Re: [Dots] additional remaining items for draft-ietf-dots-signal-channel-31

Benjamin Kaduk <kaduk@mit.edu> Sat, 29 June 2019 04:06 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F4CD1202D7; Fri, 28 Jun 2019 21:06:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.714
X-Spam-Level:
X-Spam-Status: No, score=-2.714 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_C=1.486, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pwdTnyFBGlf5; Fri, 28 Jun 2019 21:06:30 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C79DF12009C; Fri, 28 Jun 2019 21:06:29 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x5T46JH4012334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 29 Jun 2019 00:06:22 -0400
Date: Fri, 28 Jun 2019 23:06:19 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: draft-ietf-dots-signal-channel@ietf.org
Cc: The IESG <iesg@ietf.org>, frank.xialiang@huawei.com, dots@ietf.org, dots-chairs@ietf.org
Message-ID: <20190629040618.GJ10013@kduck.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/RoPPLdJn-R63o-a34AaF1V6sjrQ>
Subject: Re: [Dots] additional remaining items for draft-ietf-dots-signal-channel-31
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jun 2019 04:06:32 -0000

On Fri, Jun 28, 2019 at 05:21:24PM -0500, Benjamin Kaduk wrote:
> Hi Mirja,
> 
> I wanted to check in with the status of the remaining Discuss points for
> this document.  I tried to go through the previous discussions and have
> made my own analysis of where things stand, so hopefully we can compare
> notes.

In addition to Mirja's pending Discuss position, there are some other
points that we should probably update in the document from other IESG
review comments.

I still need to ensure that the dots-signal-reg-review@ietf.org list exists
in time for it to be used for registration requests.

The order of the If-Match: and Content-Format: header fields changed
between the -31 and the -34; is that order important?

Section 4.7 added text:

   If the DOTS server receives traffic from the peer DOTS client (e.g.,
   peer DOTS client initiated heartbeats) but maximum 'missing-hb-
   allowed' threshold is reached, the DOTS server MUST NOT consider the
   DOTS signal channel session disconnected.  The DOTS server MUST keep
   on using the current DOTS signal channel session so that the DOTS
   client can send mitigation requests over the current DOTS signal
   channel session.  In this case, the DOTS server can identify the DOTS
   client is under attack and the inbound link to the DOTS client
   (domain) is saturated.  Furthermore, if the DOTS server does not
   receive a mitigation request from the DOTS client, it implies the
   DOTS client has not detected the attack or, if an attack mitigation
   is in progress, it implies the applied DDoS mitigation actions are
   not yet effective to handle the DDoS attack volume.

Is the server supposed to start mitigation when it identifies that the
client is under attack but the client has not requested mitigation?

RFC 8305 needs to be normative since we use its rules for connection
attempts.

I still think that section 6 (in addition to the current "Note:
implementors must check" text) should specifically call out that the CBOR
and JSON types for enumerateds and the 64-bit quantities can differ in
surprising ways depending on the encoder used, as a potential hazard to use
caution with.

Section 4.4.1 lists a recommended procedure for 'cuid' generation:

         For the reasons discussed in Appendix A, implementations SHOULD
         set 'cuid' to the output of a cryptographic hash algorithm
         whose input is the Distinguished Encoding Rules (DER)-encoded
         Abstract Syntax Notation One (ASN.1) representation of the
         Subject Public Key Info (SPKI) of the DOTS client X.509
         certificate [RFC5280], the DOTS client raw public key
         [RFC7250], or the "Pre-Shared Key (PSK) identity" used by the
         DOTS client in the TLS ClientKeyExchange message.  In this
         version of the specification, the cryptographic hash algorithm
         used is SHA-256 [RFC6234].  The output of the cryptographic
         hash algorithm is truncated to 16 bytes; truncation is done by
         stripping off the final 16 bytes.  The truncated output is
         base64url encoded (Section 5 of [RFC4648]) with the trailing
         "=" removed from the encoding.

In the ballot discussion we heard that all parts of this are just
recommendations (i.e., there is no requirement to base64 or strip padding
or use SHA-256, etc.).  This could perhaps be clarified by changing to:

    For the reasons discussed in Appendix A, implementations SHOULD set 'cuid'
    using the following procedure: first, the Distinguished Encoding Rules
    (DER)-encoded Abstract Syntax Notation One (ASN.1) representation of the
    Subject Public Key Info (SPKI) of the DOTS client X.509 certificate
    [RFC5280], the DOTS client raw public key [RFC7250], or the "Pre-Shared Key
    (PSK) identity" used by the DOTS client in the TLS ClientKeyExchange
    message is input to the SHA-256 [RFC6234] cryptographic hash.  Then,
    the output of the cryptographic hash algorithm is truncated to 16
    bytes; truncation is done by stripping off the final 16 bytes.  The
    truncated output is base64url encoded (Section 5 of [RFC4648]) with the
    trailing "=" removed from the encoding, and the resulting value used as
    the 'cuid'.

which makes very clear that the "SHOULD" applies to the entire procedure,
and not just to the "output of a cryptographic hash algorithm" with the
normativity of the other steps being less well specified.  (This also
inlines the use of SHA-256, since this is the only specification we're
talking about.)

Mirja had a note about the retry-timer and the 45-second addition.  IIUC
the mitgation remains deactivated for the entire retry-timer plus 45
seconds and then is deleted afterwards, but I think Mirja would still like
that behavior clarified in the text.

The ballot discussions indicated that we needed some text about using
Non-Confirmable messages because that overrides behavior in RFC 7641; we
should be more explicit that we are overriding that behavior.

The question of whether the active-but-terminating period is hard-capped at
300 seconds seems to remain unanswered.

In section 4.5 the mention of CoAP ping/pong was removed but no
clarification or pointer to 7252 section 4.2 was added (which was requested
by one of the reviews).

There's also a couple typos left:

s/implictily/implicitly/

s/10 mn/10 min/

Thanks for all the great work getting this document over the finish line!

-Ben