Re: [Dots] Alexey Melnikov's Discuss on draft-ietf-dots-data-channel-28: (with DISCUSS and COMMENT)

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 02 May 2019 13:07 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6802120110; Thu, 2 May 2019 06:07:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gAnf5ootGupO; Thu, 2 May 2019 06:06:59 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D0DF1200FC; Thu, 2 May 2019 06:06:58 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1556802027; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: Content-Transfer-Encoding:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=C xkXGIM0TiyaAm9Tqyp71ciksC0P7mnKWjkiuxvouO M=; b=SXoWfF97pVJWG0VwYuEtXMK/iZOcjei6ppmFrJ5N6iJE +gHAjLlSstN4zuSocYhKtCgrMYe2rzzECFwoKYJhdn6Llx3s2f X46IQzKY+t0kI/dQMz1cTGbV5uupOd8z/e3hZ7GDg42A/rwmgq AD1JjcSqeVuafoUv71zAr/P90GM=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 0db0_ef64_1350c0c8_78d7_4557_a85c_da8755c443d5; Thu, 02 May 2019 07:00:26 -0600
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 2 May 2019 07:06:38 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Thu, 2 May 2019 07:06:38 -0600
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 2 May 2019 07:05:51 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2758.namprd16.prod.outlook.com (20.178.233.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.11; Thu, 2 May 2019 13:05:50 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62%5]) with mapi id 15.20.1835.018; Thu, 2 May 2019 13:05:50 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Alexey Melnikov" <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>
CC: Roman Danyliw <rdd@cert.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "dots@ietf.org" <dots@ietf.org>, "draft-ietf-dots-data-channel@ietf.org" <draft-ietf-dots-data-channel@ietf.org>
Thread-Topic: Alexey Melnikov's Discuss on draft-ietf-dots-data-channel-28: (with DISCUSS and COMMENT)
Thread-Index: AQHVAKeEu22TIA3OO0ynlkJFrXh1gqZXyk5w
Date: Thu, 2 May 2019 13:05:50 +0000
Message-ID: <BYAPR16MB279028E1CF3659EDDBF2DF36EA340@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155671650926.861.1001981088328880000.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA68974@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA68974@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [49.37.205.191]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 30ac6975-1074-4c49-2088-08d6cefee6b6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR16MB2758;
x-ms-traffictypediagnostic: BYAPR16MB2758:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BYAPR16MB275811AB38C1B0250E7B5EBFEA340@BYAPR16MB2758.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0025434D2D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(376002)(396003)(136003)(39860400002)(32952001)(13464003)(199004)(189003)(66556008)(66476007)(66446008)(64756008)(81156014)(66946007)(8676002)(81166006)(316002)(4326008)(73956011)(6506007)(478600001)(53546011)(110136005)(33656002)(6246003)(86362001)(76176011)(66066001)(76116006)(54906003)(8936002)(99286004)(7696005)(2906002)(486006)(68736007)(446003)(11346002)(71190400001)(71200400001)(25786009)(476003)(102836004)(72206003)(966005)(26005)(186003)(14454004)(80792005)(74316002)(229853002)(55016002)(2501003)(256004)(5024004)(14444005)(305945005)(52536014)(7736002)(6436002)(5660300002)(9686003)(3846002)(53936002)(6306002)(6116002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2758; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: d+LiFRcYLgB2Ikb5KU88T1hGBUxbyHx4+7IHobQAG//T5Nw2PXL4djjxyY1gs6aVb3VS7VMY1eE8AKJpxPGRbqjLmZ3zPh0MLYWdCYviEL1pgh4EdryB7N6rfYBAQBV82Kyo7Tnc5GH/Bpp3LpvuCTtnh5rVhWEd2wuL1x0C9UK76FZGYbd0pSGY81UbkCi1b1Xh0PUacHecltZTAwdNGZ59Qei9d6uZQYIBbvqf+lU2MUZcJCyGkpFIKA9SlSm9K1f6kRiM0/fbA8Gu50AZupWsVCa7bRtixhES3eHh02ruwzCLfqsyXWX9XAt8QmdCwEG0pDA6IFjrk1F/XBtZViqFvo8WOdiQlsT5JqJAbTrFYY/IGvkmrHzK6Y5s7aCNvHsrZSp25uvNEhRSW8VpRSGifMh3TmqKlxRB43Kfgdk=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 30ac6975-1074-4c49-2088-08d6cefee6b6
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 May 2019 13:05:50.5533 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2758
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6538> : inlines <7070> : streams <1820356> : uri <2839666>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/KDM4zyFCd-VyeNudIaWMFOmVWlc>
Subject: Re: [Dots] Alexey Melnikov's Discuss on draft-ietf-dots-data-channel-28: (with DISCUSS and COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 13:07:02 -0000

