Re: [Dots] TR: [IANA #1181897] expert review for draft-ietf-dots-signal-call-home (service-names-port-numbers)
Jon Shallow <supjps-ietf@jpshallow.com> Fri, 13 November 2020 10:41 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 899A93A0061 for <dots@ietfa.amsl.com>; Fri, 13 Nov 2020 02:41:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOprFZpaU-R0 for <dots@ietfa.amsl.com>; Fri, 13 Nov 2020 02:41:17 -0800 (PST)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15EA13A0045 for <dots@ietf.org>; Fri, 13 Nov 2020 02:41:16 -0800 (PST)
Received: from mail2.jpshallow.com ([192.168.0.3] helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.92.3) (envelope-from <jon.shallow@jpshallow.com>) id 1kdWW1-0005RQ-TW; Fri, 13 Nov 2020 10:41:13 +0000
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: mohamed.boucadair@orange.com, dots@ietf.org, Benjamin Kaduk <kaduk@mit.edu>
References: <RT-Ticket-1181897@icann.org> <rt-4.4.3-16672-1604531738-1164.1181897-37-0@icann.org> <rt-4.4.3-20454-1605220968-507.1181897-37-0@icann.org> <26112_1605254738_5FAE3E52_26112_375_1_787AE7BB302AE849A7480A190F8B9330315791E0@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <0d9901d6b9a2$f7752b60$e65f8220$@jpshallow.com> <4919_1605262285_5FAE5BCD_4919_199_2_787AE7BB302AE849A7480A190F8B93303157935B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <4919_1605262285_5FAE5BCD_4919_199_2_787AE7BB302AE849A7480A190F8B93303157935B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Fri, 13 Nov 2020 10:41:10 -0000
Message-ID: <0da401d6b9a9$801bb780$80532680$@jpshallow.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQH/4z+WVNCUCDBZnJ72+IWtP4LuYAII4yTRAoyXGv0CWm16AwJ9iN7OAOEsvlupIRMnYA==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/NtFOBhK_4mnVShHNn3rwkyi3rCg>
Subject: Re: [Dots] TR: [IANA #1181897] expert review for draft-ietf-dots-signal-call-home (service-names-port-numbers)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2020 10:41:20 -0000
Hi, Please see inline. Regards Jon > -----Original Message----- > From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of mohamed.boucadair@orange.com > Sent: 13 November 2020 10:11 > To: Jon Shallow; dots@ietf.org; Benjamin Kaduk > Subject: Re: [Dots] TR: [IANA #1181897] expert review for draft-ietf-dots-signal- > call-home (service-names-port-numbers) > > Hi Jon, > > Please see inline. > > Cheers, > Med > > > -----Message d'origine----- > > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] > > Envoyé : vendredi 13 novembre 2020 10:54 > > À : BOUCADAIR Mohamed TGI/OLN <mohamed.boucadair@orange.com>; > > dots@ietf.org; Benjamin Kaduk <kaduk@mit.edu> > > Objet : RE: [Dots] TR: [IANA #1181897] expert review for draft-ietf- > > dots-signal-call-home (service-names-port-numbers) > > > > Hi All, > > > > I strongly recommend that we continue to press for separate ports. > > > > We have here 2 applications, very little overlap in functionality > > using a common protocol (DOTS/CoAP/(D)TLS) - no real different to > > say, mail and web both using a common protocol - TLS. > > > > If they insist on a single port, then we would have to do at least > > one of > > > > a) Use different IP addresses albeit probably on the same host > > [Med] We can't force that. Jon> Agreed. > > > b) De-multiplex incoming data to IP:port and steer to appropriate > > application and transmit responses accordingly - a sort of DOTS > > proxy front-ending things > > [Med] I'm not sure to get this one. Based on which criteria we can steer the > traffic? Jon> Some addition to the DOTS protocol that is used at start up to say this is "call-home". However, a DOTS client / Call Home DOTS server could not use the same source port as the DOTS proxy could not differentiate based on the 5-tuple - so the steering would have to be done based on source port - all a bit messy. > > > c) Merge the 2 applications into a single entity and enhance DOTS > > protocol > > [Med] We could define an explicit message that requests "role reversal" once > the (D)TLS session is created but this is might not be efficient especially when the > session is to be established/reestablished during attack times. Jon> Agreed. Merging the 2 applications in my case would not be an easy task. Again, a combined DOTS client / Call Home DOTS server talking to a combined DOTS server / Call Home DOTS client would have to use different source ports so that channel usage can be separated unless we tag each request/response with its usage. > > > d) Spawn off the appropriate instance when a new connection comes in > > - but we are UDP here. > > e) Rely on server (and call-home) discovery to provide an > > alternative port. > > [Med] We do mention this one in the draft. The default port is used only when > no config is available. To the question why discovery is not sufficient, the > response is the same as the one we provided when we got assigned 4646. Jon> Agreed > > > > > Note that the CoAP library I am using is not multi-thread safe which > > complicates things further. > > [Med] Good point to know. Jon> Given that CoAP is supposed to be lightweight, this could also be true for other CoAP libraries. > > > > > Regards > > > > Jon > > > > > -----Original Message----- > > > From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of > > > mohamed.boucadair@orange.com > > > Sent: 13 November 2020 08:06 > > > To: dots@ietf.org; Benjamin Kaduk (kaduk@mit.edu) > > > Subject: [Dots] TR: [IANA #1181897] expert review for > > > draft-ietf-dots-signal-call- home (service-names-port-numbers) > > > > > > Hi All, > > > > > > We received this reply from the port expert. > > > > > > We do have an appendix that explains why we do need a port number: > > > demux two distinct services (one to handle mitigation and another > > one > > > to request mitigations). When a DTLS connection is received, the > > node > > > hosting both the base and call home has no means to determine > > which > > > role it needs to proceed with. > > > > > > I'm not sure how we can follow the suggestion to "use two > > different > > > messages on the same port" especially that we don't define the > > > transport but rely upon existing ones. > > > > > > Unless there are other tweaks not already discarded in the past, I > > > suggest we maintain our request. > > > > > > Thoughts? > > > > > > Cheers, > > > Med > > > > > > -----Message d'origine----- > > > De : Sabrina Tanamal via RT [mailto:drafts-expert-review@iana.org] > > > Envoyé : jeudi 12 novembre 2020 23:43 > > > Cc : kondtir@gmail.com; BOUCADAIR Mohamed TGI/OLN > > > <mohamed.boucadair@orange.com>; supjps-ietf@jpshallow.com; > > > valery@smyslov.net; frank.xialiang@huawei.com; rdd@cert.org; > > > kaduk@mit.edu Objet : [IANA #1181897] expert review for > > > draft-ietf-dots-signal-call-home > > > (service-names-port-numbers) > > > > > > Dear Authors, > > > > > > We have a response from the IESG-designated port expert: > > > > > > I do not see sufficient reason for a second port assignment to be > > made > > > for this single system. At best, they should just use two > > different > > > messages on the same port. > > > > > > This request should not be considered in isolation; it is coupled > > to > > > https://tools.ietf.org/html/draft-ietf-dots-server-discovery. > > > > > > One service, one port. > > > > > > === > > > > > > Best regards, > > > > > > Sabrina Tanamal > > > Senior IANA Services Specialist > > > > > > > _________________________________________________________________ > > > ________________________________________________________ > > > > > > Ce message et ses pieces jointes peuvent contenir des informations > > > confidentielles ou privilegiees et ne doivent donc pas etre > > diffuses, > > > exploites ou copies sans autorisation. Si vous avez recu ce > > message > > > par erreur, veuillez le signaler a l'expediteur et le detruire > > ainsi > > > que les pieces jointes. Les messages electroniques etant > > susceptibles > > > d'alteration, Orange decline toute responsabilite si ce message a > > ete > > > altere, deforme ou falsifie. Merci. > > > > > > This message and its attachments may contain confidential or > > > privileged information that may be protected by law; they should > > not > > > be distributed, used or copied without authorisation. > > > If you have received this email in error, please notify the sender > > and > > > delete this message and its attachments. > > > As emails may be altered, Orange is not liable for messages that > > have > > > been modified, changed or falsified. > > > Thank you. > > > > > > _______________________________________________ > > > Dots mailing list > > > Dots@ietf.org > > > https://www.ietf.org/mailman/listinfo/dots > > > _________________________________________________________________ > ________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce > message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this > message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > > _______________________________________________ > Dots mailing list > Dots@ietf.org > https://www.ietf.org/mailman/listinfo/dots
- [Dots] TR: [IANA #1181897] expert review for draf… mohamed.boucadair
- Re: [Dots] TR: [IANA #1181897] expert review for … Jon Shallow
- Re: [Dots] TR: [IANA #1181897] expert review for … mohamed.boucadair
- Re: [Dots] TR: [IANA #1181897] expert review for … Jon Shallow
- Re: [Dots] [IANA #1181897] expert review for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] [IANA #1181897] expert review for draf… mohamed.boucadair
- [Dots] [IANA #1181897] expert review for draft-ie… Sabrina Tanamal via RT
- Re: [Dots] [IANA #1181897] expert review for draf… mohamed.boucadair