Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (4th Part)
Benjamin Kaduk <kaduk@mit.edu> Fri, 18 January 2019 20:01 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E3C2131395; Fri, 18 Jan 2019 12:01:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kB9G2nxac-Kz; Fri, 18 Jan 2019 12:01:03 -0800 (PST)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0710.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe49::710]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78056131401; Fri, 18 Jan 2019 12:00:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FM9yzE1NWxOADYUckPpYrDKaUu44dbP796jUB7f7k0w=; b=h/6u8OG0AfUtqcEyumlYxR9D3xq41BTFItRIibvW2s0SjQTpMn5ZIGjxWumaM02kpc985Sp6IgY7p5Hlkc09a8QQia5bMw5Q1VFROW9sOvBvd2Ds2hLlNgBT62a6pnYRhNVAgg5q7lhH4UKVVns0i//MupAfSTjkZUPkNox+HfY=
Received: from CY4PR01CA0012.prod.exchangelabs.com (2603:10b6:903:1f::22) by DM5PR01MB2442.prod.exchangelabs.com (2603:10b6:3:3b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.26; Fri, 18 Jan 2019 20:00:56 +0000
Received: from DM3NAM03FT009.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::207) by CY4PR01CA0012.outlook.office365.com (2603:10b6:903:1f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1537.24 via Frontend Transport; Fri, 18 Jan 2019 20:00:56 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT009.mail.protection.outlook.com (10.152.82.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Fri, 18 Jan 2019 20:00:56 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x0IK0rjb010522 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Jan 2019 15:00:55 -0500
Date: Fri, 18 Jan 2019 14:00:53 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: mohamed.boucadair@orange.com
CC: "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Message-ID: <20190118200052.GN81907@kduck.mit.edu>
References: <787AE7BB302AE849A7480A190F8B93302EA0846A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA0846A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(136003)(396003)(346002)(39860400002)(376002)(2980300002)(189003)(199004)(55784004)(4326008)(53416004)(14444005)(30864003)(8676002)(2351001)(2906002)(186003)(229853002)(26826003)(6246003)(106466001)(246002)(8936002)(5660300001)(1076003)(75432002)(23756003)(305945005)(36906005)(104016004)(486006)(47776003)(426003)(336012)(76176011)(476003)(446003)(956004)(126002)(54906003)(2870700001)(88552002)(106002)(58126008)(356004)(86362001)(786003)(33656002)(316002)(478600001)(6916009)(55016002)(50466002)(26005)(561944003)(7696005)(11346002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR01MB2442; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM03FT009; 1:ryknSULR742TWxfuZSBDZyI9eOlvgeIVIE8qRngUVMpP8+0+VYuDliXv7UrHFouAaCnA/s9E4ianOld9V5VhOsFE76A398WA+/bYngJIhHKPRbSJWkmwDBm/dxWTDY2T
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7cb3f5f6-e20a-41f9-2a0f-08d67d7fa8e4
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4608076)(4709027)(2017052603328)(7153060); SRVR:DM5PR01MB2442;