> -----Original Message-----
> From: Dots <dots-bounces@ietf.org> On Behalf Of
> mohamed.boucadair@orange.com
> Sent: Thursday, May 2, 2019 10:55 AM
> To: Alexey Melnikov <aamelnikov@fastmail.fm>fm>; The IESG <iesg@ietf.org>
> Cc: Roman Danyliw <rdd@cert.org>rg>; dots-chairs@ietf.org; dots@ietf.org;
> draft-ietf-dots-data-channel@ietf.org
> Subject: Re: [Dots] Alexey Melnikov's Discuss on draft-ietf-dots-data-
> channel-28: (with DISCUSS and COMMENT)
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
> 
> Hi Alexey,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Alexey Melnikov via Datatracker [mailto:noreply@ietf.org] Envoyé
> > : mercredi 1 mai 2019 15:15 À : The IESG Cc :
> > draft-ietf-dots-data-channel@ietf.org; Roman Danyliw; dots-
> > chairs@ietf.org; rdd@cert.org; dots@ietf.org Objet : Alexey Melnikov's
> > Discuss on draft-ietf-dots-data-channel-28: (with DISCUSS and COMMENT)
> >
> > Alexey Melnikov has entered the following ballot position for
> > draft-ietf-dots-data-channel-28: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut
> > this introductory paragraph, however.)
> >
> >
> > Please refer to
> > https://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-dots-data-channel/
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > Thank you for a well written document. It was a pleasure to read.
> >
> 
> [Med] Thank you.
> 
> > I have a small set of issues that I would like to be fixed before
> > recommending approval of this document.
> >
> > 1) In 3.1:
> >
> >    DOTS data channel configuration information as well as state
> >    information can be retrieved with the GET method.  An HTTP status-
> >    line header field is returned for each request to report success or
> >
> > I know this text is copied from RFC 8040, but "status-line header field"
> > is not correct.
> 
> [Med] Fully agree. I deleted "header field".
> 
>  It is either "status-line" or "header field".
> > (A header field always has ":" in it and HTTP status-line doesn't).
> > I think you meant the former.
> >
> > If I misundestood and this is a part of payload itself, then your
> > document should have an example.
> >
> >    failure for RESTCONF operations (Section 5.4 of [RFC8040]).  The
> >    "error-tag" provides more information about encountered errors
> >    (Section 7 of [RFC8040]).
> >
> > 2)
> >
> > 5.1.  Registering DOTS Clients
> >
> >    In order to make use of DOTS data channel, a DOTS client MUST
> >    register to its DOTS server(s) by creating a DOTS client ('dots-
> >    client') resource.  To that aim, DOTS clients SHOULD send a POST
> >    request (shown in Figure 11).
> >
> >     POST /restconf/data/ietf-dots-data-channel:dots-data HTTP/1.1
> >     Host: {host}:{port}
> >     Content-Type: application/yang-data+json
> >     {
> >       "ietf-dots-data-channel:dots-client": [
> >         {
> >           "cuid": "string"
> >         }
> >       ]
> >     }
> >
> > Your example is syntactically invalid, as you need an empty line after
> > the Content-Type header field (before the payload).
> >
> > The same issue is pretty much in every example in your document.
> 
> [Med] Fixed.
> 
> >
> > 3) In the same section 5.1:
> >
> >    DOTS servers can identify the DOTS client domain using the 'cdid'
> >    parameter or using the client's DNS name specified in the Subject
> >    Alternative Name extension's dNSName type or SRV-ID in the client
> >    certificate.
> >
> > SRV-ID needs a Normative reference to RFC 6125.
> 
> [Med] Done.
> 
> >
> > Also, can you give an example of how SRV-ID is going to be used?
> 
> [Med] We will discuss this in the signal channel draft.

SRV-ID does not make sense for a DOTS client certificate, DOTS server can use the dNSName type in the DOTS client certificate.

Cheers,
-Tiru

> 
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > In 6.1:
> >
> >    name:  Name of the alias.
> >
> >       This is a mandatory attribute.
> >
> > Are there any restrictions on which characters can appear in aliases?
> 
> [Med] We don't have any restriction.
> 
> >
> > In 7.1 (on page 49):
> >
> >     Content-Type: application/yang-data+json
> >     {
> >      "ietf-dots-data-channel:capabilities": {
> >
> > This is not a valid response. Firstly, the status-line is missing
> > Secondly, you are missing the empty line before the payload.
> 
> [Med] This a response message body. Clarified this in the text.
> 
> >
> > In 7.2 (on page 52):
> >
> >    The DOTS server indicates the result of processing the POST request
> >    using the status-line header.
> >
> > Again, drop "header" after status-line.
> 
> [Med] Fixed. Thanks.
> 
> For clarity you can say "the HTTP
> > status-line".
> >
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots