[Dots] Comments on draft-ietf-dots-architecture-02

"Russ White" <7riw77@gmail.com> Tue, 30 May 2017 01:14 UTC

Return-Path: <7riw77@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB36E1294A6 for <dots@ietfa.amsl.com>; Mon, 29 May 2017 18:14:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.551
X-Spam-Level:
X-Spam-Status: No, score=-0.551 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lUPKtPhIowby for <dots@ietfa.amsl.com>; Mon, 29 May 2017 18:14:11 -0700 (PDT)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F24812717E for <dots@ietf.org>; Mon, 29 May 2017 18:14:11 -0700 (PDT)
Received: by mail-wm0-x232.google.com with SMTP id e127so78975568wmg.1 for <dots@ietf.org>; Mon, 29 May 2017 18:14:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=+ZlxC/89RJ7v+WlD7OB+HSzpzm8KpfMwQms08ucOnt4=; b=Bc8vnuyPv9EXkup3llnezOtf9tAKRCtS5EoJsL6kF0RF6+68BFmD7hU8C+h17MWif1 wxpR0HibKvLcdKcn9VLsg+jWZIVXsMJ2Ayc7Q8fr8GJsV6ixvtZfVyqmkpfCDRNEoj/Q dOZ3dtnt08RO8mKOVMnrhk9oFICKSgbIThcRW5vJEDEtJ50iRdT+mXPKV5WHn3UhstSg pl5b8srKSzu7RE2Y2Cz6yq2Ym1W15pa5IuEWbPl1ia+rDWfPyfsensu0koXCSYJUZk/C 5I9nvmArJ6sx503OYaMXYnYyUXy3Bb2CJhnkFUfqC/elnrhpWYaY2In7zS5Vy/zbVSIQ 7waA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=+ZlxC/89RJ7v+WlD7OB+HSzpzm8KpfMwQms08ucOnt4=; b=Z0b0xJEW+g92GGDyWLhDupSwgYBMssSCMB1gqN08OOuDwJ7GrblfO4aufl4Xh+xis0 IFwMhTThbr/EuBNy6I2Et7wz+sYwuw9+8AnmDrRL9B6tNoCwAvcA6FaXuN+3xwJY/bzr JL6uwHwG0EyW7DMKCgRRcpNMQiLtquzS3MixnWkw8ON8nt4yvt+Z7tIDhBOM/FJgHCmN aYCO+mH1tgpb0xJ7lFsawal4XxtSdLdWVpngJ6PeXl9Xbz414rF3ZWdfIitqwfyvFISQ 1qnJuJu0nSOq/QzSnGAugPL58DlIt0vtXEXBAoVpi+5u0pGzco1pCpHxOoHh+isUYZX4 zkDg==
X-Gm-Message-State: AODbwcCuJZ5wSbGTQ7s47vGFIXjveonHwXPLLybzFeiPQso3m1kEFqqP TpCpKFg6eiFRLHmT
X-Received: by 10.80.164.17 with SMTP id u17mr14681454edb.49.1496106849740; Mon, 29 May 2017 18:14:09 -0700 (PDT)
Received: from RussOld (108-78-210-25.lightspeed.chrlnc.sbcglobal.net. [108.78.210.25]) by smtp.gmail.com with ESMTPSA id n55sm4046858edd.65.2017.05.29.18.14.08 for <dots@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 May 2017 18:14:08 -0700 (PDT)
From: Russ White <7riw77@gmail.com>
To: dots@ietf.org
Date: Mon, 29 May 2017 21:14:06 -0400
Message-ID: <02d401d2d8e2$09ba79b0$1d2f6d10$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdLY4dxwbex4R/ozR6CocO/23jStYA==
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/O6ue8rDwlrBNRGvnhTxdSXMPyrI>
Subject: [Dots] Comments on draft-ietf-dots-architecture-02
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 May 2017 01:14:13 -0000

Y'all -- much less in the way of comments on this one -- but still one grammar comment, and a couple of points of discussion.

😊 /r

==
I would again question the focus on UDP, essentially disallowing QUIC. Allowing multiple transports might be useful.

==
First of all, a DOTS agent belongs to an domain, and that domain has an identity which can be authenticated and authorized. 

Probably would be better as something like --

First, a DOTS agent belongs to a domain; and the domain to which the DOTS server belongs has an identity which can...

==
[[EDITOR’S NOTE: we request working group feedback and discussion of operational considerations relating to coordinating multiple provider responses to a mitigation request.]]

One problem worth mentioning here would be one "customer" sending different redirects to multiple "providers" that result in a permanent routing loop. There does not seem to be any way to solve this within the DOTS framework that I can see, but it might be worth pointing out that this is a potential problem.

Another problem here is that of prioritizing various requests; there might want to be some mention here of how this is an issue that is not resolved in the protocol specification, but is rather expected to be solved in implementations. There may want to be a draft on this topic later on to discuss various strategies, and experience with them in actual deployments, but for this draft it just seems worth mentioning and leaving it at that.