IETF Logo Mail Archive

Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)

Benjamin Kaduk <kaduk@mit.edu> Fri, 18 January 2019 21:03 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB7CC1313E5; Fri, 18 Jan 2019 13:03:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.701
X-Spam-Level:
X-Spam-Status: No, score=-1.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v0dipNgZBrHg; Fri, 18 Jan 2019 13:03:07 -0800 (PST)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-eopbgr680092.outbound.protection.outlook.com [40.107.68.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A86C9130FB4; Fri, 18 Jan 2019 13:03:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c4fD/T7OFWT+zZhQRdXrNuHgx7revyplJWOcEEy3qG0=; b=S/7Gpj5ijOuG0ZRFor4zakUY8pk3xBhLzamqgaY7j149FSMSxZnx8yVqP8o0iAege2p5aQzFwjGexGig2nHDpBrPH9yxUogOi1P07typzcbKA0i/FTEUKhqim1Mw3AJmMkVx7YVkp7kG0gf8Xq64srX3gCRTOXpHr6zKy+EF+Fg=
Received: from BL0PR0102CA0030.prod.exchangelabs.com (2603:10b6:207:18::43) by SN2PR01MB2032.prod.exchangelabs.com (2603:10b6:804:9::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.26; Fri, 18 Jan 2019 21:03:04 +0000
Received: from BY2NAM03FT030.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e4a::206) by BL0PR0102CA0030.outlook.office365.com (2603:10b6:207:18::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1537.26 via Frontend Transport; Fri, 18 Jan 2019 21:03:03 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by BY2NAM03FT030.mail.protection.outlook.com (10.152.84.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Fri, 18 Jan 2019 21:03:02 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x0IL2wri031068 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Jan 2019 16:03:00 -0500
Date: Fri, 18 Jan 2019 15:02:58 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: mohamed.boucadair@orange.com
CC: "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Message-ID: <20190118210258.GO81907@kduck.mit.edu>
References: <787AE7BB302AE849A7480A190F8B93302EA08D24@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA08D24@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(39860400002)(136003)(2980300002)(53754006)(55784004)(189003)(199004)(51444003)(446003)(30864003)(11346002)(2906002)(33656002)(956004)(58126008)(6916009)(356004)(126002)(54906003)(5660300001)(336012)(8936002)(36906005)(476003)(229853002)(966005)(75432002)(186003)(426003)(7696005)(23756003)(316002)(246002)(104016004)(1076003)(486006)(76176011)(786003)(47776003)(8676002)(55016002)(305945005)(106002)(26005)(508600001)(6246003)(106466001)(4326008)(50466002)(2351001)(26826003)(6306002)(53416004)(14444005)(2870700001)(88552002)(86362001)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN2PR01MB2032; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-Microsoft-Exchange-Diagnostics: 1; BY2NAM03FT030; 1:HyrSWJc0K1UieOelUbgsIqp6eWg81TNJpYWX3SNQnTrOPtxH6RobJYhMmPcMd8Dh0PN60pbOg9UIuFnvxA4wlki+I0DuOZj8RJ9EeF5W0jDFeztdRd/rwSYO7CRZxO71
