IETF Logo Mail Archive

Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 21 January 2019 09:13 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2910A130F11; Mon, 21 Jan 2019 01:13:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.854
X-Spam-Level:
X-Spam-Status: No, score=-8.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cp1vNDQvSVlp; Mon, 21 Jan 2019 01:13:32 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28EC0130E99; Mon, 21 Jan 2019 01:13:31 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1548061988; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-office365-filtering-correlation-id:x-microsoft-antispam: x-ms-traffictypediagnostic:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=Z fyNwk/es8y5wBuhyX+zgxPgp2TArcaOVpG4g3Wqcm A=; b=WJao+XeygwOo/mfovuygHHsuiVEbzp7XmPFo0gsr2VOc wzgGrFkZ+gsN9dCOi68FgVmdxuXoUW2dLnDW+lg42jcUbNWh82 6PXcW0reMJ5tB275qbGWhnh3CSBI20IEH5U0B/SebISsCiNiWS VTLLoLMB2Ec03y6GUC+1mnJF+cI=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (DNVEXAPP1N04.corpzone.internalzone.com [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 6499_46c9_f6b9422d_5051_4e96_a15a_689470866ff6; Mon, 21 Jan 2019 02:13:07 -0700
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 21 Jan 2019 02:13:13 -0700
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Mon, 21 Jan 2019 02:13:12 -0700
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 21 Jan 2019 02:13:12 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2917.namprd16.prod.outlook.com (20.178.235.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.24; Mon, 21 Jan 2019 09:13:11 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::202f:5967:73ad:130f]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::202f:5967:73ad:130f%5]) with mapi id 15.20.1537.031; Mon, 21 Jan 2019 09:13:11 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
Thread-Index: AdSuMPs4z5rRJt5UT++zbKjLtGqWuABQDVAAAAzXK9AAbbFEAAAAVkFw
Date: Mon, 21 Jan 2019 09:13:10 +0000
Message-ID: <BYAPR16MB2790DC3745D572E9671660D5EA9F0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <787AE7BB302AE849A7480A190F8B93302EA08D24@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190118210258.GO81907@kduck.mit.edu> <BYAPR16MB279063917ED17BF8D0331060EA9D0@BYAPR16MB2790.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302EA0ABE9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA0ABE9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.100.18
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR16MB2917; 6:F47xCPA1hoNlvcVyasWIuQwlpl+7Kz2H0lyHKHUP9hOsJmSmRldhxYH5KaYDlEoRRgaxIkQ89KmjxCYasQpDqtKqv7bPqekL15pHA7W0JLKOjgqGVwT0MI0c5lcvEytINJgZxL7NWdM0fmh5AanIBo8TnDsxyMc/YfsqWByCbQdsP9IsHNndilXgNwzue0/dK1zsGP2YmfKSP9S16/OoOVQLAmIMsnwpQVKqijTiRk/oabMthz24tstqn0o5ToMdRhU3/zCdxf8UC01JApj29/j0ZsQ9+RPLPO4CbPadPefK7EpFoYbyqAZltuEk57JtO8LVCq0oq+ACMTXh2VDFF27s0kH10WjlEcbFFQAs4EUSUFHGQEqxJF9VuCKK8imobC0+HuAdC2JmDXwKi0MIR2zZx3GFhyiYSND+JdYU0TLT4KneuJPqd1D2m6qKlNkASjI1t6Xc9ucbhfLcgGS01w==; 5:EATwJjLzMGVaKjWii+DfzjPr/6RRncIe/ksdHa14Vjth0eA/VK5InejfgE8P8I+NL7HpH1hqCpti91nl2hDuf2fCjOgoBFnmfDBa49clDwWLJSeKKYg8melqkC3yQtUHXmhOS2bbMjgFoUSoYY8A6by0WDxdj4MnAnlF6ksvTHARxMMJTVH7sO/vmJ0VkNBxwJXJ1Pp2SEw6eL8AdThs0A==; 7:MS36xa+ijP1Z9s0n0OjvMHjm5WvM90ac91Af6Oo27+Xq97AcSLHut/NPCmApXWItJ8z4LHdsjhUFBbZBJLQVTbzinRMXC06f6gzKgLwtbxkAS9Hw3inWxcY/9OFvgYIz2vP54h+HtIk2b1haQiVYfw==
x-ms-office365-filtering-correlation-id: e736509f-f30b-49d2-a8dc-08d67f80aa5f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2917;
x-ms-traffictypediagnostic: BYAPR16MB2917:
x-microsoft-antispam-prvs: <BYAPR16MB2917A46799104D6414F60151EA9F0@BYAPR16MB2917.namprd16.prod.outlook.com>
x-forefront-prvs: 0924C6A0D5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(396003)(376002)(136003)(39850400004)(13464003)(199004)(189003)(55784004)(53754006)(32952001)(51444003)(81166006)(99286004)(14444005)(54906003)(4326008)(53936002)(256004)(86362001)(7736002)(3846002)(6116002)(9686003)(8676002)(5024004)(53546011)(6506007)(7696005)(8936002)(81156014)(102836004)(68736007)(53946003)(6306002)(2906002)(80792005)(305945005)(97736004)(33656002)(93886005)(316002)(110136005)(486006)(11346002)(446003)(476003)(2171002)(478600001)(6246003)(76176011)(72206003)(30864003)(186003)(14454004)(966005)(2501003)(106356001)(105586002)(26005)(229853002)(74316002)(55016002)(66066001)(6436002)(71200400001)(71190400001)(25786009)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2917; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: kOKiCd/3xa25daZCPqeb8M3qawp6J+RsFGsXmbb8TWgwNr0oYwB+hwhejivVes+gCwjeSB7ryCfKxKpTZfcOK/HxA1rU+mEcs58PMQx0Nokqr181TxCbnv7MBIdyDQl34h1ydge88DSpXPsaOxcQtY1N0eHAjdYH4Dx2wqcAG2wKnpVj41rMNNzDM/EokDGyfhKq2TphBlCTKpt70DU0FVvvbggL+TrTv0vMRQc6HHYIS/et2fgB2jwJSk2ZS+5ZT7v+DQGhT5fGZMylH/4rSEsCINxNncT9o5kauxBFsEweCvZ/+WPaB4Sk1RU0GzJH0P+9Zh4kZuz/NAXgr7LXA8RFq6TbBq9g6PK4qsT2M+5Ajm7bebn4PAz2wOvUkDKsfbQ6WpbjzHGU/y0Tf6EZ50d+u37nXov7VoIz8q5ASQk=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e736509f-f30b-49d2-a8dc-08d67f80aa5f
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jan 2019 09:13:10.9240 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2917
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6464> : inlines <6998> : streams <1810710> : uri <2783263>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/UZCCthJmyr352agIzsOOgnDBfd8>
Subject: Re: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 09:13:35 -0000

> -----Original Message-----
> From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
> Sent: Monday, January 21, 2019 1:01 PM
> To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>;
> Benjamin Kaduk <kaduk@mit.edu>
> Cc: draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org
> Subject: RE: [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
> 
> 
> 
> Hi Ben, all,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Konda, Tirumaleswar Reddy
> > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > Envoyé : samedi 19 janvier 2019 07:32
> > À : Benjamin Kaduk; BOUCADAIR Mohamed TGI/OLN Cc :
> > draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org Objet : RE:
> > [Dots] AD review of draft-ietf-dots-signal-channel-25 (5th Part)
> >
> > Hi Ben,
> >
> > Please see inline
> >
> > > -----Original Message-----
> > > From: Dots <dots-bounces@ietf.org> On Behalf Of Benjamin Kaduk
> > > Sent: Saturday, January 19, 2019 2:33 AM
> > > To: mohamed.boucadair@orange.com
> > > Cc: draft-ietf-dots-signal-channel@ietf.org; dots@ietf.org
> > > Subject: Re: [Dots] AD review of draft-ietf-dots-signal-channel-25
> > > (5th
> > Part)
> > >
> > > This email originated from outside of the organization. Do not click
> > > links
> > or
> > > open attachments unless you recognize the sender and know the
> > > content is
> > safe.
