Re: [Dots] TR: [IANA #1181897] expert review for draft-ietf-dots-signal-call-home (service-names-port-numbers)
mohamed.boucadair@orange.com Fri, 13 November 2020 10:11 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D860D3A045E for <dots@ietfa.amsl.com>; Fri, 13 Nov 2020 02:11:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y_B4e-ABuiSK for <dots@ietfa.amsl.com>; Fri, 13 Nov 2020 02:11:27 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F6E53A044A for <dots@ietf.org>; Fri, 13 Nov 2020 02:11:27 -0800 (PST)
Received: from opfednr04.francetelecom.fr (unknown [xx.xx.xx.68]) by opfednr22.francetelecom.fr (ESMTP service) with ESMTP id 4CXZ4Y4gXVz10Fr; Fri, 13 Nov 2020 11:11:25 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1605262285; bh=NhiHMB3avxKINlD42IJHLlJpP+YwP43evUhZMf+oEJ4=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=nLZtkINzNfwfna4NLCmJOIxNRT6MwVDC++JzkGeB/Bz+IctUwoMhyHCmamFlD5QA4 6m8QIkprmtGx3qwDoceucofPRXohMrpSh5yhBegwifGTXncBtca96uEvIpQPSdD+O5 D9eqZHwXgfgx5dotxFm6xWgBetCVwBVEiGgFEmEqIdiC3p5wlCdXdDEsDh5ZoVYmE1 y6QC0MGMuwL+gwcdnOBj9sDUGU1gLIbQ9wzDG0smQBkyscbobh1io+Seoj20rKJcN3 wAbI4stCEr9GKgIpYqYPPbaq6B+syjf9MPCoseVIrx4sARWp958p8kG5UVrMOwjE85 EMT1oBZpuGRZQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.26]) by opfednr04.francetelecom.fr (ESMTP service) with ESMTP id 4CXZ4Y3WTWz1xpb; Fri, 13 Nov 2020 11:11:25 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Jon Shallow <supjps-ietf@jpshallow.com>, "dots@ietf.org" <dots@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Thread-Topic: [Dots] TR: [IANA #1181897] expert review for draft-ietf-dots-signal-call-home (service-names-port-numbers)
Thread-Index: AQHWuUUnhy7Zd6o6BEqxLESzuXjEqAII4yTRAoyXGv0CWm16A6k7+8HggFJasPA=
Date: Fri, 13 Nov 2020 10:11:24 +0000
Message-ID: <4919_1605262285_5FAE5BCD_4919_199_2_787AE7BB302AE849A7480A190F8B93303157935B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <RT-Ticket-1181897@icann.org> <rt-4.4.3-16672-1604531738-1164.1181897-37-0@icann.org> <rt-4.4.3-20454-1605220968-507.1181897-37-0@icann.org> <26112_1605254738_5FAE3E52_26112_375_1_787AE7BB302AE849A7480A190F8B9330315791E0@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <0d9901d6b9a2$f7752b60$e65f8220$@jpshallow.com>
In-Reply-To: <0d9901d6b9a2$f7752b60$e65f8220$@jpshallow.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/N_Y4FUCf4Er6sQA39MtkzCWao0Q>
Subject: Re: [Dots] TR: [IANA #1181897] expert review for draft-ietf-dots-signal-call-home (service-names-port-numbers)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2020 10:11:29 -0000
Hi Jon, Please see inline. Cheers, Med > -----Message d'origine----- > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] > Envoyé : vendredi 13 novembre 2020 10:54 > À : BOUCADAIR Mohamed TGI/OLN <mohamed.boucadair@orange.com>; > dots@ietf.org; Benjamin Kaduk <kaduk@mit.edu> > Objet : RE: [Dots] TR: [IANA #1181897] expert review for draft-ietf- > dots-signal-call-home (service-names-port-numbers) > > Hi All, > > I strongly recommend that we continue to press for separate ports. > > We have here 2 applications, very little overlap in functionality > using a common protocol (DOTS/CoAP/(D)TLS) - no real different to > say, mail and web both using a common protocol - TLS. > > If they insist on a single port, then we would have to do at least > one of > > a) Use different IP addresses albeit probably on the same host [Med] We can't force that. > b) De-multiplex incoming data to IP:port and steer to appropriate > application and transmit responses accordingly - a sort of DOTS > proxy front-ending things [Med] I'm not sure to get this one. Based on which criteria we can steer the traffic? > c) Merge the 2 applications into a single entity and enhance DOTS > protocol [Med] We could define an explicit message that requests "role reversal" once the (D)TLS session is created but this is might not be efficient especially when the session is to be established/reestablished during attack times. > d) Spawn off the appropriate instance when a new connection comes in > - but we are UDP here. > e) Rely on server (and call-home) discovery to provide an > alternative port. [Med] We do mention this one in the draft. The default port is used only when no