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ef7d4ce1-5067-4199-e133-08d67d88560c
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4608076)(4709027)(2017052603328)(7153060); SRVR:SN2PR01MB2032;
X-Microsoft-Exchange-Diagnostics: 1; SN2PR01MB2032; 3:Bdhjj8p3sdXXqzH42KUUn2IkHvCcxHIwEatpuKBFCw7CpAB2QwuwAuclgOWvV4UqYd4b0DpmUNswDDKWYYCKnB5ZEwFWFVSVqXTiKSwPjrXy3bibkp77u8tJAxGdoUs0EZ996btzAqAs1NOmeq7bUd0G2VCzPzIcXQmOC7+wXZ1iNhKGmirLej/YduafolCtatihM4z6dmRO5xA1D6HiHNxb0eUvjMHWQAI+cVnR3lDIzKEF/1uYfpkxLy59CCY4r3hPT/UbhmobKk04lGpsFopSturSdKL+bXvOGxIiFMBFtzvFmxJVN2uM/RMvztag1EGDK+uYt+epYyE2Y15FiJFzBsdgAQEvrT5v0qJU6IcmgFumOPwjIf1gIwMKRQv7; 25:RlWRs2AyJrTROJKybPErX5+YClRHbonw9CPbX6aqaD8yDU/94SaNmaD3Gy0Jq5b0zKeivlVXbf37vNt787g9ib44msCG4lQ5cOjPFq8womGHUCj9nGmghRiAr0m/m3+GKMFchjTFA6A61lwJB2id+8D7ecEmFmW16QZ9xeJpeuPmyrOC/dUYuBAzLhbYRkDwuNJYW5WAnTyH1rDw9NCAj1jfv6/0RuYlMYD2jfNWykFjV/o8rG//SaXEMObsTpRyeB2nvatXZ5KUBmA0QeVgvrRIVYSUdb0Vyl2NaGhzU/cuq/WyevcdNJ9SyhLy5q7GiVE7XE1cN8vAq0J/C48oBA==
X-MS-TrafficTypeDiagnostic: SN2PR01MB2032:
X-Microsoft-Exchange-Diagnostics: 1; SN2PR01MB2032; 31:6L5O2dc8q8MVexntA21zCLZsBTIo4tReeQZZIXW6+WpueBNpNum6/Om9zqqwsXFtmCQ6djevv44JjKmehveXabaMdqCrIRPxLgKyilixsmDNSl4P4tpVl9IVIqqweSSAo8a6urnRPdjM4QJISctRmXm5ilyT6bEMSqn+B8tHezYHu29+oFH2lMuGqFUudZhZsHDXqRgUO+HhKE1PJecYaEQy6iT52ZKM39K11Ikp1ko=; 20:Jnuus6szNIralwb0uG5Gb+nUk1uGT8jThr5MWMh+6oaLO+WSeRZjgOgVbayxwfdLBMVw0z8vpDmyY4qHNIcEyMkBwXUct0N2XJmORT6UhyYys4/MzXzaN0NYtFxaOlW2DyP+bs+RMA9nhHs3WrH45LjJlezhqQRRn13F/BS3gvHY6lhgnP5+tfFUEKutUyOGQxi01w/Ofj9dsRie8BrZ0z6BCvkwx4TYG/0eurNbyqQAOv87xR47CZxzkfaN5EtQ2qsNysgsA3eyyK1eqe8c5DAOeWfY1YmvETASsh3uNMgzvT4Dk6xfoKy7YhTO+6w4fATriweG3/zFk53nPobcIPRxn8osSE5CF5FUOdAizBOBJjJxs0aoeNG1mDlYJ+67A3XyEzbVw7Obna9LduCPF3x60uR6S9H6hWE8hNLv49E87DoML49t6hyBXIJT5IKlipU+I7CrrJrHlB1gfGiArNs7JcesJciNv6UC/z06tJJO72W3VRbMXslWEHcrjZ9kSA3P71kNKlGfy7DQd0ykdaoYoKlsnVrsuFVfBa39n4E+SeruBwzJ56vZE328CUMfJDsGpoj3l+nW/dbOsRMGKTnLGIupo4tPkj+uAcMvdaY=
X-Microsoft-Antispam-PRVS: <SN2PR01MB2032D511A51B870EBEB9EB5CA09C0@SN2PR01MB2032.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; SN2PR01MB2032; 4:DYrO3Mf2lBxMXuOvhsfW2ttn/TThxibvP9vVwYidr67Um+Veic0nkM/r0C29AHSwBy1VHhb8HWsjDgvHHVqMj+Nf0p4h9+HQ4ODn7TkWx9yom0xSQhfGyzR+8ivnlWV1WN5epJaUO6mF25+BSfX4E0by+16wx/bFQSxzPruq/ghxbvvNkbygpedm8Vc094lGqV3VrGk1KCeyDzP+/LBus/yWG0H10kDA5kLzLn9Kw6OBGPRpPAWS6H3fhJGcBvSaDliMS3r/X1pbRbMprxaz5cK6ujgzAyQ3p7KjtqqlpDZg6XVIRCIMBmUicvF17vSt
X-Forefront-PRVS: 0921D55E4F