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2442; 3:0YvGSoz6nQUOlqVC6Jmev5JJF1GcfHSvFPlxPZw5adhMniQMPy88fUdDqDVJjo+XAZFZ4UYHYMWkT0lmQ/+gw0fjvfwctykBqj9HOQN6mYxX8DvCzNpuYfH+bImxNrz/OGZG87c9YdoDwl30i9Tqrckyir+SeZg/VINpfbUel/+KseBWnbGrcL7ZH2g3KNw90ap9nzsWfONs1gTWqqIhK1H+Wndw3lZlny3xfcLuUUyERn7FW8wWEgtcFn0U5hirhpL/laRCdPCjHkLO7wM3+RaDWoxKY8Br1vw3+Yz7aIx5XOMirUyBCv4Ubin/1I+5aLLOwREndoDEQ12bticvLkbTYDRgRoIs7FdYpKWhJfh0NX/uwdWAeL4aKgElrNg2; 25:rr/F55KmN2u+nVv1S7b37uSF4RxXs9cYiQBsce7BEF/XZB3yyKNDGWO5vuQDlHrCqOLcOAPnpB080zrnsM/6OmyCGJcaypitEP5eGYgfqP3mlwOPqAdaq6q44zcvt/KKfpD2B916Cm+NSH2rpivGKtMq9utEUElk9ml4piGCVZOA11kKv/FMY2Bp2iwCLAiiNjFs02TuJbkKoIPOW4MNoPUip4ASMbm6GDYPE9RgBGQdjsKPR180J0rgp7z6/aoOYdDES0YNVI11HBpn7RLQ+r1JbLWyHmjbgzEE5XaxcU2JFE1ojef/5M93zGm+bEu0xeWl6HnQAvqhBha2MtMl0Q==
X-MS-TrafficTypeDiagnostic: DM5PR01MB2442:
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2442; 31:f+xNUrgZ/f6haXBFX+NbsUy/ecJqHcpZuHlUEUnoCliQxOqhIsvWVhT1iNOIDdNv66ePRZDFrM3Lw0qzUWI2pzzE1026P4qysUrET9VFydYI5W/pr2qZ9JL/DTvGOIYLz2Vg0HNaEY9hzYHj9xX8eOrSsBWe3aIqkRGlPqJZ2C7nx99viQAdKttwEK/ceZSBYfXMuginbaAY/3tU+oflwWX0uLclVUiNdkDmTQrmGLg=; 20:xI53k1vfl9yH7JAMs7XAGUrQ4Wl0QONsoQlaJq5CsoDpRb/O+qP4589ej9umHmd29g89Duxv9HK6kJ7RaCROu0N7+2ZxrPBF42NK57Gh5U97OXqIM8oV8PBp1APjZheXCkq9UV8e6zQUZ2aLLKPKJupCfopCg3HVYB1KPUH7l4qWggWM90z2XMQkuf3ZwN7rrscVUt2FLuMdwSZop8z79QFitr8zhwTno0yGgtsUb5jkYt7EYs9QW31bH6OY9TmRVkeOsOI+RjPbi1aXGxKnIwZF7fGYuKzwL0+sxw11XFWcDVPJpsBRmANw/DSo/C0AubP0Q+3jyeuG5YiTi4GluDOX9vRHTtkkSL5/GbusejuVISasZPB+B5IBEXLbuNZv2cgZIHI/mG3hup7EBr3VhJR594yIsETXkRHWswFq1ssTng0vH1uuVRM4O8IDFKvMtkI3eax/f+HGRRWhyuohpUWjCF6PQDRrm4qHx+fkXJ4pA4a40E4Sj1l2ClL44qel2VsvPPh1nl0KjumhUpsS9exfhVRj+HMn5MlUUpAHDajvUmTlD2CtN1EK3/JrJao3j6HjN904G2GdjeoI9/kE5uGKEZxxljk9OO7US04jrfQ=
X-Microsoft-Antispam-PRVS: <DM5PR01MB2442C1D798C88C295C0FF700A09C0@DM5PR01MB2442.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2442; 4:yqzv4gfuI4jFgr+eSSPdpGF7P1WMYmnQH37adz1GS9Fwc97GvCjMWOznyZ+LEaTEtqYYub68FQEr8d6INcQXW3KbsMcbd0uCt19csJQ75/am6yB8VR3ceIp6SewN3hs2qH+L1csyuFQiHaL/k/O74BgBX2CNDigIw8i940Q16LwxFSYDTc00urACLX1qCmBqaKSkaqmU62otC/NfTMi+g3jjg+7rPeojhXC5Qf+uinec8biYZ0upYHAfqXHPCvgL+YgkSG47H7giWes/DDh5URePUwNI6mSChXCkOSFFz7lQ82mSOufk27CsJ4KMadgP
X-Forefront-PRVS: 0921D55E4F
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2442; 23:g6S7QrLi4FqkyrJdiULO19mRw7iOPhmB3nl032Qanrknd629lnmPdWYr1FPhIF0Su82imwGNxp1N5GvcSYsmLKIQpJPKzd7Yb5j3clhCfEjFtmqjoYwwyAd5f0LiqcCe0TnnnrfzJ7ZbjbXl5hAtb82SDmZSyl/z3qqq2GT94880sRlCM/Y63pn3wyIRl7znCCTNz1Yq9UxWgjj4js7ng89J0FbqgWd+e57o4U8UZkt5/alhi18Dd5y0Ia/rD5/wf2iQNkYM1wL4K7DG9X/t8ACiaXvPFNa3G8RRo51YtYjHJpW1nssNQFPXf8+bp0B9z4HaZVuSmH3ezrFNPT0fMJaoaNRnpLo4yS3PSGMDL1SLi8gaKldI+p5mCmnH5/cq/sPsKy92c1e+okxogACnoDoSeaKD64ONQOSRSINdAqpgscy6T8V8h4h8HaaienJt4CzQjuN9ABxKOpDKRiCKfSxa5DcJCibo23J3Wy/uUCkwsGCkXYjgo/RD4hgun6TCAbvdq1YcZv6LBRYgMEgXTptBoM7xZ9Q0FvOTo3Q9qZMbQfaKiktn0XMPxEIgoq9Tw6avxJ2R2nEnEbacR9Bh5hrNjl9s7f20C7Hh9KAJJbHSQAGkXMcZa2yKWG4BobOoOJnumboRXxvpnS19dcwT/09XH4Na762MvwHO8c5+gbE2aRj3jxmm1ScaR9k2lFSJw4hmMQ+lV0LPHESLZQi9EPieItfSn7PRTgjQId8jnm76EdEnInFfm9WIo5DjgeFf8cpO/O19YIoVwua9VcewPdOfZnatj6XSUcSq53JT6bCyintF7VvY8Lkf2Ps7S6f1qvhtrypPsDPf5HC/p1X9jHQ7jPMlKeaiOe57kJrsZuqCOjENNWfLnibirmOF7iDJbkBYjeaGxlq15u5vw60yY/RpgLCxd8Uwt5m/tY3tQcsykpTnS4qEBL7+wAHWgdQlDPaBghq3s24/IkS9ByjP/Lzizin1qmiaWjxHI8JiKRG+6oFZfQhbNImjvK1oQ+k36gR8cSaCMwsvUxSIAnZmD0eEdeig3qWpTfBY3IOzBYb6fbT1cYfOMjfCq+NgIexuZNPhPysGE7XGyTQU9tfsVvTR2RiUZCPL5jV4iewalDdbMDlNTDaZUihwKgjKofD7peIvFGSuH4qth7Xui9oaWC8Hy0YLTJbuKmHXvJ/Lyek9wYYC/bVtm/KkGQX+bAVlbm38Au9HUYjUnvE4jnuCfW1G/ZUnkr6JlQ1Vahqljnp60UrlnXgi1w5wur9Y89GF
