Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 07 November 2019 08:55 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DA51120026 for <dots@ietfa.amsl.com>; Thu, 7 Nov 2019 00:55:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WyU3NZLmDs7g for <dots@ietfa.amsl.com>; Thu, 7 Nov 2019 00:55:46 -0800 (PST)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [63.128.21.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EF9A120872 for <dots@ietf.org>; Thu, 7 Nov 2019 00:55:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1573116945; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=f1R7d4ecqKWnorhmDyZxRTNG9JualIkf598p6qOOhmI=; b=NvmvDE/txgMsWKXej0y9IkBvWWAje0Z31xEEuaPdJ/VICiHBULqps7rE9VAZ7YdDLCNnL5 V+wHM9DTykwynamSDKNV0diOoS2mP+IIoCYLoGX3qT9TOLhdAlKEbOFLUA3If8vu4RnyeW WHAoN8BVBW+2xYw3UKAOw/Xec3Piqio=
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03lp2055.outbound.protection.outlook.com [104.47.40.55]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-266-NavUFN8ZNgS7TRRuP3sBcQ-1; Thu, 07 Nov 2019 03:55:43 -0500
Received: from MWHPR16MB1693.namprd16.prod.outlook.com (10.172.59.151) by MWHPR16MB1727.namprd16.prod.outlook.com (10.174.162.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.23; Thu, 7 Nov 2019 08:55:41 +0000
Received: from MWHPR16MB1693.namprd16.prod.outlook.com ([fe80::a8c3:180f:e08c:c557]) by MWHPR16MB1693.namprd16.prod.outlook.com ([fe80::a8c3:180f:e08c:c557%5]) with mapi id 15.20.2430.020; Thu, 7 Nov 2019 08:55:41 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Jon Shallow <supjps-ietf@jpshallow.com>, 'Valery Smyslov' <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>
Thread-Topic: [Dots] WGLC on draft-ietf-dots-server-discovery-05
Thread-Index: AdWJdJriVah9Pj1IRlOgUXigYgrLiQLPhj4AAAHYqgAAARUqAAAeQl6AAAQnISA=
Date: Thu, 7 Nov 2019 08:55:41 +0000
Message-ID: <MWHPR16MB1693C04755D042E6D452FF0EEA780@MWHPR16MB1693.namprd16.prod.outlook.com>
References: <011d01d58974$b70298b0$2507ca10$@smyslov.net> <1bb901d594b2$b4502b20$1cf08160$@jpshallow.com> <787AE7BB302AE849A7480A190F8B933031350F27@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <1bf401d594be$6b379700$41a6c500$@jpshallow.com> <787AE7BB302AE849A7480A190F8B933031358608@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B933031358608@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.4.0.45
dlp-reaction: no-action
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a2dce5ca-b2dd-4765-a7fc-08d763604494
x-ms-traffictypediagnostic: MWHPR16MB1727:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MWHPR16MB172765A24BD1F40416EA56BCEA780@MWHPR16MB1727.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0214EB3F68
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(396003)(39860400002)(136003)(366004)(199004)(189003)(32952001)(53754006)(13464003)(2201001)(6246003)(6506007)(476003)(53546011)(305945005)(110136005)(99286004)(7736002)(86362001)(74316002)(11346002)(102836004)(446003)(66476007)(478600001)(8676002)(64756008)(66446008)(33656002)(81166006)(81156014)(66946007)(55016002)(76116006)(66556008)(6306002)(9686003)(25786009)(5660300002)(5024004)(52536014)(14444005)(256004)(186003)(2501003)(966005)(71190400001)(71200400001)(6436002)(7696005)(66066001)(76176011)(3846002)(2906002)(486006)(229853002)(80792005)(316002)(14454004)(8936002)(6116002)(26005)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR16MB1727; H:MWHPR16MB1693.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NebVqSJk3kXDZ6PLV6+u7OfiMqZd6vdPGVYv2gB6MhkLioNkVlwSmARgSz22WrLz96uKprF15QgyHnlzduWVRDo27MvLVqt7lKQeCke8Sgxg8/BQsNWH+ssVTgx9NTAV66QRIkJxD/mMRHrN7bC02/L0Az3BlT5fR+fH6g4HR6v8Xhi5VlEgwU0jWZTYJSwIFIEvPtXBKyrlhwQXipArR1bWWHE+0k6sFvhoBa3Z0BLX38vE99p7/2q1I4URpmnbodXVQ5Jizah8ufIV/dL2ikw6HFVWZOwhC9a6bADZvQKl5+5zP1vTgeX6Ec2EDVuTpMFbaIgAoD4m3008w+sXvOtGmSW/xj4dyKOjyXPnfAAqCK2xFvBK1ayErbMtcYbNFwrr0PFS1qgAkKHhTY6ANUFGcI/KxuHeWGQ59TOqHisjxAi3RwuWP7XDLc1GgzDL7zWGEbZLy3DAZByS7zMTJJvCvVxVoiJYlpQJfASlDwY=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: mcafee.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a2dce5ca-b2dd-4765-a7fc-08d763604494
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2019 08:55:41.3618 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6bBtmFs0RUd3R5NkFkVs1JSXk4ifMuDEJIrEtCvQoYTlvisOhTI249ZPM/ATZ3pJxaBSl2aSAMN4wUdz8Ok1bg9/XCs4cavE95p5RSClEmP6BTUqX5ldQqIdlyp9xGDo
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR16MB1727
X-MC-Unique: NavUFN8ZNgS7TRRuP3sBcQ-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Tyhm4F-yGrx_FId-vj22kc1iA-A>
Subject: Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2019 08:55:49 -0000

   If the DHCP client receives OPTION_V6_DOTS_ADDRESS only, the
   address(es) included in OPTION_V6_DOTS_ADDRESS are used to reach the
   peer DOTS agent.  In addition, these addresses can be used as
   identifiers for authentication.

We may want to add the following line to support the above lines:
[I-D.ietf-acme-ip] describes a new protocol that allows CA to issue certificates for IP addresses.

Cheers,
-Tiru

> -----Original Message-----
> From: Dots <dots-bounces@ietf.org>; On Behalf Of
> mohamed.boucadair@orange.com
> Sent: Thursday, November 7, 2019 12:19 PM
> To: Jon Shallow <supjps-ietf@jpshallow.com>;; 'Valery Smyslov'
> <valery@smyslov.net>;; dots@ietf.org; dots-chairs@ietf.org
> Subject: Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05
> 
> CAUTION: External email. Do not click links or open attachments unless you
> recognize the sender and know the content is safe.
> 
> Hi Jon,
> 
> OK, thanks.
> 
> In order to further make things clear, I suggest to add this NEW text in the
> introduction of Section 5:
> 
>    The list of the IP addresses returned by DHCP servers is typically
>    used to fed the DOTS server selection procedure detailed in
>    Section 4.3 of [I-D.ietf-dots-signal-channel] or to provide DOTS
>    agents with primary and backup IP addresses of their peer DOTS
>    agents.
> 
> Would that be OK?
> 
> I'm not sure the text need to hint any priority order set by the server (backup
> case), though. The reason is that list will be ordered by the client following HE.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com]
> > Envoyé : mercredi 6 novembre 2019 17:23 À : BOUCADAIR Mohamed
> TGI/OLN;
> > 'Valery Smyslov'; dots@ietf.org; dots- chairs@ietf.org Objet : RE:
> > [Dots] WGLC on draft-ietf-dots-server-discovery-05
> >
> > Hi Med,
> >
> > Sorry - not thinking straight - yes, you are correct in that a single
> > OPTION_Vx_DOTS_ADDRESS can contain multiple IP addresses - must have
> > glazed over the specific definition before hitting the "it MUST only
> > use the first instance" in the next section (Client Behavior).