X-Microsoft-Exchange-Diagnostics: 1; SN2PR01MB2032; 23:YVVM+aHg1HoNcZuutuhYBpQPwXvb3lt15XTZhONZyHR0kYz07GbkbYBoiMA1y63EOpcvggBTGsnxJuduNxghMZxIXJlZHVnGqKKsiTooQ3C8kbFkALyI21xkapbmOLfhJUqLbW7ZROEnrFaPxEQHPtAFE6TwQIVTB7aLTzP3wBFpeoh7BNJkVnHJtcICmvpws0Fpe46omfHgRqGYhPQLSazRhvqt4O0ogPgPTNaNbSsj00pAirk1wtvxjO4hmHhezYlPU1naOdCPSG3XUGyrb0Q8FuZjXbJ/oDUzQWfOwechgYcG2QwMd+aBHOKxrm4gjC12KudGcqL0ayKt39BkiV1AZPnEYPNoUdns9mXfwfYrjedLv8WlMxOra0O6uWjyB4MmdxiOCZprDXkWcXHVTBEWPJ9vn9ZfumKo1RR6Wp/DEyeDHePTD6YuoGONuNfDPy3uAI3h5iaYJr3Srtwv8sUXnkaKfL/psOCxTfGmmCvIDnzeh6TF/nzTdYAxSG8YQt0JAx8Gj0hw3Sj+JVDkFfPmNvD/dA93eFgMrSudhtKOSkhHdF6VYdAqAbFhBYvqKAt+tiQi9GvHXX/414xFyRUQ38LoeLdNY01l34W3GvObDrIGlHxPgtgHNR2JiDU4KvK87JNljq3USR3QcbDhR0RlPM34WJyyUQvJ2TvmrPFW+QTLuD1kkbtqnCOWQlI593QDJ3VMXSuPJz7vpYVmAx8/+Xa8Ss7dukLQuKirIV0FoIZhaLC4geXvQZom4f6jK0PWun4u8Kh+AduNWRVI/FDTQ46S0sB/CfEuW2eUWIWlK2r9bS0gdGNFDVd50uG01xp1xuseO7aABVqbZmSwnGJtCiUEaJ28z0j+fcehq6jrme2y3yiuQUDScWy63slW8u/NrtrUIJh3Y1ZNEaR8G82d6iEZofymJ2tL0qDItnOZS2natyjf1bLJHXQeO4MQtfkubXWEYs8N52OQodULL0HPzIHtLdv6+3VWUJNdv+tQZZG/dxCTY13V0yeFRGtEwiovj+yjxpsIp/Gurf7wxYnaZ5kPiwjkJ8pNPbTkk+hodAUbJBuwfeEjPxdpEfgri1LLZYcpyLsL2Gom7HJRzTyvtcyqtBB6SFWCLM928Cs4IjTrkPtp52i1f82loRRhGB4a6UmQm2d+1zvlJSN7q5KSxWCzPNyfi16v0OIhv0Zi6hVX3vxi8/Z8TAEXSzqNP3v9BHD6tEKmz9jrQ1t4KHDMFAGDaTOCBDvBJxK7M2mrSmG8tmccy5uOuzGIQgay5eCA2c5ESqDHGRw/1td1yVSlJE09RnBx7/Mtn2a7vZjBCS4MFmplKuYIg2nCE0rJ
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: OeCCaXIEZGW52Iqm5jcfJMFvjInmRx/pjr0fepmxWTN5JZFvKpQ8hiVPajevcPUBx50e0EOHYyir+b1MyMKgK/Cq0BCH5gEz/Eus2DWB5WvflVbGQ/CK4bvFK4x3vVn2SWLfB/Xadggbi+k/qPb7A0gYSh8jMsg/yN6xPjViFfbA6ew3caV6gx7TVwm0ecLTZQLvn0j7ZbdAjydANV656j/jn2cS6VSav2CpeHofGsu9PiB8N4Q8jNWFfYRY1jKBcBZ40k7xDGWDCsjEE/kZnJZoN6FHZyT6MIlzXBaMAMII0Ul0t6NxPaxjOGV1JS8eJghoYG3dt6H42JtDKINrOUf8Oh/oI0YjX8EyEh83A11r2+/FZ22etTLsJMVrFsEWKJ/uSNdlZ7oUZzo9VnDt4AXjn8tW8t3KuBhxdJNSykQ=
X-Microsoft-Exchange-Diagnostics: 1; SN2PR01MB2032; 6:6sM9jypqryUrizIPWs3MAo7i5tVOstWXFuk3HOob6JD7RN18BogKppO3kEMAuviS6VrUeXTOlVFresf+/H5ACdnuxpBh47sHv4e2AaZQmv540DEksCoxBZopvVotyDvpZxpg9e4u7gcmD/6bMzf8Mi1YlxeyLb0mzHCcWioWl6iHmz+7MtXMhl9XB/m95hWGzzYuUK4EZ58dqv+G+uOj6C0Xm/NAUtHRSkPPHp3Tgg6JhdvvFrA5gadXGKfzJIOKIMbu4uZIU9NRddpESF/VxkOTFnFBwZ5e0aH/d2+4aUL79MwV57+OVPnyfwIhKtT4v5yslGfYzntz1Ts4P3GomQhDqpyP1D2q7YqQPt5VyCgmQTCZQCn4cxY3/Bk7L5sUpTSqmYxpcISIqScSB2Cv33D09411VGkLfOR9po7UPdsWoi6vLCvVrHwEsw296uqYWXMVI/KyonuNDMtsJ7gy+A==; 5:H3MrBsLHWXINJYcueVaiBAGe6vnEJs3Z89Pc6pYU38q8i0KHODT9Y68nPlKokGa0HnzKjusaNDP20NgE70R0d4BUQL4iPfxT1YZ6qqtsKXbkDxUJzayMAH3wbOD+Nhp5dvhQziPEgkCE0Bf8iKzUYdIE3uaCTN141OwyXM8LcTAt9AP931urKIT8tucyNgJ7tv1MAOemx+KXjBZQP1FnHA==; 7:4XB/NnA+CLD0eoT3MsH1yzldni+1ecEmwDwbrsy7zkR39wagdxSrvPpQ6XN1Msc75s2WpIdsqdoSiVa5bHx4a344hrtB7Jiz15jPJybz9aJWNQ/7utu5E98Fi9ulV+yqTDGnEMFt44HAF4jsYkVPiQ==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jan 2019 21:03:02.2681 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ef7d4ce1-5067-4199-e133-08d67d88560c
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR01MB2032
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/O6bR4gcy4_a4m7-uJ52EWhZaQG0>
Subject: Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2019 21:03:10 -0000

Hi all,

Thanks for all the edits and the published -27.
Assuming I'm actually caught up on all the review/response threads, I think
we're pretty close to being able to go to IETF LC -- here's what I see as
still left:

- We need to settle the risk of needing normative downrefs called out for
  the last call
- I just noticed while reviewing the diff that we also need to say a
  little more about (D)TLS 1.3 0-RTT data (more below)
- It looks like we lost the guidance to the Experts and text about the
  review mailing list from the IANA Considerations, during the reshuffling
  around having IANA manage more things

Regarding the (D)TLS 1.3 0-RTT data, RFC 8446 notes that "Application
protocols MUST NOT use 0-RTT data without a profile that defines its use.
That profile needs to identify which messages or interactions are safe to
use with 0-RTT and how to handle the situation when the server rejects
0-RTT and falls back to 1-RTT."  So we either need to say which client
requests are 0-RTT safe (and why) or defer that profile to another
document.  draft-ietf-dnsop-session-signal is perhaps an example of a
document that specifies which messages are/aren't allowed in early data.
(draft-ietf-acme-acme is another, but an uninteresting one, since they make
every request include a single-use nonce, and all messages are 0-RTT safe.)
Our use of increasing 'mid' values may help here, in terms of allowing
DELETEs to be safe, but I'd have to think a little more to be sure that
requesting mitigation would be safe.  (On first glance the
session-managemnet bits would not be safe, but I may be missing something.)

Further notes inline.

