[Dots] AD review of draft-ietf-dots-data-channel-25
Benjamin Kaduk <kaduk@mit.edu> Wed, 13 February 2019 16:46 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 591341200ED; Wed, 13 Feb 2019 08:46:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fbPwTSK6VhdO; Wed, 13 Feb 2019 08:46:30 -0800 (PST)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700119.outbound.protection.outlook.com [40.107.70.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE7151200B3; Wed, 13 Feb 2019 08:46:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gN5VpsXD7iIpCFnvjyqj4P10V/Z/uPI9xy1bWgSJWFM=; b=JPtF+SNwCt6fLCpN/O82HejWmoUM8ScV5v3zFANHRNWw4hNGSD+WFlhytCqSA7aswoV0FD9WZUeENLgYir1LS+er+TGDmOml2ck1aD1PQqORuSeUH9xkum0M9mt1Ki34JtJUVewLVkT3WgHbezsilmFrHrDDdgAPWwrsLsI/BwA=
Received: from DM5PR0101CA0034.prod.exchangelabs.com (2603:10b6:4:28::47) by MWHPR01MB3213.prod.exchangelabs.com (2603:10b6:300:fa::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.22; Wed, 13 Feb 2019 16:46:27 +0000
Received: from DM3NAM03FT065.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::208) by DM5PR0101CA0034.outlook.office365.com (2603:10b6:4:28::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.16 via Frontend Transport; Wed, 13 Feb 2019 16:46:27 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT065.mail.protection.outlook.com (10.152.82.254) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.10 via Frontend Transport; Wed, 13 Feb 2019 16:46:26 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x1DGkNIV006418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Feb 2019 11:46:25 -0500
Date: Wed, 13 Feb 2019 10:46:23 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: draft-ietf-dots-data-channel@ietf.org
CC: dots@ietf.org
Message-ID: <20190213164622.GX56447@kduck.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(39860400002)(136003)(2980300002)(199004)(189003)(51444003)(2351001)(106002)(316002)(186003)(75432002)(47776003)(786003)(58126008)(36906005)(26826003)(16586007)(478600001)(23726003)(126002)(486006)(8676002)(46406003)(476003)(8936002)(956004)(50466002)(4326008)(246002)(33656002)(26005)(336012)(356004)(106466001)(426003)(6916009)(14444005)(305945005)(104016004)(55016002)(88552002)(97756001)(1076003)(450100002)(2906002)(7696005)(30864003)(53416004)(86362001)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR01MB3213; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM03FT065; 1:So49SHgmO41EKqPQXA5s8ElEcXF5O+SpJyw+4wJa5UNCtiAXUGc/zIfSCzW0TsqJfzkgzzTTmlu1PSDMVNObImBTLtMkQ/+JYYg2lD4BG9vh4955DVetbKzSXlc5UIlPSOE7af50dTV1QN436XLh0g==
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 857d762a-28ef-4711-7b4e-08d691d2cbee
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4608076)(4709027)(2017052603328)(7153060); SRVR:MWHPR01MB3213;
X-MS-TrafficTypeDiagnostic: MWHPR01MB3213:
X-Microsoft-Exchange-Diagnostics: 1; MWHPR01MB3213; 20:Vhcv0hHMp3B2nkITBdbi3UhpG5H13oJaSZrEVCUejd67asnCWph2YTJIJ5jp9JVF2fko24SQG5vWd0NLDndMR+4ZGuT3d1HZZo6DctJVRVXyIgsf3+kJtI4PKfU+ycyP7fSMCOfCtbDsz6KhJldmb5j1ueHRKUq5STEQ0wb6w1aZMYrIMXC0uM8XWnIM4jODRAmhmw9JZ2HQOLPwcsFngvL7Wroew91ha74kbbgCvks2YX7DGJt9MKwyhPkjKiA0k8Z8I9OcC2E/PnqQo4CLUwR2z46elBfsLErWjQan1xut/Y0dBH7t/viIOPUmLjF384nK35Yn/jly7uY78ze81ofqmrFh2qaIPu07T+iJlHAUPeAUU15Wqz3ry4JtPUwsbFrocQDAT/h8w7baxH6trDqzUDkwabn0qmq8/Ios89f4fIpZGbthdbPpH0+PaOLUraH/oJPc/qpbAsAUjyLNT+2oFFwn7AUX46La5JGOczRjhcAp714Zd1y70mFuxlhUQB+FaUR/6IF4kFeGbnblg0PMN9qqtsr4i9r9cspkCNCVsu4ng+deQ+/7bWF8MyAU/oz30ptlMbqIiFbiZMAcKj9R8kV+luaP8p0UsX8wWkg=
X-Microsoft-Antispam-PRVS: <MWHPR01MB321398AF9C208F0AE2E93A0EA0660@MWHPR01MB3213.prod.exchangelabs.com>
X-Forefront-PRVS: 094700CA91
X-Microsoft-Exchange-Diagnostics: 1; MWHPR01MB3213; 23:FLPimXXmMYBXubfkZT7rX4fyYhofVznfXjxGVV/MqGE870e56EXRBpUQNA+K1ngTTGwYdnWlaK5y0feAOS3/Si0SBL0k6enxdprq1jC2wa+F+/L8cFa4HZ61GpTysti+WhRDaHvqWaWm0oujhARnp1+MuPgjeAYz6zDlBvVpEbwMM++XrodI/EVeiuvjTg491/iiEV3VJC7a9hGHrqAkrMRaeS1tVDXY//l0CQz4nImSn75e5rm3nZWRBbjDhQbMgQi398CGKLAdPakPy12OsSCgyNkKzIo/QigJaAtFFRmFSBA+BfT7d9Aw/vheqAppNCL7Vjbx+HOp6AzoX1hj4Bae0N+VNVXr/e9DhQ3TLAT1wbfHAX/DYjg66gpf1Lu2dpQIdl0PxaLZnp8RpApZjQfRd/nJmpHRcLpvV8uW5ddOWg+L6hEFtjwsmNXXtpXC9jZpPLG114kQQFkstY42Up4kK1sOUw+1Lc5sqDZoV7TY4XmqHvI9aqGoX7t1xmMWS0ZmxR/0Lop6Uo8GcG7XZOYxpmswJx1MzfNNLyorXL1tFA+/aUnRVZdd1IaKOgGEpQQLjJns8fijHpVgsRc4pyTK56VoV6oo35Rafzb0S+V2cHqMbCnc1qSRHEIjtoBlPBCIVPf/bHcfV2uTPNwCjDvS5MJ8Ks63M5E4EqqLK5/gi9RiAaM9VK7lDtUGeCI9kK2+hmQ53dlo4LM9K2D44eu8Y/U/p6tR4gG3yw3b9Ex+ULazto+fpryYtdArtnc0wsi1ViVxdTcwrLzflX/FTjlwPCyw10D0uqPnbe8j03L2VP5XsU8aV0QIMLSCILAiLqKUlhDkMq+X7Qef37OZrzqnRa5I2zf8EYpz7eXyVLV32cpyhB8K/dWCun4/uLf06viivFbaDC/M10oZKvinH1UPiJof1gwJvSjUIvEEgZscCPboAJKkHq1NG5khTPQ+ndfkIFHObuaVfQA5r4B3XMgk9a+vh81f07TJxrJcSQPNRWBUnQVBbuNAf3hrryPPB4ZqFXRWuIqK3IFjWoxJWuiUJB1giGC6DfEULs0kcd15p7n84HOATC1ToDDPWwFx+d+ytcUL/3ma84822eugqShfZ10LEF3sy+H/cVHJlKVgRiXYxsNHVUDJp7okHVAL/ebnWEp8c25y2CM+zpn7gA==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 65CZH7CtISXZm5oAjbJ7joVeKjVKWE7NTA4pPaRH7oorP2JZQUVT1fRLtcg1aWurPlKLRh2ySp/sDB6XicT2tZPE5dl5pyULU57vuTMsOgQuRCV0xd+wjfnllxuanE4f7t8DrYsYrFnyttfAGikE3tdSLb7F4BNMkUJWJJo2pvF6jljzjEkNkFU2NwfuIjpZFvIoB5pX9DUgMLnQTKoSoNXdWn5SrytH2Bz/7iQkeSZw0ynX/WSkfoBC4XLXuB9Dr1KaiH7eO4us6OxZydgaVYDKvBQ2unXEe3pwr93pz7G3AW4NzG4m4vXYRsgvVn7gkwTJfX9L9wptvkWkXvhyseFBB8yeYCXO/qh8SQGv6mKgj7ax/lEydwlWjiRqeodTNQMOjQZl3lcT2+AY0AAQ0RbqmLs1XKAEcuZJq+qQhIw=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2019 16:46:26.7475 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 857d762a-28ef-4711-7b4e-08d691d2cbee
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR01MB3213
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/L2BZtDJUWiJIwh_YCITx7M_IqV0>
Subject: [Dots] AD review of draft-ietf-dots-data-channel-25
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 16:46:34 -0000
This is my AD review of the -25 I see that Med made a commit on github that preemptively addressed at least one of these comments, but will trust the authors to do to the right thing with anything in here that's stale. A handful of generic and/or high-level comments before the section-by-section nitty-gritty stuff. The author count is large (7); RFC 7322 notes that the stream approver (i.e., the IESG) will ask questions if the count is more than five. What should I tell people when they ask? (The authors are listed also in the YANG module itself, if changes are made.) Can someone (the shepherd?) confirm that an automated syntax checker has run over the JSON in examples? The concept of "DOTS client domain" is being used for actual protocol purposes here (most notably as a bound on the prefix(es) that a client can request mitigation for, but I don't remember seeing a formal definition for how any DOTS actor would know the specific bounds of such a client domain. Is there text somewhere that I missed that we can point to, or will we need to add some? We don't say much about what validation the server does on input data, and we probably should. For example, does the server need to validate 'cuid' and/or 'cdid' in dots-client-creation requests? What about validating that the (e.g.) ACL name in the PUT URL matching the name in the body of the request? There are probably others as well. The examples all use "Host: {host}:{port}" which is not really an example but rather a template. Since they are supposed to be examples, we should pick a concrete hostname (and port) to use. There is, shall we say, a "high degree of overlap" between Sections 5/6/7 and the YANG model field descriptions. I mostly assume that the WG considered letting the YANG model (and the core RESTCONF spec) stand alone without the additional examples/specification of the use of RESTCONF to manage clients, aliases, and filter rules, so I won't suggest that we revisit the question. But I do think that it would be good to have some explicit text acknowledging the overlap and stating which one is authoritative. There seems to be some mismatch between whether the IPv6 ACL subtree uses "ttl" or "hoplimit" -- Figure 7 has "ttl" but the rest of the document seems to (properly) use "hoplimit". Someone else should double-check the relevant places, though, as I'm not sure I was looking at all of them with this issue in mind. I'm also a bit curious about the use of an explicit "capabilities" tree for fine-grained feature detection, as opposed to native YANG "feature"s. The latter would allow the relevant nodes to just not exist when unsupported, as opposed to the explicit-capabilities formulation where they exist but are (presumably) ignored. (I don't remember us explictily saying that they're ignored in this case, either; might be worth adding some text.) In a similar vein, we include 'capabilities' nodes for a few matching features that are listed as "mandatory fields" for ACL matching in Table 1, and thus whose value would always be "true". Why do we need the capability leaves in such a case? idnits notes a few references that can be updated along with the other changes; it also flags a "reference in abstract" for the RFC Editor note which we could probably ignore (but could probably also just remove the brackets around the text in question). I also looked at the references (especially the normative/informative split) and have a few suggestions: - the IEEE.754.1985 reference is not needed; we don't use the binary floating-point encoding but rather a string one for YANG decimal64 - I think that RFC 8499 (dnsop-terminology-bis) can wholly supersede our usage of RFC 1983, so the 1983 cite can be dropped as well - draft-ietf-dots-requirements (for terminology), RFC 7950, and RFC 8259 should probably all move to the normative section Section 1 The sub-bullet point about "If a network resource ... informs its servicing DOTS gateway of all suspect IP addresses that need to be drop- or accept-listed ..." made me wonder if that was more of a signal-channel activity or a data-channel one. Perhaps this is just a matter of the text not being as clear as it could be. (I also wonder if we should say "further investigation" since we don't really have an automated way to indicate that yet.) Section 2 When we talk about tree diagrams, should we also say something like "Note that the full module's tree has been split across several figures to aid the exposition of the various sub-trees"? Section 3.1 When we talk about using GET to retrieve running configuration, do we want to note that since the data channel can fail during attack time, it's expected to be common to perform such a GET before attempting to make modifications to configuration? A DOTS client registers itself to its DOTS server(s) in order to set up DOTS data channel-related configuration data and receive state data (i.e., non-configuration data) from the DOTS server(s) (Section 5). Mutual authentication and coupling of signal and data channels are specified in [I-D.ietf-dots-signal-channel]. I think we should split the "mutual authentication" and "coupling of signal and data channels" into their own sentence, and flesh them out slightly more. So, section references to Sections 8 and 4.4.1, respectively, the usage of TLS client certificates, the coupling of channels via the client's identity ('cuid' and 'cdid'), etc. A TLS heartbeat [RFC6520] verifies that the DOTS server still has TLS state by returning a TLS message. I expect this will get some pointed comments during IETF LC, given the recent-ish IETF-wide discussions about heartbeats/keepalives in general. Is there perhaps a RESTCONF-level probe message that could be used to check liveliness; a capabilities query perhaps? A DOTS server may detect conflicting filtering requests from distinct DOTS clients which belong to the same domain. For example, a DOTS client could request to drop-list a prefix by specifying the source prefix, while another DOTS client could request to accept-list that same source prefix, but both having the same destination prefix. It is out of scope of this specification to recommend the behavior to follow for handling conflicting requests (e.g., reject all, reject the new request, notify an administrator for validation). DOTS servers SHOULD support a configuration parameter to indicate the behavior to follow when a conflict is detected. Section 7.2 specifies the behavior when no instruction is supplied to a DOTS server. I'm a bit confused by the "out of scope of this specification to recommend the behavior to follow for handling conflicting requests", since not only does the last sentence of the paragraph give a pointer to a specified behavior in case of conflicts, but we also mention it in a couple other places (e.g., the bottom of page 43). Also in that paragraph, it's unclear that a 2119 SHOULD is appropriate for "support a configuration parameter"; there's no interoperability considerations for having or not having such a configuration knob. Section 3.3 NAT Considerations have "high overlap" with the text at the end of the signal-channel's "Design Overview". At a minimum we should diff them and enforce convergence, but do we want to consider just having one refer to the other? Section 3.5 I had to read up on RESTCONF and NETCONF while reviewing this, but from what I've seen so far, the "error-severity" field is only present in NETCONF and not RESTCONF. If so, then we shouldn't need to talk about it here, since we use RESTCONF exclusively. I also couldn't find whether there's a registry that we should add the "loop-detected" error-tag to. Can anyone here help me out? Section 4.2 Is there any plan/expectation for filtering/match rules for QUIC? It is probably premature to put anything in this document specifically, but still worth thinking about. The order in which the leaves appear in the "capabilities/ipv6" and "capabilities/tcp" subtrees do not match the order they appear in the ACL subtree itself; it would be good to keep the order consistent. We don't really say much about what the semantis of the "port-range" capabilities are; is that supposed to indicate any port-matching ability at all, or specifically the low-to-high range matching, or also the "operator" options? Section 4.3 We define an "operator" typedef that is rather different from that from netmod-acl-model. Do we want to use a different name to aid disambiguation? ("bitmask-operator" comes to mind as an option.) typedef fragment-type { type bits { bit df { position 0; description "Don't fragment bit for IPv4. This bit must be set to 0 for IPv6."; Set to zero by whom? What should the receiver do if it is set otherwise? What are the semantics if (either or both of target-fqdn and target-uri) and target-prefix are specified? (I suppose maybe this could be covered in Section 6.1 when we say that at least one is required in ACL-creation requests.) The units for the "rate-limit" node should be specified in the YANG module and not in the description of how to install filtering rules. list dots-client { key "cuid"; description "List of DOTS clients."; leaf cuid { type string; description "A unique identifier that is randomly generated by a DOTS client to prevent request collisions."; I don't think "randomly generated" is really correct here. The "capabilities/icmp/rest-of-header" description should be more clear that (per draft-ietf-netmod-acl-model) it is supposed to match both the ICMP four-byte field and the ICMPv6 message body. Section 5.1 It may be worth reiterating that (per the signal-channel doc) gateways may rewrite the 'cuid'. When POST is used to create a dots-client resource, how does the client know the path of the created resource (to be used for subsequent RESTCONF requests)? (I assume it is supposed to just use the submitted 'cuid', but we need to explicitly say this. This also seems to render much of the distinction between POST and PUT moot, for our usage, though I do not propose any change to the text.) The DOTS gateway, that inserted a 'cdid' in a PUT request, MUST strip the 'cdid' parameter in the corresponding response before forwarding the response to the DOTS client. Why does this apply only to PUT and not POST? Section 6.1 DOTS clients within the same domain can create different aliases for the same resource. My reading of this text is that client A can create alias "foo" for IP prefix 128.0.1.5/31 and clinet B can create alias "bar" for the same IP prefix, and that DOTS supports that process. (Just to confirm that the text is saying what it's intended to.) I do wonder if we want to say something about whether alias names need only be unique per 'cuid' or in some more global fashion. (Having a global uniqueness property is perhaps convenient in order to interface with non-DOTS mechanisms for querying aliases, or for the DOTS server to interact with network filtering appliances.) Figure 16 puts double-quotes around "string" in the pseudo-schema, which feels weird to me. target-fqdn: A list of Fully Qualified Domain Names (FQDNs). An FQDN is the full name of a resource, rather than just its hostname. For example, "venera" is a hostname, and "venera.isi.edu" is an FQDN [RFC1983]. Refer to [I-D.ietf-dnsop-terminology-bis] for more details. I don't think this text is particularly well-aligned with RFC 8499 and would suggest trimming it substantially and just pointing to that RFC. If the request is missing a mandatory attribute or its contains an invalid or unknown parameter, "400 Bad Request" status-line MUST be returned by the DOTS server. The error-tag is set to "missing- attribute", "invalid-value", or "unknown-element" as a function of the encountered error. This text seems to preclude any future extension that adds new error tags; is this intended? Section 7.1 A DOTS client which issued a GET request to retrieve the filtering capabilities supported by its DOTS server, SHOULD NOT request for filtering actions that are not supported by that DOTS server. What is the server behavior if the client ignores this SHOULD NOT? Figure 23 shows an example of a response received from a DOTS server which only supports the mandatory filtering criteria listed in Section 4.1. This seems inaccurate, as the mandatory filtering criteria exlude the rate-limit among others. Section 7.2 activation-type: Indicates whether an ACL has to be activated (immediately or during mitigation time) or instantiated without being activated (deactivated). Deactivated ACLs can be activated using a variety of means such as manual configuration on a DOTS server or using the DOTS data channel. Is this done by the data channel or the signal channel? If this attribute is not provided, the DOTS server MUST use 'activate-when-mitigating' as default value. Why do we specify default values here instead of in the YANG module? Filters that are activated only when a mitigation is in progress MUST be bound to the DOTS client which created the filtering rule. Other filters do not need to be bound to the DOTS client that created them? Wouldn't we still want to remove them when the dots-client resource in question is deleted? destination-ipv4-network: The destination IPv4 prefix. DOTS servers [...] This is a mandatory attribute in requests with an 'activation- type' set to 'immediate'. I somehow thought there were YANG attributes that could indicate this conditional requirement in the module itself, though I am hardly a YANG expert. The error-tag is set to "missing-attribute", "invalid-value", or "unknown-element" as a function of the encountered error. Same comment as above about (non-)extensibility. Section 7.3 I see that the "test-acl-*" and "test-ace-*" acl and ace objects in these examples do in fact use different names for the semantically different objects, but perhaps we could help the reader's eye and use strings with a larger Hamming distance? (I thought they were all the same on my first read.) (I also am a little confused at why the "ace" "name" field is considered a non-config field, in Figure 31, but this seems more likely to be my confusion than an error in the document.) Section 8 o DOTS server MUST NOT enable both DOTS data channel and direct configuration to avoid race conditions and inconsistent configurations arising from simultaneous updates from multiple sources. o DOTS agents SHOULD enable DOTS data channel to configure aliases and ACLs, and only use direct configuration as a stop-gap mechanism to test DOTS signal channel with aliases and ACLs. Further, direct configuration SHOULD only be used when the on-path DOTS agents are within the same domain. Doesn't all this discussion of "direct configuration" conflict with the "MUST NOT" in the first bullet point? Section 10 Generally with the security considerations template for YANG modules, we need to list out all the nodes considered sensitive and the consequences of writing(/reading) each one in turn.
- [Dots] AD review of draft-ietf-dots-data-channel-… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Roman Danyliw
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy