Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)

Alissa Cooper <alissa@cooperw.in> Fri, 10 May 2019 14:00 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80E0F120248; Fri, 10 May 2019 07:00:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=3Rrbqrre; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=wri3sWif
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3NfeEw5vaUXv; Fri, 10 May 2019 07:00:31 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5846B120258; Fri, 10 May 2019 07:00:31 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 492C623B13; Fri, 10 May 2019 10:00:30 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Fri, 10 May 2019 10:00:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm3; bh=m fa7tArbGBiQwDPzfN2ABojq3ckTWKJswoF2STXNm6I=; b=3RrbqrreG3OwT3KvI uv7Xu/LSHvKgiYE5FNtsNtyRpBJBlZedSaQHFh/+Z0gkwDDPj/NOWp4Ir/lpFa7V I1ityuzSh9/XZ8DNhqeKeE+B/rj+Pyt+3RYPGM47yubhwyeJz8E4qyK4RuX1AQY+ ex8GrhKIMxJ1NRQe+8XWCuPcCTVc41ryPi/3EbQ9D5V8/C1J1psBk7U7Hxk1UO/p 6GAZyXwMR40abU3DNrZgnLEuSulvGKiC2AdIui/h841WKAf5m6jzt7lPyMLMgwtZ 8b1bfUYyd/Pd8z7rMMdBIhL6E8f+7fta5TQYrVkBWO2AtYnBGHjPO360K3/7Hobb A9vKg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=mfa7tArbGBiQwDPzfN2ABojq3ckTWKJswoF2STXNm 6I=; b=wri3sWifORVpCxNFtEpV0izyv1H4x+JujrXh8IC1/my0b6aAOCmlj0tzN r/A7ADbapAunyD+i6vgak49qPPo9uSXUuKMoIEV8H8w8fAhYstU/XqKrLtEYfqva ES8K/NaDmH+wd1LBBcs0+BFJR4ZG0Osfn+WXvRHLk6MMkShoLMwsViW8WXAfVrGK XRutoM1onPJbFRNrNCHQTMmCd4z1dcf5SCGYP6nQD37WdF4B7Yxw8c7bD8JZV0HF rn8XbmNI+7WBrFWa7sIcfsBtskTLBud1ZN0nmyX9ljzcACOg/e+Zl5v9WwFlwbNs /SmLJNJkgRflInt656hidAryBfjlw==
X-ME-Sender: <xms:_YPVXNbNls3Xirvv_j75VZnMTCrg8op13DQMcS6xYo2wupSN8sVdyw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrkeekgdejfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurheptggguffhjgffgffkfhfvofesthhqmh dthhdtjeenucfhrhhomheptehlihhsshgrucevohhophgvrhcuoegrlhhishhsrgestgho ohhpvghrfidrihhnqeenucffohhmrghinhepihgvthhfrdhorhhgnecukfhppedujeefrd efkedruddujedrkeejnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrlhhishhsrgestgho ohhpvghrfidrihhnnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:_YPVXIHbMfkQDHXS-OtNmN71kbk4-p_CoXi2PzHDlVG_vNtyvW5t7w> <xmx:_YPVXImp0-WnFqCc6zLh7RnWlU40sOfJy0O6oqB1Fabw1MdSz2UQdQ> <xmx:_YPVXNCMPE73_10VwXz8rbUn1JlKCr1-umyIfeSrZtYIQNgyfpnU_A> <xmx:_oPVXIuxR46suyowFXzrQB_j6nuuJS6zTME3g0m5JOu_Op6fOOUfAw>
Received: from rtp-alcoop-nitro5.cisco.com (unknown [173.38.117.87]) by mail.messagingengine.com (Postfix) with ESMTPA id D54C780069; Fri, 10 May 2019 10:00:27 -0400 (EDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA7B408@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Fri, 10 May 2019 10:00:25 -0400
Cc: IESG <iesg@ietf.org>, "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, Liang Xia <frank.xialiang@huawei.com>, "dots@ietf.org" <dots@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <200BE2CA-AE9B-4DF6-8065-5C1E0E221071@cooperw.in>
References: <155676213548.2612.17892772935784304109.idtracker@ietfa.amsl.com> <1D15F9BD-A743-4EA4-86D8-35FA22FE5438@cooperw.in> <787AE7BB302AE849A7480A190F8B93302EA7B408@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
To: mohamed.boucadair@orange.com
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/RAd7Pnd742-wy3v62QLKiqQfl2E>
Subject: Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 May 2019 14:00:40 -0000

Hi Med,

> On May 10, 2019, at 1:35 AM, mohamed.boucadair@orange.com wrote:
> 
> Hi Alissa, 
> 
> The main reason is that the examples in the draft are using the JSON encoding of YANG modelled data.

This does not necessitate a normative reference. See https://www.ietf.org/blog/iesg-statement-normative-and-informative-references/

Alissa

> 
> Cheers,
> Med
> 
>> -----Message d'origine-----
>> De : Alissa Cooper [mailto:alissa@cooperw.in]
>> Envoyé : jeudi 9 mai 2019 23:09
>> À : Alissa Cooper
>> Cc : IESG; draft-ietf-dots-signal-channel@ietf.org; Liang Xia;
>> dots@ietf.org; dots-chairs@ietf.org
>> Objet : Re: Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31:
>> (with DISCUSS and COMMENT)
>> 
>> Thanks, the changes look good. However I still don’t understand why RFC
>> 7951 is listed as a normative reference.
>> 
>> Alissa
>> 
>> 
>>> On May 1, 2019, at 9:55 PM, Alissa Cooper via Datatracker
>> <noreply@ietf.org> wrote:
>>> 
>>> Alissa Cooper has entered the following ballot position for
>>> draft-ietf-dots-signal-channel-31: Discuss
>>> 
>>> When responding, please keep the subject line intact and reply to all
>>> email addresses included in the To and CC lines. (Feel free to cut this
>>> introductory paragraph, however.)
>>> 
>>> 
>>> Please refer to https://www.ietf.org/iesg/statement/discuss-
>> criteria.html
>>> for more information about IESG DISCUSS and COMMENT positions.
>>> 
>>> 
>>> The document, along with other ballot positions, can be found here:
>>> https://datatracker.ietf.org/doc/draft-ietf-dots-signal-channel/
>>> 
>>> 
>>> 
>>> ----------------------------------------------------------------------
>>> DISCUSS:
>>> ----------------------------------------------------------------------
>>> 
>>> = Section 3 =
>>> 
>>> "By default, a DOTS signal channel MUST run over port number TBD as
>>>  defined in Section 9.1, for both UDP and TCP, unless the DOTS server
>>>  has a mutual agreement with its DOTS clients to use a different port
>>>  number.  DOTS clients MAY alternatively support means to dynamically
>>>  discover the ports used by their DOTS servers (e.g.,
>>>  [I-D.boucadair-dots-server-discovery])."
>>> 
>>> MUST implies an absolute requirement, so "MUST ... unless" is a
>> problematic
>>> construction. Furthermore, it doesn't make sense together with "MAY
>>> alternatively," which indicates that port number discovery is an
>> alternative to
>>> the fixed to-be-assigned port.
>>> 
>>> I didn't have time to get very far into draft-boucadair-dots-server-
>> discovery,
>>> but it appears that it does not mandate support for any single discovery
>>> mechanism for clients and servers to support. If so, that
>> "alternatively" seems
>>> like more of a problem, since it allows for there to be no interoperable
>>> mechanism for clients to discover server ports. I think maybe what was
>> intended
>>> here was:
>>> 
>>> s/MUST/SHOULD/
>>> s/MAY alternatively/MAY additionally/
>>> 
>>> = Section 4.4.1 =
>>> 
>>> (1)
>>> "In deployments where server-domain DOTS gateways are enabled,
>>>  identity information about the origin source client domain SHOULD be
>>>  propagated to the DOTS server.  That information is meant to assist
>>>  the DOTS server to enforce some policies such as grouping DOTS
>>>  clients that belong to the same DOTS domain, limiting the number of
>>>  DOTS requests, and identifying the mitigation scope.  These policies
>>>  can be enforced per-client, per-client domain, or both.  Also, the
>>>  identity information may be used for auditing and debugging purposes."
>>> 
>>> Does "identity information" just refer to cdid, or something else?
>>> 
>>> (2) The constructions "MUST ... (absent explicit policy/configuration
>>> otherwise)" are problematic. I'm assuming these are meant to be SHOULDs.
>>> 
>>> = Section 13.1 =
>>> 
>>> I don't understand why RFC 7951 is a normative reference but
>>> draft-ietf-core-yang-cbor is an informative reference.
>>> 
>>> 
>>> ----------------------------------------------------------------------
>>> COMMENT:
>>> ----------------------------------------------------------------------
>>> 
>>> = Section 4.4.1 =
>>> 
>>> "The 'cuid' is intended to be stable when communicating with a
>>>     given DOTS server, i.e., the 'cuid' used by a DOTS client SHOULD
>>>     NOT change over time. "
>>> 
>>> Why is this the recommended behavior?
>>> 
>>> 
>