On Thu, Jan 17, 2019 at 06:51:04AM +0000, mohamed.boucadair@orange.com wrote:
> Hi Ben,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Benjamin Kaduk [mailto:kaduk@mit.edu]
> > Envoyé : mercredi 16 janvier 2019 01:14
> > À : draft-ietf-dots-signal-channel@ietf.org
> > Cc : dots@ietf.org
> > Objet : AD review of draft-ietf-dots-signal-channel-25
> > 
> > Section 7.2
> > 
> > The TLS 1.3 handshake with 0-RTT diagram needs to be
> > revisited/refreshed, as RFC 8446 does not look like that.  Additionally,
> > the usage of PSK as well as a certificate is not defined until
> > draft-housley-tls-tls13-cert-with-extern-psk is published.
> > I also note that in the diagram as presented, the client is not yet
> > known to be authenticated when the server sends its initial (0.5-RTT)
> > DOTS signal message.
> > 
> 
> [Med] Noted. Thanks.
> 
> > Section 7.3
> > 
> > This whole section seems to only be relevant for UDP usage, so probably
> > the "If UDP is used" clause can be dropped and an introductory statement
> > added earlier on.
> 
> [Med] Will consider that. 
> 
> > 
> >                               Path MTU MUST be greater than or equal to
> >    [CoAP message size + DTLS overhead of 13 octets + authentication
> >    overhead of the negotiated DTLS cipher suite + block padding]
> >    (Section 4.1.1.1 of [RFC6347]).  If the request size exceeds the path
> >    MTU then the DOTS client MUST split the DOTS signal into separate
> >    messages, for example the list of addresses in the 'target-prefix'
> >    parameter could be split into multiple lists and each list conveyed
> >    in a new PUT request.
> > 
> > (DTLS 1.3 will have a short header for some packets, that is less than
> > 13 octets.)
> 
> [Med] The text is more about 1.2. We can add a 1.3 note if you think it is useful for the discussion. 
> 
> > 
> > Section 8
> > 
> > We've got some requirements in here about limiting behavior of
> > clients/servers when talking to gateways; is knowing about the presence
> > of a gateway something that's required to happen out of band or is there
> > an in-band way to identify that the peer is a gateway?
> 
> [Med] An agent does not necessary know that it peer is gateway. A gateway is seen as a server for the client, and a client for a server. 
> 
> > 
> >    messages from an authorized DOTS gateway, thereby creating a two-link
> >    chain of transitive authentication between the DOTS client and the
> >    DOTS server.
> > 
> > This seems to ignore the possibility of setups that include both
> > client-domain and server-domain gateways.
> 
> [Med] I updated the text to mention this is only an example. 
> 
> > 
> >                  DOTS client certificate validation MUST be performed as
> >    per [RFC5280] and the DOTS client certificate MUST conform to the
> >    [RFC5280] certificate profile.  [...]
> > 
> > This seems to duplicate a requirement already stated in Section 7.1;
> > it's probably best to only have normative language in one location, even
> > if we need to mention the topic in multiple locations.
> > Similarly for the mutual authentication requirement, which we duplicate
> > in the second and fourth paragraphs of this section.
> 
> [Med] Good point. Fixed. 
> 
> > 
> > If we don't want to use example.com vs. example.net as sample domains,
> > we can also use whateverwewant.example, per RFC 6761.
> 
> [Med] Will maintain the ones already in the draft. Thanks. 
> 
> > 
> > Section 9
> > 
> > We should mention the media-type allocation in the top-level section.
> 
> [Med] Will fix that.  
> 
> > 
> > "mappings to CBOR" feels confusing to me, since it leaves empty what we
> > are mapping from.  Perhaps just talking about a registry of "CBOR map
> > keys" would be better, both here and in the Section 9.3 intro.
> > 
> 
> [Med] Unless there is an objection, I can use "CBOR Map Keys".
> 
> > Section 9.3
> > 
> > I suggest being very explicit about whether new requests for
> > registration should be directed to the mailing list or to IANA, as we've
> > had some confusion about this elsewhere.
> > 
> > The criteria used by the experts also just lists things they should
> > consider, but does not provide full clarity on which answer to the
> > question is more likely to be approved.  (And yes, I know that this text
> > is largely copied from already published RFCs, but we can still do
> > better.)
> 
> [Med] Will check this. 
> 
> > 
> > Section 9.3.1
> > 
> > If we want the value 0 to be reserved we need to say so.
> 
> [Med] 0 is not part of the allocation range. 
> 
> > Do we want to say anything about the usage of negative integers as map
> > keys?
> > 
> > I suggest not mentioning the postal address, given the recent (e.g.)
> > GDPR requirements.
> 
> [Med] Good point. Done. 
> 
> > 
> > Section 9.3.2
> > 
> > It may be worth mentioning Table 4 here as well.
> 
> [Med] OK. 
> 
> > 
> > Section 9.5.1
> > 
> > We need to specify which range of values we are asking for an allocation
> > from.
> 
> [Med] Added a mention to 0-255 range. 
> 
> > 
> > Section 9.6.1
> > 
> > As above, specify what range we're asking about.
> 
> [Med] OK.
> 
> > 
> > I expect the current text to get some IESG (or directorate) feedback
> > that the Data Item and Semantics descriptions are repetitive and banal.
> > 
> > Section 9.7
> > 
> > IIUC, IANA is going to ask if we want this module to be "maintained by
> > IANA", so it would be good to have an answer ready even if we don't put
> > it in the document text.
> 
> [Med] This is discussed in -26.
> 
> > 
> >    Rate-limiting DOTS requests, including those with new 'cuid' values,
> >    from the same DOTS client defends against DoS attacks that would
> > 
> > With respect to "new" 'cuid' values, is the server required to remember
> > which ones it has seen in perpetuity, or can it time them out
> > eventually?
> 
> [Med] The attack vector is a DOTS client which changes frequently its cuid. The DOTS server can set an interval in which the same client cannot present a new cuid.
> 
> > 
> > Section 10
> > 
> > The security considerations seem to be taking a narrow focus on the
> > requirements for and consequences of specific bits on the wire in the
> > signal channel protocol.  I think it's appropriate to also include some
> > high-level thoughts about the functional behavior of the protocol,
> > allowing to signal that an attack is underway and trigger mitigation,
> > increasing the availability of services, etc., and the risks that are
> > posed by the protocol failing to work properly, whether that means
> > letting attack traffic through or improperly blocking legitimate
> > traffic.
> 
> [Med] Would a pointer to the architecture/requirements I-Ds be sufficient to cover to high-level aspects?

Those documents' security considerations do seem to cover the relevant
points, yes.

> > 
> > Section 13.1
> > 
> > I think the IANA registries should be listed as Informational and not
> > Normative references.
> > 
> 
> [Med] Done. 
> 
> > Section 13.2
> > 
> > Pending resolution of the question about using draft-ietf-core-yang-cbor
> > rules or RFC7951+RFC7049, the draft-ietf-core-yang-cbor reference may
> > need to be Normative.
> 
> [Med] Please refer to my answer to that question. draft-ietf-core-yang-cbor is informative. 
> 
> > 
> > Given that "URI" is a well-known abbreviation, we may be able to get
> > away with not citing RFC 3986.  On the other hand, it's not causing any
> > harm to leave it in...
> 
> [Med] Will leave it. 
> 
> > 
> > RFC 4632 needs to be Normative, since we need to know CIDR to
> > encode/decode target-prefixes.
> 
> [Med] Works for me. 
> 
> > 
> > Similarly, I think that RFCs 6234
> 
> [Med] This one is not listed as normative because other hash algos may be used. 

It's a lower-case "recommended", which can probably eke by as descriptive
and not a "protocol feature" (see below).

> , 7413
> [Med] The support if TFO is not mandatory.  

It's a SHOULD ("SHOULD implement all of the following items"), though...

> , 7589
> [Med] This is a MAY in the spec. It is just fine to leave it as informative. 

...per
https://www.ietf.org/blog/iesg-statement-normative-and-informative-references/
note 1, "Even references that are relevant only for optional features must
be classified as normative if they meet the above conditions for normative
references."

This does seem to be something we actually need to care about before IETF
LC, though, as 7413 is Experimental and not listed in the downref registry
(https://datatracker.ietf.org/doc/downref/), so if we leave it as
Informational and have to change it later, we'd need to also restart/re-run
the IETF LC.

> , 7918
> [Med] Idem as TFO. 

This is Informational (i.e., also susceptible to the downref issue).

> , 7924
> [Med] Idem as TFO.  

(idem x2), though this is standards-track at least, so we have more leeway
to move things around later.



I think the most expedient thing to do here would just be to relax the
requirement for TLS Falst STart, TFO, and Cached Information, perhaps to
text like "The following items are additional mechanisms that can reduce
the delay required to deliver a DOTS signal channel message, which
implementations are encouraged to implement as possible.", but I am open to
other suggestions for what to do.


> , and 7951
> [Med] this one was not listed as normative because the document lists two ways to do the mapping.  

Agreed.

-Ben

> > should also be Normative.
> > 
> > 
> > -Ben
>

v2.23.0 | Report a Bug | By Email