> > >
> > > Hi all,
> > >
> > > Thanks for all the edits and the published -27.
> > > Assuming I'm actually caught up on all the review/response threads,
> > > I think we're pretty close to being able to go to IETF LC -- here's
> > > what I see as
> > still left:
> > >
> > > - We need to settle the risk of needing normative downrefs called out for
> > >   the last call
> 
> [Med] I updated the text to:
> * cite 7618/7624 as normative (+ indicate that a similar mechanism to false
> start may also be defined for DTLS).

https://tools.ietf.org/html/rfc7918 does not require any changes to (D)TLS on-the-wire protocol data, and DLTS also supports false start (see the (D)TLS profile for IoT devices specified in 
https://tools.ietf.org/html/rfc7925#section-21).

> * tweak the TFO text to maintain it as informative.
> 
> > > - I just noticed while reviewing the diff that we also need to say a
> > >   little more about (D)TLS 1.3 0-RTT data (more below)
> > > - It looks like we lost the guidance to the Experts and text about the
> > >   review mailing list from the IANA Considerations, during the reshuffling
> > >   around having IANA manage more things
> > >
> 
> [Med] That was on purpose. We would like to rely on RFC8126 rules for
> deigned expert reviews.

In addition to RFC8126 to defend against replay attacks, we can add the following additional rules:

The DOTS signal channel messages sent as early data by the DOTS client
are idempotent requests. Further, CoAP (as discussed in Section 4.4 of RFC7252) is capable of performing message deduplication
to handle replay of CoAP requests.

Cheers,
-Tiru

> 
> > > Regarding the (D)TLS 1.3 0-RTT data, RFC 8446 notes that
> > > "Application protocols MUST NOT use 0-RTT data without a profile that
> defines its use.
> > > That profile needs to identify which messages or interactions are
> > > safe to
> > use
> > > with 0-RTT and how to handle the situation when the server rejects
> > > 0-RTT
> > and
> > > falls back to 1-RTT."  So we either need to say which client
> > > requests are
> > 0-RTT
> > > safe (and why) or defer that profile to another document.
> > > draft-ietf-
> > dnsop-
> > > session-signal is perhaps an example of a document that specifies
> > > which messages are/aren't allowed in early data.
> > > (draft-ietf-acme-acme is another, but an uninteresting one, since
> > > they make every request include a single-use nonce, and all messages
> > > are 0-RTT safe.) Our use of increasing 'mid' values may help here,
> > > in terms of allowing
> > DELETEs
> > > to be safe, but I'd have to think a little more to be sure that
> > > requesting mitigation would be safe.  (On first glance the
> > > session-managemnet bits
> > would
> > > not be safe, but I may be missing something.)
> >
> > The draft only uses idempotent requests (GET, PUT and DELETE), and
> > CoAP is capable of detecting message duplication (see
> > https://tools.ietf.org/html/rfc7252#section-4.5) for both confirmable
> > and non-confirmable messages.
> >  [1] An attacker replaying DELETE will not have any adverse impact,
> > 2.02
> > (Deleted) Response Code is returned even if the mitigation request
> > does not exist.
> > [2] The techniques discussed in Section 8 of RFC8446 should suffice to
> > handle anti-replay (e.g. an attacker replaying a 0-RTT data carrying
> > an old mitigation request replaced by a new mitigation scope).
> >
> 
> [Med] FWIW, we do already have this text in the draft:
> 
>       Section 8 of [RFC8446] discusses some mechanisms to implement to
>       limit the impact of replay attacks on 0-RTT data.  If the DOTS
>       server accepts 0-RTT, it MUST implement one of these mechanisms.
>       A DOTS server can reject 0-RTT by sending a TLS HelloRetryRequest.
> 
> > >
> > > Further notes inline.
> > >
> > > On Thu, Jan 17, 2019 at 06:51:04AM +0000,
> > > mohamed.boucadair@orange.com
> > > wrote:
> > > > Hi Ben,
> > > >
> > > > Please see inline.