> >
> > Regards
> >
> > Jon
> >
> > > -----Original Message-----
> > > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of
> > mohamed.boucadair@orange.com
> > > Sent: 06 November 2019 15:52
> > > To: Jon Shallow; 'Valery Smyslov'; dots@ietf.org;
> > > dots-chairs@ietf.org
> > > Subject: Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05
> > >
> > > Hi Jon,
> > >
> > > Thank you for the comments.
> > >
> > > Please see inline.
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de Jon Shallow
> > > > Envoyé : mercredi 6 novembre 2019 15:59 À : 'Valery Smyslov';
> > > > dots@ietf.org; dots-chairs@ietf.org Objet : Re: [Dots] WGLC on
> > > > draft-ietf-dots-server-discovery-05
> > > >
> > > > Hi All,
> > > >
> > > > I have read through draft-ietf-dots-server-discovery-05 and think
> > > > that
> > it
> > > > is
> > > > a good document.
> > > >
> > > > However, in particular with DHCPv(4|6), it is only possible to use
> > > > the first OPTION_Vx_DOTS_ADDRESS (5.1.3, 5.2.3).
> > >
> > > [Med] Yes
> > >
> > >   If the server at the first address
> > > > is down / unavailable for whatever reason, it is not possible to
> > > > define
> > a
> > > > backup IP address as a secondary entry.  Is it the intention to
> > > > not
> > allow
> > > > backup IP addresses?
> > >
> > > [Med] Hmm, that is possible given that an instance is designed to
> > > carry a
> > list
> > > of IP addresses.
> > >
> > >    If the DHCP client receives OPTION_V6_DOTS_ADDRESS only, the
> > >    address(es) included in OPTION_V6_DOTS_ADDRESS are used to reach
> the
> > >    ^^^^^^^^^^
> > >    peer DOTS agent.  In addition, these addresses can be used as
> > >    identifiers for authentication.
> > >
> > > >
> > > > With DNS, I know that A/AAAA records can be presented round-robin
> > > which
> > > > gives the possibility of backup IP addresses, but am not sure
> > > > whether
> > this
> > > > holds true for implementations for other Resource Records.  If
> > > > backup addresses are to be allowed, the draft is unclear whether
> > > > only the
> > first
> > > > A/AAAA RR is allowed, or each can be tested until the first
> > > > non-failure
> > is
> > > > found, or whether happy-eyeballs it to be invoked against all of
> > > > the IP addresses and then the final IP preferentially chosen
> > > > according to the
> > RR
> > > > returned order.
> > >
> > > [Med] Considerations related to address selection (including HE) are
> > > not detailed here on purpose because this is not part of discovery.
> > >
> > > >
> > > > Regards
> > > >
> > > > Jon
> > > >
> > > > > -----Original Message-----
> > > > > From: Dots [mailto:ietf-supjps-dots-bounces@ietf.org] On Behalf
> > > > > Of
> > > Valery
> > > > > Smyslov
> > > > > Sent: 23 October 2019 08:37
> > > > > To: dots@ietf.org
> > > > > Cc: dots-chairs@ietf.org
> > > > > Subject: [Dots] WGLC on draft-ietf-dots-server-discovery-05
> > > > >
> > > > > Hi,
> > > > >
> > > > > this message starts a Work Group Last Call (WGLC) for
> > > > draft-ietf-dots-server-
> > > > > discovery-05.
> > > > > The version to be reviewed is here:
> > > > https://www.ietf.org/id/draft-ietf-dots-
> > > > > server-discovery-05.txt
> > > > >
> > > > > The WGLC will last for two weeks and will end on November the 7th.
> > > > > Please send your comments to the list before this date.
> > > > >
> > > > > Regards,
> > > > > Frank & Valery.
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Dots mailing list
> > > > > Dots@ietf.org
> > > > > https://www.ietf.org/mailman/listinfo/dots
> > > >
> > > > _______________________________________________
> > > > Dots mailing list
> > > > Dots@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/dots
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots