1HPf+p6yjcqDv9gEpUgHhkc5Rt/BBi986V9EmWzVV/QDXOAxLXGtTNWLwTLGeHlfJUR7dIgC3dmA7ffRdFMus8ULBiJsfvIHpHockIyamY7K1rCon7wXPX8juB3XAmNsnzUh3Le3DZboIkWk6EByr7BFmZh/2pg=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a5483274-49e9-4bdb-d7d9-08d67fab6c0e
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jan 2019 14:19:14.7570 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2984
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6465> : inlines <6998> : streams <1810730> : uri <2783378>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/JlbkxgphJKvbEsTcQ5oWh6udTJU>
Subject: Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 14:19:40 -0000

> -----Original Message-----
> From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
> Sent: Monday, January 21, 2019 5:25 PM
> To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>;
> Benjamin Kaduk <kaduk@mit.edu>
> Cc: draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org
> Subject: RE: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
> 
> 
> 
> Re-,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Konda, Tirumaleswar Reddy
> > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > Envoyé : lundi 21 janvier 2019 10:13
> > À : BOUCADAIR Mohamed TGI/OLN; Benjamin Kaduk Cc :
> > draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org Objet : RE:
> > [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
> >
> > > -----Original Message-----
> > > From: mohamed.boucadair@orange.com
> <mohamed.boucadair@orange.com>
> > > Sent: Monday, January 21, 2019 1:01 PM
> > > To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>;
> > > Benjamin Kaduk <kaduk@mit.edu>
> > > Cc: draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org
> > > Subject: RE: [Dots] AD review of draft-ietf-dots-signal-channel-25
> > > (5th
> > Part)
> > >
> > >
> > >
> > > Hi Ben, all,
> > >
> > > Please see inline.
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Konda, Tirumaleswar Reddy
> > > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > > Envoyé : samedi 19 janvier 2019 07:32 À : Benjamin Kaduk;
> > > > BOUCADAIR Mohamed TGI/OLN Cc :
> > > > draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org Objet : RE:
> > > > [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
> > > >
> > > > Hi Ben,
> > > >
> > > > Please see inline
> > > >
> > > > > -----Original Message-----
> > > > > From: Dots <dots-bounces@ietf.org> On Behalf Of Benjamin Kaduk
> > > > > Sent: Saturday, January 19, 2019 2:33 AM
> > > > > To: mohamed.boucadair@orange.com
> > > > > Cc: draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org
> > > > > Subject: Re: [Dots] AD review of
> > > > > draft-ietf-dots-signal-channel-25 (5th
> > > > Part)
> > > > >
> > > > > This email originated from outside of the organization. Do not
> > > > > click links
> > > > or
> > > > > open attachments unless you recognize the sender and know the
> > > > > content is
> > > > safe.
> > > > >
> > > > > Hi all,
> > > > >
> > > > > Thanks for all the edits and the published -27.
> > > > > Assuming I'm actually caught up on all the review/response
> > > > > threads, I think we're pretty close to being able to go to IETF
> > > > > LC -- here's what I see as
> > > > still left:
> > > > >
> > > > > - We need to settle the risk of needing normative downrefs
> > > > > called out
> > for
> > > > >   the last call
> > >
> > > [Med] I updated the text to:
> > > * cite 7618/7624 as normative (+ indicate that a similar mechanism
> > > to false start may also be defined for DTLS).
> >
> > https://tools.ietf.org/html/rfc7918 does not require any changes to
> > (D)TLS on-the-wire protocol data, and DLTS also supports false start
> > (see the (D)TLS profile for IoT devices specified in
> > https://tools.ietf.org/html/rfc7925#section-21).
> >
> 
> [Med] Not sure to get your comment. The initial point from Ben is valid, hence
> this addition to the draft:
> 
> "TLS False Start is formally defined for use with TLS, but the same techniques
> are applicable to DTLS as well."

Proposed update looks good, my response was to your reply "TLS false start may also be defined for DTLS" (I meant it's also applicable for DTLS :)).

Cheers,
-Tiru

> 
> > > * tweak the TFO text to maintain it as informative.
> > >
> > > > > - I just noticed while reviewing the diff that we also need to say a
> > > > >   little more about (D)TLS 1.3 0-RTT data (more below)
> > > > > - It looks like we lost the guidance to the Experts and text about the
> > > > >   review mailing list from the IANA Considerations, during the
> > reshuffling
> > > > >   around having IANA manage more things
> > > > >
> > >
> > > [Med] That was on purpose. We would like to rely on RFC8126 rules
> > > for deigned expert reviews.
> >
> > In addition to RFC8126 to defend against replay attacks, we can add
> > the following additional rules:
> >
> > The DOTS signal channel messages sent as early data by the DOTS client
> > are idempotent requests. Further, CoAP (as discussed in Section 4.4 of
> > RFC7252) is capable of performing message deduplication to handle
> > replay of CoAP requests.
> >
> 
> [Med] Works for me.
> 
> > Cheers,
> > -Tiru
> >
> > >
> > > > > Regarding the (D)TLS 1.3 0-RTT data, RFC 8446 notes that
> > > > > "Application protocols MUST NOT use 0-RTT data without a profile
> > > > > that
> > > defines its use.
> > > > > That profile needs to identify which messages or interactions
> > > > > are safe to
> > > > use
> > > > > with 0-RTT and how to handle the situation when the server
> > > > > rejects 0-RTT
> > > > and
> > > > > falls back to 1-RTT."  So we either need to say which client
> > > > > requests are
> > > > 0-RTT
> > > > > safe (and why) or defer that profile to another document.
> > > > > draft-ietf-
> > > > dnsop-
> > > > > session-signal is perhaps an example of a document that
> > > > > specifies which messages are/aren't allowed in early data.
> > > > > (draft-ietf-acme-acme is another, but an uninteresting one,
> > > > > since they make every request include a single-use nonce, and
> > > > > all messages are 0-RTT safe.) Our use of increasing 'mid' values
> > > > > may help here, in terms of allowing
> > > > DELETEs
> > > > > to be safe, but I'd have to think a little more to be sure that
> > > > > requesting mitigation would be safe.  (On first glance the
> > > > > session-managemnet bits
> > > > would
> > > > > not be safe, but I may be missing something.)
> > > >
> > > > The draft only uses idempotent requests (GET, PUT and DELETE), and
> > > > CoAP is capable of detecting message duplication (see
> > > > https://tools.ietf.org/html/rfc7252#section-4.5) for both
> > > > confirmable and non-confirmable messages.
> > > >  [1] An attacker replaying DELETE will not have any adverse
> > > > impact,
> > > > 2.02
> > > > (Deleted) Response Code is returned even if the mitigation request
> > > > does not exist.
> > > > [2] The techniques discussed in Section 8 of RFC8446 should
> > > > suffice to handle anti-replay (e.g. an attacker replaying a 0-RTT
> > > > data carrying an old mitigation request replaced by a new mitigation
> scope).
> > > >
> > >
> > > [Med] FWIW, we do already have this text in the draft:
> > >
> > >       Section 8 of [RFC8446] discusses some mechanisms to implement to
> > >       limit the impact of replay attacks on 0-RTT data.  If the DOTS
> > >       server accepts 0-RTT, it MUST implement one of these mechanisms.
> > >       A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest.
> > >
> > > > >
> > > > > Further notes inline.
> > > > >
> > > > > On Thu, Jan 17, 2019 at 06:51:04AM +0000,
> > > > > mohamed.boucadair@orange.com
> > > > > wrote:
> > > > > > Hi Ben,
> > > > > >
> > > > > > Please see inline.
> > > > > >
> > > > > > Cheers,
> > > > > > Med
> > > > > >
> > > > > > > -----Message d'origine-----
> > > > > > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] Envoyé : mercredi
> > > > > > > 16 janvier 2019 01:14 À :
> > > > > > > draft-ietf-dots-signal-channel@ietf.org
> > > > > > > Cc : dots@ietf.org
> > > > > > > Objet : AD review of draft-ietf-dots-signal-channel-25
> > > > > > >
> > > > > > > Section 7.2
> > > > > > >
> > > > > > > The TLS 1.3 handshake with 0-RTT diagram needs to be
> > > > > > > revisited/refreshed, as RFC 8446 does not look like that.
> > > > > > > Additionally, the usage of PSK as well as a certificate is
> > > > > > > not defined until
> > > > > > > draft-housley-tls-tls13-cert-with-extern-psk is
> > > > published.
> > > > > > > I also note that in the diagram as presented, the client is
> > > > > > > not yet known to be authenticated when the server sends its
> > > > > > > initial
> > > > > > > (0.5-RTT) DOTS signal message.
> > > > > > >
> > > > > >
> > > > > > [Med] Noted. Thanks.
> > > > > >
> > > > > > > Section 7.3
> > > > > > >
> > > > > > > This whole section seems to only be relevant for UDP usage,
> > > > > > > so probably the "If UDP is used" clause can be dropped and
> > > > > > > an introductory statement added earlier on.
> > > > > >
> > > > > > [Med] Will consider that.
> > > > > >
> > > > > > >
> > > > > > >                               Path MTU MUST be greater than
> > > > > > > or
> > equal to
> > > > > > >    [CoAP message size + DTLS overhead of 13 octets + authentication
> > > > > > >    overhead of the negotiated DTLS cipher suite + block padding]
> > > > > > >    (Section 4.1.1.1 of [RFC6347]).  If the request size
> > > > > > > exceeds the
> > > > path
> > > > > > >    MTU then the DOTS client MUST split the DOTS signal into
> > separate
> > > > > > >    messages, for example the list of addresses in the
> > > > > > > 'target-
> > prefix'
> > > > > > >    parameter could be split into multiple lists and each
> > > > > > > list
> > conveyed
> > > > > > >    in a new PUT request.
> > > > > > >
> > > > > > > (DTLS 1.3 will have a short header for some packets, that is
> > > > > > > less than
> > > > > > > 13 octets.)
> > > > > >
> > > > > > [Med] The text is more about 1.2. We can add a 1.3 note if you
> > > > > > think it
> > > > is
> > > > > useful for the discussion.
> > > > > >
> > > > > > >
> > > > > > > Section 8
> > > > > > >
> > > > > > > We've got some requirements in here about limiting behavior
> > > > > > > of clients/servers when talking to gateways; is knowing
> > > > > > > about the presence of a gateway something that's required to
> > > > > > > happen out of band or is there an in-band way to identify
> > > > > > > that the peer is a
> > gateway?
> > > > > >
> > > > > > [Med] An agent does not necessary know that it peer is
> > > > > > gateway. A gateway
> > > > is
> > > > > seen as a server for the client, and a client for a server.
> > > > > >
> > > > > > >
> > > > > > >    messages from an authorized DOTS gateway, thereby
> > > > > > > creating a
> > > > > > > two-
> > > > link
> > > > > > >    chain of transitive authentication between the DOTS
> > > > > > > client and
> > the
> > > > > > >    DOTS server.
> > > > > > >
> > > > > > > This seems to ignore the possibility of setups that include
> > > > > > > both client-domain and server-domain gateways.
> > > > > >
> > > > > > [Med] I updated the text to mention this is only an example.
> > > > > >
> > > > > > >
> > > > > > >                  DOTS client certificate validation MUST be
> > > > > > > performed
> > > > as
> > > > > > >    per [RFC5280] and the DOTS client certificate MUST
> > > > > > > conform to
> > the
> > > > > > >    [RFC5280] certificate profile.  [...]
> > > > > > >
> > > > > > > This seems to duplicate a requirement already stated in
> > > > > > > Section 7.1; it's probably best to only have normative
> > > > > > > language in one location, even if we need to mention the
> > > > > > > topic in multiple
> > locations.
> > > > > > > Similarly for the mutual authentication requirement, which
> > > > > > > we duplicate in the second and fourth paragraphs of this section.
> > > > > >
> > > > > > [Med] Good point. Fixed.
> > > > > >
> > > > > > >
> > > > > > > If we don't want to use example.com vs. example.net as
> > > > > > > sample domains, we can also use whateverwewant.example, per
> RFC 6761.
> > > > > >
> > > > > > [Med] Will maintain the ones already in the draft. Thanks.
> > > > > >
> > > > > > >
> > > > > > > Section 9
> > > > > > >
> > > > > > > We should mention the media-type allocation in the top-level
> > section.
> > > > > >
> > > > > > [Med] Will fix that.
> > > > > >
> > > > > > >
> > > > > > > "mappings to CBOR" feels confusing to me, since it leaves
> > > > > > > empty what we are mapping from.  Perhaps just talking about
> > > > > > > a registry of "CBOR map keys" would be better, both here and
> > > > > > > in the Section
> > 9.3
> > > intro.
> > > > > > >
> > > > > >
> > > > > > [Med] Unless there is an objection, I can use "CBOR Map Keys".
> > > > > >
> > > > > > > Section 9.3
> > > > > > >
> > > > > > > I suggest being very explicit about whether new requests for
> > > > > > > registration should be directed to the mailing list or to
> > > > > > > IANA, as we've had some confusion about this elsewhere.