> > > >
> > > > Cheers,
> > > > Med
> > > >
> > > > > -----Message d'origine-----
> > > > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] Envoyé : mercredi 16
> > > > > janvier 2019 01:14 À : draft-ietf-dots-signal-channel@ietf.org
> > > > > Cc : dots@ietf.org
> > > > > Objet : AD review of draft-ietf-dots-signal-channel-25
> > > > >
> > > > > Section 7.2
> > > > >
> > > > > The TLS 1.3 handshake with 0-RTT diagram needs to be
> > > > > revisited/refreshed, as RFC 8446 does not look like that.
> > > > > Additionally, the usage of PSK as well as a certificate is not
> > > > > defined until draft-housley-tls-tls13-cert-with-extern-psk is
> > published.
> > > > > I also note that in the diagram as presented, the client is not
> > > > > yet known to be authenticated when the server sends its initial
> > > > > (0.5-RTT) DOTS signal message.
> > > > >
> > > >
> > > > [Med] Noted. Thanks.
> > > >
> > > > > Section 7.3
> > > > >
> > > > > This whole section seems to only be relevant for UDP usage, so
> > > > > probably the "If UDP is used" clause can be dropped and an
> > > > > introductory statement added earlier on.
> > > >
> > > > [Med] Will consider that.
> > > >
> > > > >
> > > > >                               Path MTU MUST be greater than or equal to
> > > > >    [CoAP message size + DTLS overhead of 13 octets + authentication
> > > > >    overhead of the negotiated DTLS cipher suite + block padding]
> > > > >    (Section 4.1.1.1 of [RFC6347]).  If the request size exceeds
> > > > > the
> > path
> > > > >    MTU then the DOTS client MUST split the DOTS signal into separate
> > > > >    messages, for example the list of addresses in the 'target-prefix'
> > > > >    parameter could be split into multiple lists and each list conveyed
> > > > >    in a new PUT request.
> > > > >
> > > > > (DTLS 1.3 will have a short header for some packets, that is
> > > > > less than
> > > > > 13 octets.)
> > > >
> > > > [Med] The text is more about 1.2. We can add a 1.3 note if you
> > > > think it
> > is
> > > useful for the discussion.
> > > >
> > > > >
> > > > > Section 8
> > > > >
> > > > > We've got some requirements in here about limiting behavior of
> > > > > clients/servers when talking to gateways; is knowing about the
> > > > > presence of a gateway something that's required to happen out of
> > > > > band or is there an in-band way to identify that the peer is a gateway?
> > > >
> > > > [Med] An agent does not necessary know that it peer is gateway. A
> > > > gateway
> > is
> > > seen as a server for the client, and a client for a server.
> > > >
> > > > >
> > > > >    messages from an authorized DOTS gateway, thereby creating a
> > > > > two-
> > link
> > > > >    chain of transitive authentication between the DOTS client and the
> > > > >    DOTS server.
> > > > >
> > > > > This seems to ignore the possibility of setups that include both
> > > > > client-domain and server-domain gateways.
> > > >
> > > > [Med] I updated the text to mention this is only an example.
> > > >
> > > > >
> > > > >                  DOTS client certificate validation MUST be
> > > > > performed
> > as
> > > > >    per [RFC5280] and the DOTS client certificate MUST conform to the
> > > > >    [RFC5280] certificate profile.  [...]
> > > > >
> > > > > This seems to duplicate a requirement already stated in Section
> > > > > 7.1; it's probably best to only have normative language in one
> > > > > location, even if we need to mention the topic in multiple locations.
> > > > > Similarly for the mutual authentication requirement, which we
> > > > > duplicate in the second and fourth paragraphs of this section.
> > > >
> > > > [Med] Good point. Fixed.
> > > >
> > > > >
> > > > > If we don't want to use example.com vs. example.net as sample
> > > > > domains, we can also use whateverwewant.example, per RFC 6761.
> > > >
> > > > [Med] Will maintain the ones already in the draft. Thanks.
> > > >
> > > > >
> > > > > Section 9
> > > > >
> > > > > We should mention the media-type allocation in the top-level section.