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: UrmImV8NhlmWeeYaUCt/aWtMqWTQNv81+0aru3f+KJquEM+g9ZXET/ZkAfTgDTtItp9WEY5jhCow58uX8cBHJf3Z6L7/sL721rZe1Er1mL0rKmXfSN22ad9rZWyr6xiqS14jKRyKOJHDG4MW4c/sgkjvt0p8LgfJh7Cuk1d15yp6Poz3ksHi3WjAQcBtHSxhGOMaiv/+qvJs+BhWUVWNxgyVZs0vVWR0/EhTkY40z85Lr7uyFy0qYfpuLQ64smz2tNc3IWSfREFCTeJ0Tod5HIRKho3sYCHV/BZC7r/AD4dkSF0d5wz/GVkVib3GUHhQdA2XxjEPgvX9lEMuA+lYkCi09p0gZAnDiS1M1vPfu7R+1dozwm0sPCQ0gwjRhvCwncmdPXSfZCjUnsBnAoebH7BU1ED0n5VCpssh3b/nHhU=
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2442; 6:pQ2psDx8BphiLmKS1yRbqw4fW1RbeyKpvf0f7jc0ZVb305JIqIENs3FTH4t+UF5kYReme1lPCdKfRxFqEFVxIO8u8EvJZP5LKM3k1UIr0Z0VGCmCt2zYU+SL7EjVzAl8pW+7EOmz7EMoMolhelP8XYIMW/xRj11tHHEB6afG917mI3w9yU4rLMqQNr5mKgIXMvsnzZ4uwOHtxsVbkZ8dqB/q9JbD2ie8roTyi66qav8CVzd0l/18cdCW6Fzzfh3m8gW5kyArrJPFnbktIi5O/web4hh19HHhywKza/CKQkRCr08TilXBMidNdfBsQ7Z5c4aawEm+e20ID8MvRRvM/SbEcBP3RQc/vbRcwQOVl1hdGMcxcHTIKHhyR4YPbKQTXrz1E2ShKsP6RMIzT81ATvp2igkxmo2C7aJQj5vgIdsPH5QWSuqYxEdp51RcLXZZRwG7EwhvJsQ+rUYy8+F5+w==; 5:sJ/+Bye4VnlyTjEdLfBwIVksx+AfJHXw7lEu71S4Hm+PHYWfEoOCwNDhT/owHX66j4Mh2iUIfR7wtRsyN6afavrI6iUvn+G0AXCBppMLcM5EaEdf1kuyCdMwpeAJ78ktsdve7vu528fC/9RDzeUjuWPgIaugxq9P504vjGEItoj5ry+hLdg62YEjaQm9PCgCE1SQqDQP9S3Gw7/kSIjECw==; 7:MHaRtwEKgC+CkT5rVgG0TqjjusM5Zi66N9a6RDPSNnKEmIiLqLqzC5723hSk3MkwhHtkdWp4Rh9yDeDZ5lB89wI28XnFLcPf2Hilhz+BH256Njt2pRlTFDnuhAEYI9RLHSSMgPXb9TgMFnU0ujKWsA==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jan 2019 20:00:56.4847 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7cb3f5f6-e20a-41f9-2a0f-08d67d7fa8e4
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR01MB2442
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/QG5VOsUZe6icBsjeJsq73W7Rfa8>
Subject: Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (4th Part)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2019 20:01:13 -0000
On Wed, Jan 16, 2019 at 03:29:45PM +0000, mohamed.boucadair@orange.com wrote: > Re-, > > Please see inline. > > Cheers, > Med > > > -----Message d'origine----- > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] > > Envoyé : mercredi 16 janvier 2019 01:14 > > À : draft-ietf-dots-signal-channel@ietf.org > > Cc : dots@ietf.org > > Objet : AD review of draft-ietf-dots-signal-channel-25 > > > > > > Section 4.4.3 > > > > I'm not questioning the decision, but I am a bit curious how we ended up > > with a boolean "attack-status" parameter and no quantitative > > measurements. > > > > [Med] This is not a Boolean. The attack-status reflects the status as observed by the client. Actually, we restricted the information to the minimum information that can be reported by the client without leaking privacy/local information that may be subject to local policies at the client domain. > > > The DOTS server indicates the result of processing a PUT request > > using CoAP response codes. The