> > > > > > >
> > > > > > > The criteria used by the experts also just lists things they
> > > > > > > should consider, but does not provide full clarity on which
> > > > > > > answer to the question is more likely to be approved.  (And
> > > > > > > yes, I know that this text is largely copied from already
> > > > > > > published RFCs, but we can still do
> > > > > > > better.)
> > > > > >
> > > > > > [Med] Will check this.
> > > > > >
> > > > > > >
> > > > > > > Section 9.3.1
> > > > > > >
> > > > > > > If we want the value 0 to be reserved we need to say so.
> > > > > >
> > > > > > [Med] 0 is not part of the allocation range.
> > > > > >
> > > > > > > Do we want to say anything about the usage of negative
> > > > > > > integers as map keys?
> > > > > > >
> > > > > > > I suggest not mentioning the postal address, given the
> > > > > > > recent
> > > > > > > (e.g.) GDPR requirements.
> > > > > >
> > > > > > [Med] Good point. Done.
> > > > > >
> > > > > > >
> > > > > > > Section 9.3.2
> > > > > > >
> > > > > > > It may be worth mentioning Table 4 here as well.
> > > > > >
> > > > > > [Med] OK.
> > > > > >
> > > > > > >
> > > > > > > Section 9.5.1
> > > > > > >
> > > > > > > We need to specify which range of values we are asking for
> > > > > > > an allocation from.
> > > > > >
> > > > > > [Med] Added a mention to 0-255 range.
> > > > > >
> > > > > > >
> > > > > > > Section 9.6.1
> > > > > > >
> > > > > > > As above, specify what range we're asking about.
> > > > > >
> > > > > > [Med] OK.
> > > > > >
> > > > > > >
> > > > > > > I expect the current text to get some IESG (or directorate)
> > > > > > > feedback that the Data Item and Semantics descriptions are
> > repetitive
> > > and banal.
> > > > > > >
> > > > > > > Section 9.7
> > > > > > >
> > > > > > > IIUC, IANA is going to ask if we want this module to be
> > > > > > > "maintained by IANA", so it would be good to have an answer
> > > > > > > ready even if we don't put it in the document text.
> > > > > >
> > > > > > [Med] This is discussed in -26.
> > > > > >
> > > > > > >
> > > > > > >    Rate-limiting DOTS requests, including those with new 'cuid'
> > values,
> > > > > > >    from the same DOTS client defends against DoS attacks
> > > > > > > that would
> > > > > > >
> > > > > > > With respect to "new" 'cuid' values, is the server required
> > > > > > > to remember which ones it has seen in perpetuity, or can it
> > > > > > > time them out eventually?
> > > > > >
> > > > > > [Med] The attack vector is a DOTS client which changes
> > > > > > frequently its
> > > > cuid.
> > > > > The DOTS server can set an interval in which the same client
> > > > > cannot present
> > > > a
> > > > > new cuid.
> > > > > >
> > > > > > >
> > > > > > > Section 10
> > > > > > >
> > > > > > > The security considerations seem to be taking a narrow focus
> > > > > > > on the requirements for and consequences of specific bits on
> > > > > > > the wire in the signal channel protocol.  I think it's
> > > > > > > appropriate to also include some high-level thoughts about
> > > > > > > the functional behavior of the protocol, allowing to signal
> > > > > > > that an attack is underway and trigger mitigation,
> > > > > > > increasing the availability of services, etc., and the risks
> > > > > > > that are posed by the protocol failing to work properly,
> > > > > > > whether that means letting attack traffic through or improperly
> blocking legitimate traffic.
> > > > > >
> > > > > > [Med] Would a pointer to the architecture/requirements I-Ds be
> > > > > > sufficient
> > > > to
> > > > > cover to high-level aspects?
> > > > >
> > > > > Those documents' security considerations do seem to cover the
> > > > > relevant
> > > > points,
> > > > > yes.
> > > > >
> > > > > > >
> > > > > > > Section 13.1
> > > > > > >
> > > > > > > I think the IANA registries should be listed as
> > > > > > > Informational and not Normative references.
> > > > > > >
> > > > > >
> > > > > > [Med] Done.
> > > > > >
> > > > > > > Section 13.2
> > > > > > >
> > > > > > > Pending resolution of the question about using
> > > > > > > draft-ietf-core-yang-cbor rules or RFC7951+RFC7049, the
> > > > > > > draft-ietf-core-yang-cbor reference may need to be Normative.
> > > > > >
> > > > > > [Med] Please refer to my answer to that question.
> > > > > > draft-ietf-core-yang-
> > > > cbor is
> > > > > informative.
> > > > > >
> > > > > > >
> > > > > > > Given that "URI" is a well-known abbreviation, we may be
> > > > > > > able to get away with not citing RFC 3986.  On the other
> > > > > > > hand, it's not causing any harm to leave it in...
> > > > > >
> > > > > > [Med] Will leave it.
> > > > > >
> > > > > > >
> > > > > > > RFC 4632 needs to be Normative, since we need to know CIDR
> > > > > > > to encode/decode target-prefixes.
> > > > > >
> > > > > > [Med] Works for me.
> > > > > >
> > > > > > >
> > > > > > > Similarly, I think that RFCs 6234
> > > > > >
> > > > > > [Med] This one is not listed as normative because other hash
> > > > > > algos may be
> > > > > used.
> > > > >
> > > > > It's a lower-case "recommended", which can probably eke by as
> > > > > descriptive
> > > > and
> > > > > not a "protocol feature" (see below).
> > > > >
> > > > > > , 7413
> > > > > > [Med] The support if TFO is not mandatory.
> > > > >
> > > > > It's a SHOULD ("SHOULD implement all of the following items"),
> > though...
> > > > >
> > > > > > , 7589
> > > > > > [Med] This is a MAY in the spec. It is just fine to leave it
> > > > > > as
> > > > informative.
> > > > >
> > > > > ....per
> > > > > https://www.ietf.org/blog/iesg-statement-normative-and-informati
> > > > > ve-
> > > > > references/
> > > > > note 1, "Even references that are relevant only for optional
> > > > > features must
> > > > be
> > > > > classified as normative if they meet the above conditions for
> > > > > normative references."
> > > > >
> > > > > This does seem to be something we actually need to care about
> > > > > before IETF
> > > > LC,
> > > > > though, as 7413 is Experimental and not listed in the downref
> > > > > registry (https://datatracker.ietf.org/doc/downref/), so if we
> > > > > leave it as
> > > > Informational
> > > > > and have to change it later, we'd need to also restart/re-run
> > > > > the IETF
> > LC.
> > > > >
> > > > > > , 7918
> > > > > > [Med] Idem as TFO.
> > > > >
> > > > > This is Informational (i.e., also susceptible to the downref issue).
> > > > >
> > > > > > , 7924
> > > > > > [Med] Idem as TFO.
> > > > >
> > > > > (idem x2), though this is standards-track at least, so we have
> > > > > more leeway
> > > > to
> > > > > move things around later.
> > > > >
> > > > >
> > > > >
> > > > > I think the most expedient thing to do here would just be to
> > > > > relax the requirement for TLS Falst STart, TFO, and Cached
> > > > > Information, perhaps to
> > > > text
> > > > > like "The following items are additional mechanisms that can
> > > > > reduce the
> > > > delay
> > > > > required to deliver a DOTS signal channel message, which
> > > > > implementations
> > > > are
> > > > > encouraged to implement as possible.", but I am open to other
> > > > > suggestions
> > > > for
> > > > > what to do.
> > > >
> > > > TLS False Start and Cached Information can be made normative
> > > > references (just like we referenced these items in our spec
> > > > https://tools.ietf.org/html/rfc8310)
> > > > TFO is for TCP only and that too for exception scenarios where UDP
> > > > is blocked. TFO can removed from the list of items the DOTS agents
> > > > SHOULD implement.
> > > >
> > > > NEW:
> > > > Compared to UDP, DOTS signal channel over TCP requires an
> > > > additional
> > > > round- trip time (RTT) of latency to establish a TCP connection.
> > > > Implementations are encouraged to implement TCP Fast Open
> > > > [RFC7413] to eliminate that RTT when information exists from prior TCP
> connection.
> > > >
> > > > -Tiru
> > > >
> > > > >
> > > > >
> > > > > > , and 7951
> > > > > > [Med] this one was not listed as normative because the
> > > > > > document lists two
> > > > > ways to do the mapping.
> > > > >
> > > > > Agreed.
> > > > >
> > > > > -Ben
> > > > >
> > > > > > > should also be Normative.
> > > > > > >
> > > > > > >
> > > > > > > -Ben
> > > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Dots mailing list
> > > > > Dots@ietf.org
> > > > > https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email