> > > >
> > > > [Med] Will fix that.
> > > >
> > > > >
> > > > > "mappings to CBOR" feels confusing to me, since it leaves empty
> > > > > what we are mapping from.  Perhaps just talking about a registry
> > > > > of "CBOR map keys" would be better, both here and in the Section 9.3
> intro.
> > > > >
> > > >
> > > > [Med] Unless there is an objection, I can use "CBOR Map Keys".
> > > >
> > > > > Section 9.3
> > > > >
> > > > > I suggest being very explicit about whether new requests for
> > > > > registration should be directed to the mailing list or to IANA,
> > > > > as we've had some confusion about this elsewhere.
> > > > >
> > > > > The criteria used by the experts also just lists things they
> > > > > should consider, but does not provide full clarity on which
> > > > > answer to the question is more likely to be approved.  (And yes,
> > > > > I know that this text is largely copied from already published
> > > > > RFCs, but we can still do
> > > > > better.)
> > > >
> > > > [Med] Will check this.
> > > >
> > > > >
> > > > > Section 9.3.1
> > > > >
> > > > > If we want the value 0 to be reserved we need to say so.
> > > >
> > > > [Med] 0 is not part of the allocation range.
> > > >
> > > > > Do we want to say anything about the usage of negative integers
> > > > > as map keys?
> > > > >
> > > > > I suggest not mentioning the postal address, given the recent
> > > > > (e.g.) GDPR requirements.
> > > >
> > > > [Med] Good point. Done.
> > > >
> > > > >
> > > > > Section 9.3.2
> > > > >
> > > > > It may be worth mentioning Table 4 here as well.
> > > >
> > > > [Med] OK.
> > > >
> > > > >
> > > > > Section 9.5.1
> > > > >
> > > > > We need to specify which range of values we are asking for an
> > > > > allocation from.
> > > >
> > > > [Med] Added a mention to 0-255 range.
> > > >
> > > > >
> > > > > Section 9.6.1
> > > > >
> > > > > As above, specify what range we're asking about.
> > > >
> > > > [Med] OK.
> > > >
> > > > >
> > > > > I expect the current text to get some IESG (or directorate)
> > > > > feedback that the Data Item and Semantics descriptions are repetitive
> and banal.
> > > > >
> > > > > Section 9.7
> > > > >
> > > > > IIUC, IANA is going to ask if we want this module to be
> > > > > "maintained by IANA", so it would be good to have an answer
> > > > > ready even if we don't put it in the document text.
> > > >
> > > > [Med] This is discussed in -26.
> > > >
> > > > >
> > > > >    Rate-limiting DOTS requests, including those with new 'cuid' values,
> > > > >    from the same DOTS client defends against DoS attacks that
> > > > > would
> > > > >
> > > > > With respect to "new" 'cuid' values, is the server required to
> > > > > remember which ones it has seen in perpetuity, or can it time
> > > > > them out eventually?
> > > >
> > > > [Med] The attack vector is a DOTS client which changes frequently
> > > > its
> > cuid.
> > > The DOTS server can set an interval in which the same client cannot
> > > present
> > a
> > > new cuid.
> > > >
> > > > >
> > > > > Section 10
> > > > >
> > > > > The security considerations seem to be taking a narrow focus on
> > > > > the requirements for and consequences of specific bits on the
> > > > > wire in the signal channel protocol.  I think it's appropriate
> > > > > to also include some high-level thoughts about the functional
> > > > > behavior of the protocol, allowing to signal that an attack is
> > > > > underway and trigger mitigation, increasing the availability of
> > > > > services, etc., and the risks that are posed by the protocol
> > > > > failing to work properly, whether that means letting attack
> > > > > traffic through or improperly blocking legitimate traffic.
> > > >
> > > > [Med] Would a pointer to the architecture/requirements I-Ds be
> > > > sufficient
> > to
> > > cover to high-level aspects?
> > >
> > > Those documents' security considerations do seem to cover the
> > > relevant
> > points,
> > > yes.
> > >
> > > > >
> > > > > Section 13.1
> > > > >
> > > > > I think the IANA registries should be listed as Informational
> > > > > and not Normative references.
> > > > >
> > > >
> > > > [Med] Done.
> > > >
> > > > > Section 13.2
> > > > >
> > > > > Pending resolution of the question about using
> > > > > draft-ietf-core-yang-cbor rules or RFC7951+RFC7049, the
> > > > > draft-ietf-core-yang-cbor reference may need to be Normative.
> > > >
> > > > [Med] Please refer to my answer to that question.
> > > > draft-ietf-core-yang-
> > cbor is
> > > informative.
> > > >
> > > > >
> > > > > Given that "URI" is a well-known abbreviation, we may be able to
> > > > > get away with not citing RFC 3986.  On the other hand, it's not
> > > > > causing any harm to leave it in...
> > > >
> > > > [Med] Will leave it.
> > > >
> > > > >
> > > > > RFC 4632 needs to be Normative, since we need to know CIDR to
> > > > > encode/decode target-prefixes.
> > > >
> > > > [Med] Works for me.
> > > >
> > > > >
> > > > > Similarly, I think that RFCs 6234
> > > >
> > > > [Med] This one is not listed as normative because other hash algos
> > > > may be
> > > used.
> > >
> > > It's a lower-case "recommended", which can probably eke by as
> > > descriptive
> > and
> > > not a "protocol feature" (see below).
> > >
> > > > , 7413
> > > > [Med] The support if TFO is not mandatory.
> > >
> > > It's a SHOULD ("SHOULD implement all of the following items"), though...
> > >
> > > > , 7589
> > > > [Med] This is a MAY in the spec. It is just fine to leave it as
> > informative.
> > >
> > > ....per
> > > https://www.ietf.org/blog/iesg-statement-normative-and-informative-
> > > references/
> > > note 1, "Even references that are relevant only for optional
> > > features must
> > be
> > > classified as normative if they meet the above conditions for
> > > normative references."
> > >
> > > This does seem to be something we actually need to care about before
> > > IETF
> > LC,
> > > though, as 7413 is Experimental and not listed in the downref
> > > registry (https://datatracker.ietf.org/doc/downref/), so if we leave
> > > it as
> > Informational
> > > and have to change it later, we'd need to also restart/re-run the IETF LC.
> > >
> > > > , 7918
> > > > [Med] Idem as TFO.
> > >
> > > This is Informational (i.e., also susceptible to the downref issue).
> > >
> > > > , 7924
> > > > [Med] Idem as TFO.
> > >
> > > (idem x2), though this is standards-track at least, so we have more
> > > leeway
> > to
> > > move things around later.
> > >
> > >
> > >
> > > I think the most expedient thing to do here would just be to relax
> > > the requirement for TLS Falst STart, TFO, and Cached Information,
> > > perhaps to
> > text
> > > like "The following items are additional mechanisms that can reduce
> > > the
> > delay
> > > required to deliver a DOTS signal channel message, which
> > > implementations
> > are
> > > encouraged to implement as possible.", but I am open to other
> > > suggestions
> > for
> > > what to do.
> >
> > TLS False Start and Cached Information can be made normative
> > references (just like we referenced these items in our spec
> > https://tools.ietf.org/html/rfc8310)
> > TFO is for TCP only and that too for exception scenarios where UDP is
> > blocked. TFO can removed from the list of items the DOTS agents SHOULD
> > implement.
> >
> > NEW:
> > Compared to UDP, DOTS signal channel over TCP requires an additional
> > round- trip time (RTT) of latency to establish a TCP connection.
> > Implementations are encouraged to implement TCP Fast Open [RFC7413] to
> > eliminate that RTT when information exists from prior TCP connection.
> >
> > -Tiru
> >
> > >
> > >
> > > > , and 7951
> > > > [Med] this one was not listed as normative because the document
> > > > lists two
> > > ways to do the mapping.
> > >
> > > Agreed.
> > >
> > > -Ben
> > >
> > > > > should also be Normative.
> > > > >
> > > > >
> > > > > -Ben
> > > >
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email