response code 2.04 (Changed) is > > returned if the DOTS server has accepted the mitigation efficacy > > update. The error response code 5.03 (Service Unavailable) is > > returned if the DOTS server has erred or is incapable of performing > > the mitigation. > > > > What (if anythin) should the client do in response? Should the client > > assume the server is dead and move to a different one? > > [Med] 5.03 uses Max-Age option to indicate when to retry. This is discussed in RFC7252. I can update the text if you think this is helpful to remind this. > > > > > Section 4.4.4 > > > > terminating period SHOULD be set by default to 120 seconds. If the > > client requests mitigation again before the initial active-but- > > terminating period elapses, the DOTS server MAY exponentially > > increase the active-but-terminating period up to a maximum of 300 > > seconds (5 minutes). > > > > Is the base of the exponent supposed to be 2 (i.e., a doubling of the > > delay)? This should probably be made explicit. > > [Med] Done. Thanks. > > Also, is the input to > > the doubling the previous total delay, or the amount of delay remaining > > when the repeated request arrives? > > [Med] The server sets active-but-terminating, then if it receives a request before that timer expires, it doubles the active-but-terminating and so on. The server repeats this process at most for 5 minutes. > > > > > If a mitigation is triggered due to a signal channel loss, the DOTS > > server relies upon normal triggers to stop that mitigation > > (typically, receipt of a valid DELETE request, expiry of the > > mitigation lifetime, or observation of traffic to the attack target). > > > > I think "observation of traffic" probably needs more explanation -- as > > written, it sounds like any packet arriving would be sufficient, which > > is probably not the intended behavior... > > [Med] We meant "inspecting the traffic", but avoided to use the word because this term is not well perceived. > > I can update the text If you are OK with "inspecting". I would be, but Tiru's note about "scrubbing" is better. > > > > Section 4.5.1 > > > > Does the "max-retransmit" value exclude the initial transmission? > > [Med] Yes. > > > > > I'm not sure whether there are any particularly interesting security > > considerations to mention about what happens when ack-random-factor is > > insufficiently random; it seems like things would only get really bad if > > the value was constant across peers. > > > > [Med] A brief discussion on this change's impact can be found in Section 4.8.1 of RFC7252. > > > Section 4.5.2 > > > > A DOTS client MUST NOT > > transmit a "CoAP Ping" while waiting for the previous "CoAP Ping" > > response from the same DOTS server. > > > > Is this intended to block retransmissions of the same CoAP Ping? > > [Med] This is intended to block retransmission before the retransmission timeout expires. > > > > > > sid: Session Identifier is an identifier for the DOTS signal channel > > session configuration data represented as an integer. This > > identifier MUST be generated by DOTS clients. 'sid' values MUST > > increase monotonically. > > > > What event triggers the increase? > > [Med] Send a PUT request for configuration purpose. > > > > > Section 4.5.3 > > > > When a DDoS attack is active, > > refresh requests MUST NOT be sent by DOTS clients and the DOTS server > > MUST NOT terminate the (D)TLS session after the expiry of the value > > returned in Max-Age Option. > > > > It seems like there's a bit of a race condition with attacks and refresh > > requests coming in in parallel. > > > > [Med] Is there any change that you see to the text? I don't think so -- it's only an issue if the server decides to enforce the "refresh requests MUST NOT be sent", but we don't say anything to indicate that it should do such enforcement. > > Section 4.6 > > > > The DOTS server can return the error response code 5.03 in response > > to a request from the DOTS client or convey the error response code > > 5.03 in a unidirectional notification response from the DOTS server. > > > > Just to check my understanding, this unidirectional notification would > > only happen if there was a previous Observe to establish the channel? > > [Med] Yes. > > > > > The "alt-server-record" description here is pretty vague on the string > > formatting used, v4 vs. v6, etc.; > > [Med] "IP addresses" is used on purpose to refer to both IPv4 and IPv6 addresses. > > I guess that the actual "type > > inet:ip-address" in the YANG module is probably specific enough, though. > > > > [Med] Yes, indeed. > > > > Section 4.7 > > > > The first two paragraphs seem to have high overlap and would probably > > benefit from at least being joined together if not also trimmed down a > > bit. > > [Med] Joined together in the my local copy with the 2nd para which starts now with "Concretely, ". > > > > > In case of a massive DDoS attack that saturates the incoming link(s) > > to the DOTS client, all traffic from the DOTS server to the DOTS > > client will likely be dropped, although the DOTS server receives > > heartbeat requests in addition to DOTS messages sent by the DOTS > > client. In this scenario, the DOTS agents MUST behave differently to > > handle message transmission and DOTS session liveliness during link > > saturation: > > > > Do we need to say how the agents independently detect the > > link-saturation situation? > > > > [Med] When the agents are aware that an attack is ongoing, they will infer links are likely to be saturated. Okay. > > Section 5.1 > > > > It looks like the tree diagram and the module differ about the > > "mandatory false" nature of some nodes, e.g., upper-port. Perhaps the > > tree diagram should be regenerated? > > > > [Med] Will double check. > > > Section 5.2 > > > > I mostly expect some heartburn from various folks about overriding > > protocol number 0's interpretation as the IPv6 hop-by-hop option to mean > > "all protocols", though it will probably be fine in practice. I am > > including a suggested rewording in my editorial changes that may help > > alleviate concerns. > > [Med] Good catch. We can fix this by updating the text to: > > "If 'target-protocol' is not specified, then the request applies to any protocol." > > Will also check your proposal. Thanks. > > > > > Section 6 > > > > I have several thoughts about the CBOR encoding, some of which I > > mentioned in some previous emails. (I also don't have much experience > > with CBOR encoding, so I probably have some things wrong, too...) > > > > It seems that CBOR major type 0 also encodes some width information for > > integers. Do we want to require that the CBOR encoding always uses the > > width that matches the types in the YANG module, or do we permit a > > smaller encoding when the value in question fits? (Presumably the > > answer falls out naturally if we expect people to use off-the-shelf CBOR > > libraries...) > > > > We say that the initial set of key values is comprehension-required; > > does that mean that any other future extensions are necessarily > > comprehension-optional, and there can be no additional > > comprehension-required keys? > > [Med] Future extensions can be either comprehension-required or comprehension-optional. This will depend on each use case. > > > > > It's probably appropriate to make a statement in the initial text here > > about the port number and/or media type indicating that this is the > > syntax used for the top-level object. > > > > I already mentioned that the encoding of the integer form of the key > > values takes a different number of bytes depending on the integer value, > > so I think those keys are rearranged in the -26 (I reviewed the -25). > > [Med] I guess Tiru has already addressed that comment. > > > > > Section 7.1 > > > > A key challenge to deploying DOTS is the provisioning of DOTS > > clients, including the distribution of keying material to DOTS > > clients to enable the required mutual authentication of DOTS agents. > > EST defines a method of certificate enrollment by which domains > > > > I think we need a reference for EST. > > [Med] Done. Thanks. > > > > > o TLS False Start [RFC7918] which reduces round-trips by allowing > > the TLS second flight of messages (ChangeCipherSpec) to also > > contain the DOTS signal. > > [...] > > o TCP Fast Open [RFC7413] can reduce the number of round-trips to > > convey DOTS signal channel message. > > > > These are in something of a specification limbo, as they both appear to > > only be formally defined for use with TLS, but TLS False Start seems to > > have a straightforward extension to DTLS. It may be worth tweaking the > > text a little to acknowledge the situation here. > > [Med] Can you please indicate which tweaking do you have in mind? > > TFO allows to send data in the SYN without waiting for the completion of the 3WHS. Obviously, such delay is specific to TCP. My suggestions, which you can tweak or ignore as you like while waiting for IETF LC review: "TLS False Start is formally defined for use with DTLS, but the same techniques are applicable to DTLS as well." "Being TCP-specific, TCP Fast Open is only suitable for TLS and not DTLS." -Ben
- Re: [Dots] AD review of draft-ietf-dots-signal-ch… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-signal-ch… Konda, Tirumaleswar Reddy
- Re: [Dots] AD review of draft-ietf-dots-signal-ch… Benjamin Kaduk