config is available. To the question why discovery is not sufficient, the response is the same as the one we provided when we got assigned 4646. > > Note that the CoAP library I am using is not multi-thread safe which > complicates things further. [Med] Good point to know. > > Regards > > Jon > > > -----Original Message----- > > From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of > > mohamed.boucadair@orange.com > > Sent: 13 November 2020 08:06 > > To: dots@ietf.org; Benjamin Kaduk (kaduk@mit.edu) > > Subject: [Dots] TR: [IANA #1181897] expert review for > > draft-ietf-dots-signal-call- home (service-names-port-numbers) > > > > Hi All, > > > > We received this reply from the port expert. > > > > We do have an appendix that explains why we do need a port number: > > demux two distinct services (one to handle mitigation and another > one > > to request mitigations). When a DTLS connection is received, the > node > > hosting both the base and call home has no means to determine > which > > role it needs to proceed with. > > > > I'm not sure how we can follow the suggestion to "use two > different > > messages on the same port" especially that we don't define the > > transport but rely upon existing ones. > > > > Unless there are other tweaks not already discarded in the past, I > > suggest we maintain our request. > > > > Thoughts? > > > > Cheers, > > Med > > > > -----Message d'origine----- > > De : Sabrina Tanamal via RT [mailto:drafts-expert-review@iana.org] > > Envoyé : jeudi 12 novembre 2020 23:43 > > Cc : kondtir@gmail.com; BOUCADAIR Mohamed TGI/OLN > > <mohamed.boucadair@orange.com>; supjps-ietf@jpshallow.com; > > valery@smyslov.net; frank.xialiang@huawei.com; rdd@cert.org; > > kaduk@mit.edu Objet : [IANA #1181897] expert review for > > draft-ietf-dots-signal-call-home > > (service-names-port-numbers) > > > > Dear Authors, > > > > We have a response from the IESG-designated port expert: > > > > I do not see sufficient reason for a second port assignment to be > made > > for this single system. At best, they should just use two > different > > messages on the same port. > > > > This request should not be considered in isolation; it is coupled > to > > https://tools.ietf.org/html/draft-ietf-dots-server-discovery. > > > > One service, one port. > > > > === > > > > Best regards, > > > > Sabrina Tanamal > > Senior IANA Services Specialist > > > > _________________________________________________________________ > > ________________________________________________________ > > > > Ce message et ses pieces jointes peuvent contenir des informations > > confidentielles ou privilegiees et ne doivent donc pas etre > diffuses, > > exploites ou copies sans autorisation. Si vous avez recu ce > message > > par erreur, veuillez le signaler a l'expediteur et le detruire > ainsi > > que les pieces jointes. Les messages electroniques etant > susceptibles > > d'alteration, Orange decline toute responsabilite si ce message a > ete > > altere, deforme ou falsifie. Merci. > > > > This message and its attachments may contain confidential or > > privileged information that may be protected by law; they should > not > > be distributed, used or copied without authorisation. > > If you have received this email in error, please notify the sender > and > > delete this message and its attachments. > > As emails may be altered, Orange is not liable for messages that > have > > been modified, changed or falsified. > > Thank you. > > > > _______________________________________________ > > Dots mailing list > > Dots@ietf.org > > https://www.ietf.org/mailman/listinfo/dots _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [Dots] TR: [IANA #1181897] expert review for draf… mohamed.boucadair
- Re: [Dots] TR: [IANA #1181897] expert review for … Jon Shallow
- Re: [Dots] TR: [IANA #1181897] expert review for … mohamed.boucadair
- Re: [Dots] TR: [IANA #1181897] expert review for … Jon Shallow
- Re: [Dots] [IANA #1181897] expert review for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] [IANA #1181897] expert review for draf… mohamed.boucadair
- [Dots] [IANA #1181897] expert review for draft-ie… Sabrina Tanamal via RT
- Re: [Dots] [IANA #1181897] expert review for draf… mohamed.boucadair