IETF Logo Mail Archive

Re: [Dots] Mirja Kühlewind's Discuss on draft-ietf-dots-requirements-18: (with DISCUSS and COMMENT)

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 21 February 2019 14:23 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0DFF130F85; Thu, 21 Feb 2019 06:23:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.801
X-Spam-Level:
X-Spam-Status: No, score=-2.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D5Pt_jxEmYnp; Thu, 21 Feb 2019 06:23:41 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DDC61279E6; Thu, 21 Feb 2019 06:23:39 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1550758885; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-exchange-diagnostics: x-microsoft-antispam-prvs:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: Content-Transfer-Encoding:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=wuSVynCLQj0Ij/qSkZg7kcwNyhkC6TIXn7baap eCjYQ=; b=Hk5jHo4pEAuFENKvHi3WiwZ3O56CrvFeNiLcShnJ Awhwp8I8YuRXbX4aQ0H5fVijAZSKABPq2ztpChlZKZ5k5GkU6L wYRV5N+Yt5yQ49ZNga3EImmVMmGttOPfOPbWs2iSdGwBjUmi3M qF4djyXTIbkAUQ+vIwrGhdYvJz7oFO0=
Received: from DNVEXAPP1N06.corpzone.internalzone.com (DNVEXAPP1N06.corpzone.internalzone.com [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 5b68_4ddc_d171580a_c0c5_451d_996a_5d18856a0b8b; Thu, 21 Feb 2019 07:21:25 -0700
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 21 Feb 2019 07:23:19 -0700
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Thu, 21 Feb 2019 07:23:20 -0700
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 21 Feb 2019 07:23:18 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2886.namprd16.prod.outlook.com (20.178.234.206) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.15; Thu, 21 Feb 2019 14:23:18 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39%2]) with mapi id 15.20.1622.020; Thu, 21 Feb 2019 14:23:18 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
CC: The IESG <iesg@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "frank.xialiang@huawei.com" <frank.xialiang@huawei.com>, "draft-ietf-dots-requirements@ietf.org" <draft-ietf-dots-requirements@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Mirja Kühlewind's Discuss on draft-ietf-dots-requirements-18: (with DISCUSS and COMMENT)
Thread-Index: AQHUyUVCi/rE6uJSNkeWAAO1fEcJnaXp37GAgAA2h4CAACUg4A==
Date: Thu, 21 Feb 2019 14:23:18 +0000
Message-ID: <BYAPR16MB2790CC0ED0E41B3551F7C93BEA7E0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155068522853.31498.10686203344983870104.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA23122@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <66BB8E3D-DEB6-43AC-AAEB-B6EB1A248865@kuehlewind.net>
In-Reply-To: <66BB8E3D-DEB6-43AC-AAEB-B6EB1A248865@kuehlewind.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [122.171.76.178]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a1de26a2-b073-40de-1fab-08d698081ff2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2886;
x-ms-traffictypediagnostic: BYAPR16MB2886:
x-ms-exchange-purlcount: 4
x-microsoft-exchange-diagnostics: 1;BYAPR16MB2886;23:DdVIUB/rRiIU/bHVQrwaIIAlpIcYxVsxJ0z/T9czETao8zHx1SW9e0tpG/nZGzfHEnKJ97zZMHKGbv3mGRlOc+QAT9nHGVPD+OI4by9b5oBg0015F2jA9zOAxbNC5XWfbDv1RpjDbq6yVT+6M7EcaDgl9uPhTTx7AejcrPBsHW1D5yoa6P0MTOHRqtobFx3dQaSaN2T1b/KRtO9a4JUwLQhHrhGmjNd1cCXar4Maomj0AwVQIXitcISO6EkRRYx48/zdYXnmeyfGSMTT59KaypRxror+8nMyIPMUBZbk9kpTH3IWIgap4MacH7i3eBHewfJ40mQZ7FIjn6Wh05aL6LiQvsH242a6T9E0cd3pe5crqfsw/v9uc1FfucMPIwj4j7xV57eiwJTv7QMlT976YbbPGWpetvRcbywhghq+uxivxNYMv0TSp/N0af8bidPXhbAdGK+0CUup/YU6ewVfD0mB9pI3Ee3Sv9exb9m5C6nd+p+EFKizvdflsGIqMnAPlDZHCptyI7AbzN4a8uQJYmINSP1pZ1XLBzXnOdVH/N/8KnX74yAjKJmNrwDxUKLbzkI6Aam2RybljtmyygUJEs3KZumen/DxMzxOFtNRN0vJ2ZGf6lb4YHxyLPdlfgApBujf2f0B/8t0kKud30VKaS5+r4xILKumg/EkyLmdHi1hOUKjgCxAKp86sYHPTuvHe71qUxO5fMMwqD19dGZ4E23cR+5+ydnWiqc7lteGeIyzLUX2q4hMIKUznWU8m++4CbuqsEerIW8//RW3ICaO/XxG1rlOla/2rT7EovEeKMav63mzDRo099k7H0w8z/3GpvZwDKSBpn4ZRW4N2i8YYG6lb0aWc7+/S7XGvmerTyefmNTe5h1BE7LD7mP2PkSAVnpTIssR5b+SDtWNTj599EIFtMR5++frHYQc115O3Kw26v7MIhCOxOMJzltbs1GDlULz0uO0u3zYvjnP8QTwJlb2ltlwHdzIgeJvFPm/hQZprgOuLSDCPmlcbg5JLnU1zW7gSwSKTevxRyYfUTr0oyx4h5eFvkl4srSswyBxoFN99JPXg7tVCbohsFL0ftdlOTRy23iUiqM0czDUV4E/jg06LpWgJdwweC9/AUi1AifsCPctCMBGOOjkM7op/7PnnODDh8x2qGJeH8A+PSNYXme8I64cJYop+9bnttSDq/DJvfZW8zSs/rJN2ae7XLIIvKjjh44Nqi+yfzAYxHIh82rS4xSf2Bu4J9F70t0EDhcqnVQHSiisDsVDMucuhWtwRHB3WvTqoR3lj527Mb572bV1GvpNv1Vy3ZsckCWaPmavl1v29HmWJwuMwbswbdeuGw24ovPnsREff3bUPPdk/aM3cFcGE2JcYHBXoKMXAHSmMoLbHCFh9LUffvP5YWaA5OGEH0myQPaB00cZmhjXxldhz7rsdHi75Nf/JEf9k1Yiscb5LZpFCaVCBZBgEzsCHIxznYLaRL6ZaZ/U27aCFy56+8v+f7QsSOwTnAiI1iw=
x-microsoft-antispam-prvs: <BYAPR16MB28861A10F3F834C6150FFF82EA7E0@BYAPR16MB2886.namprd16.prod.outlook.com>
x-forefront-prvs: 09555FB1AD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(396003)(366004)(376002)(346002)(39860400002)(32952001)(55784004)(199004)(189003)(13464003)(2906002)(486006)(6306002)(53936002)(476003)(76176011)(8936002)(11346002)(80792005)(33656002)(25786009)(71200400001)(66066001)(9686003)(6246003)(68736007)(99286004)(78486014)(14444005)(71190400001)(5024004)(4326008)(229853002)(55016002)(6436002)(81166006)(81156014)(7736002)(446003)(66574012)(7696005)(256004)(6116002)(74316002)(26005)(224303003)(105586002)(966005)(97736004)(106356001)(5660300002)(102836004)(478600001)(2501003)(72206003)(6506007)(186003)(53546011)(86362001)(305945005)(30864003)(54906003)(316002)(3846002)(110136005)(14454004)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2886; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: ugbW4FU+TZ2FEi44s+p4siejdENOp5ETT//dc51kRDF9JLCd6mOvdR/5FrGochJg5SdeTflUiPOA1f11+X4VqEyT86U0dXrE2Tq6wl/6yHyiTvAOSbQimtk+m9tLxt2N96JvGTP8OB8x5eYCer9s6boPSyU3HZnICFu71S02VDl8nU5zaBVGnnF6z3cf8XrPgCg413h1UmJobNCfgmH+f6fgm6DGWsHSn5MBk+j9v5CFGB1GqDQ24uCfLk661UmejBZiBYBNI2o0ssqTZKkwS9+99j2yRdoElxZsPgD9Zy4jxQ36rJS4u8Ym6EXfiC11GV0dDK6+k7AIwevMEftp/pFjD84T1Nqb0+opaxGl2e1M2VbwvLU/apeed/lFm6ukn4LDzS5CjazM4OfEOdxmNI4FmX9hsXABf++P4GpouDM=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a1de26a2-b073-40de-1fab-08d698081ff2
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2019 14:23:18.1284 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2886
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6488> : inlines <7019> : streams <1813685> : uri <2799957>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/VkhDJMaaJWIA5TTUvYpVIq1t4eM>
Subject: Re: [Dots] Mirja Kühlewind's Discuss on draft-ietf-dots-requirements-18: (with DISCUSS and COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 14:23:45 -0000

> -----Original Message-----
> From: Mirja Kuehlewind (IETF) <ietf@kuehlewind.net>
> Sent: Thursday, February 21, 2019 4:29 PM
> To: mohamed.boucadair@orange.com
> Cc: The IESG <iesg@ietf.org>; dots-chairs@ietf.org;
> frank.xialiang@huawei.com; draft-ietf-dots-requirements@ietf.org;
> dots@ietf.org
> Subject: Re: [Dots] Mirja Kühlewind's Discuss on draft-ietf-dots-requirements-
> 18: (with DISCUSS and COMMENT)
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is safe.
> 
> Hi Med,
> 
> please see below.
> 
> > Am 21.02.2019 um 08:43 schrieb mohamed.boucadair@orange.com:
> >
> > Hi Mirja,
> >
> > Please see inline.
> >
> > Cheers,
> > Med
> >
> >> -----Message d'origine-----
> >> De : Dots [mailto:dots-bounces@ietf.org] De la part de Mirja
> >> Kühlewind Envoyé : mercredi 20 février 2019 18:54 À : The IESG Cc :
> >> dots-chairs@ietf.org; frank.xialiang@huawei.com; draft-ietf-dots-
> >> requirements@ietf.org; dots@ietf.org Objet : [Dots] Mirja Kühlewind's
> >> Discuss on draft-ietf-dots-requirements-18:
> >> (with DISCUSS and COMMENT)
> >>
> >> Mirja Kühlewind has entered the following ballot position for
> >> draft-ietf-dots-requirements-18: Discuss
> >>
> >> When responding, please keep the subject line intact and reply to all
> >> email addresses included in the To and CC lines. (Feel free to cut
> >> this introductory paragraph, however.)
> >>
> >>
> >> Please refer to
> >> https://www.ietf.org/iesg/statement/discuss-criteria.html
> >> for more information about IESG DISCUSS and COMMENT positions.
> >>
> >>
> >> The document, along with other ballot positions, can be found here:
> >> https://datatracker.ietf.org/doc/draft-ietf-dots-requirements/
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> -
> >> DISCUSS:
> >> ---------------------------------------------------------------------
> >> -
> >>
> >> Thanks for addressing the TSV-ART comments (and thanks Joe for the
> review)!
> >> In-line with Joe's comment, please see some additional comments below.
> >>
> >> 1) One minor edit is required still for SIG-002: for PLMTUD the
> >> correct reference is RFC4821, however,
> >
> > [Med] Actually, the document is referring to draft-ietf-intarea-frag-fragile for
> PMTUD matters. That document cites the appropriate documents: rfc8201,
> rfc4821, draft-ietf-tsvwg-datagram-plpmtud, etc.
> >
> > as commented by Joe RFC1191 is less reliable
> >
> > [Med] RFC1191 is cited to justify why PMTU of 576 bytes was chosen.
> >
> >> and
> >> therefore usually not recommended. I would recommend to re-add a
> >> reference to
> >> RFC4821 and no reference to RFC1191 (or only with a warning that
> >> RFC4821 is preferred due to ICMP blocking). Further, the correct
> >> reference for datagram PLMTUD is draft-ietf-tsvwg-datagram-plpmtud.
> >
> > [Med] This is already cited in draft-ietf-intarea-frag-fragile. No need to be
> redundant, IMO.
> 
> Actually, yes this is probably more an editorial comment from my side, that
> citing rfc4821 and draft-ietf-tsvwg-datagram-plpmtud directly could be good.
> But I will not hold my discuss for this.
> 
> >
> >> 2) Also on this text in SIG-004:
> >> "The heartbeat interval during active mitigation could be
> >>      negotiable, but MUST be frequent enough to maintain any on-path
> >>      NAT or Firewall bindings during mitigation.  When TCP is used as
> >>      transport, the DOTS signal channel heartbeat messages need to be
> >>      frequent enough to maintain the TCP connection state."
> >>
> >> As Joe commented already, different heartbeats at different layers
> >> can be used at the same time for different purposes. You can use
> >> heartbeats at the application layer to check service availability
> >> while e.g. using a higher frequent heartbeat at the transport layer
> >> to maintain firewall and NAT state.
> >
> > [Med] Please note that the text you quoted is about "during active mitigation".
> When no attack is ongoing, we do have the following behavior which covers
> your comment:
> >
> >      When DOTS agents are exchanging heartbeats and no
> >      mitigation request is active, either agent MAY request changes to
> >      the heartbeat rate.  For example, a DOTS server might want to
> >                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >      reduce heartbeat frequency or cease heartbeat exchanges when an
> >
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >      active DOTS client has not requested mitigation, in order to
> >      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >      control load.
> >
> >> The advantage to such an approach is that there is less application
> >> layer overhead/load e.g. in scenarios where it might be expensive to
> >> wake up the application or a server is already highly loaded. Also
> >> note that the  time- outs values of NATs and firewalls on the path
> >> are usually unknown, therefore an application can never rely on
> >> heartbeats (no matter at which level) and must be prepared to try to
> >> reconnect on the application layer if the connection fails.
> >> Usually, the main reason for using heartbeats to maintain NAT or
> >> firewall state (vs. reconnect every time) in TCP is if the
> >> application is time-sensitive and a full TCP handshake takes too long
> >> for the desired service. I'm not sure that the case for DOTS,
> >> however, I understand it may be beneficial to have established state
> >> if an attack is on-going.
> >
> > [Med] This is important to avoid new handshakes when the client has to
> request a mitigation.
> 
> This is okay but could be spelled out more explicitly as a requirement, rather
> than taking about the details of sending heartbeats.

Sure, updated text as follows:

The heartbeat interval during active mitigation could be negotiable, but in order to avoid cryptographic handshake for mitigation requests, heartbeat interval MUST be frequent enough to 
maintain any on-path NAT or Firewall bindings during mitigation.

> >
> >>
> >> For UDP I guess it's more complicated in your case. Time-outs are
> >> usually very short, however, state is created with the first packet
> >> of a flow (as there is no handshake in UDP). As you don't see
> >> blocking if state is expired as new state is created immediately,
> >> it's kind of impossible to measure the configured time-out values.
> >> Only if the firewall is under attack it would start blocking UDP
> >> traffic that is has no state for yet. So I understand why it is
> >> desirable to maintain UDP state for you, however, I don't understand
> >> how you can know that your frequency is high enough to actually keep
> >> the state open. Note that TCP time-outs are usually in the order of
> >> hours, while UDP time-outs are usually in range of tens of seconds,
> >> and might expire even quicker if a system is under attack. If that is
> >> a scenario that is important for you, and assuming that not all
> >> time-outs values on the path can be known, I guess it would be
> >> recommendable to use TCP instead.
> >>
> >> In any case this can not be a MUST requirement (as timers are usually
> >> not known). I would recommend to state something like:
> >>
> >> "MAY be frequent enough to maintain NAT or firewall state, if timer
> >> values are known, or if TCP is used, SHOULD use in addition TCP
> >> heartbeats  to maintain the TCP connection state and reconnect
> >> immediately if a failure is detected."
> >>
> >
> > [Med] The original wording is accurate and reflects the requirement of the
> WG. How this will be enforced is part of the solution/specification space.
> 
> My hold point here is that
> 
> "MUST be frequent enough to maintain any on-path NAT or Firewall bindings
> during mitigation.“
> 
> cannot be a MUST requirement as the network time-out values are not known
> by the endpoints. Therefore it is impossible to fulfill this requirement.
> 
> >
> >> And also for this part it is different for TCP and UDP:
> >>
> >> "Because heartbeat loss is much more likely during volumetric attack, DOTS
> >>      agents SHOULD avoid signal channel termination when mitigation is
> >>      active and heartbeats are not received by either DOTS agent for an
> >>      extended period."
> >>
> >> If TCP would be used and no ACKs are received, TCP would try to
> >> retransmit a few times and some point terminate the connection.
> >> However, UDP is a connection-less protocol, there is nothing to terminate.
> >
> > [Med] The text is about "signal channel termination". The concept of
> > DOTS session is defined here:
> > https://tools.ietf.org/html/draft-ietf-dots-architecture-11#section-3.
> > 1
> 
> Okay I was actually misinterpreting this. However, I actually think this is going
> too much into technical details for a requirements document. But re-reading I
> think the requirement if really needed on this level is okay.
> 
> >
> >>
> >> Also note that for reliable transports, it is sufficient if one
> >> end-hosts sends heartbeats as the other end is required to
> >> acknowledge the reception on the transport layer (and if no ack is
> >> received the connection is terminated on the transport layer).
> >>
> >> So I guess what you want to say above is that if a connection-less
> >> protocol is used, heartbeats should continuously be sent even if no
> >> heartbeats are received from the other end. However, I think you
> >> still need to define a termination criteria, as you for sure don't
> >> want to keep sending heartbeats forever.
> >
> > [Med] Agree. One condition is already cited in the above text: "when
> mitigation is active". A termination criteria would be that the mitigation is not
> active anymore. How termination is achieved is part of the solution space.
> >
> One clarification question: If mitigation is active and you loose the heartbeat, is
> it always the case that the mitigation ends after a well defined time or could
> the mitigation go on „forever"?
> 
> 
> >>
> >> Also the next part:
> >>
> >> "      *  To handle possible DOTS server restart or crash, the DOTS
> >>         clients MAY attempt to establish a new signal channel session,
> >>         but MUST continue to send heartbeats on the current session so
> >>         that the DOTS server knows the session is still alive.  If the
> >>         new session is successfully established, the DOTS client can
> >>         terminate the current session."
> >>
> >> There is nothing like connection re-establishing in UDP, you just
> >> keep sending traffic.
> >
> > [Med] The text is about "signal channel session“.
> 
> Yes, misinterpreted that. That should be okay.
> 
> >
> > While in TCP, as explained above, the connection will be terminated
> >> at
> >> the transport layer and there is no way to keep sending heartbeats on
> >> the "old"
> >> session. Or do have something like DTLS in mind in this case?
> >
> > [Med] Yes.
> >
> >>
> >> 3) In SIG-006 you say:
> >> "      Due to the higher likelihood of packet loss during a DDoS attack,
> >>      DOTS servers MUST regularly send mitigation status to authorized
> >>      DOTS clients which have requested and been granted mitigation,
> >>      regardless of client requests for mitigation status."
> >>
> >> Please note that this is only true if a not-reliable transport is
> >> used. If a reliable transport is used, data is received at the
> >> application level without loss (but maybe some delay) or the
> >> connection is terminated (if loss is too high to retransmit successfully).
> >>
> >
> > [Med] The requirement as worded is OK.
> 
> I disagree, because as I said if a reliable transport is used this is not true.
> Maybe you can adapt this sentence slightly to clarify that you probably had a
> scenario in mind where an unreliable transport is used.
> 
> >
> >>
> >> ---------------------------------------------------------------------
> >> -
> >> COMMENT:
> >> ---------------------------------------------------------------------
> >> -
> >>
> >> One editorial comment on SEC-002:
> >>
> >> "A security mechanism at the network layer (e.g.,
> >>      TLS) is thus adequate to provide hop-by-hop security.  In other
> >>      words, end-to-end security is not required for DOTS protocols."
> >>
> >> TLS is transport layer security (not network layer) and therefore
> >> known as providing end-to-end security while the term hop-by-hop is used
> for e.g.
> >> IPSec.
> >>
> >> I would recommend to change the wording here in order to avoid
> >> confusion, e.g.
> >>
> >> "A security mechanism at the transport layer (e.g.,
> >>      TLS) is thus adequate to provide security between different DOTS
> >> agents.
> >>      In other words, a direct security association between the server and
> >>      client, excluding any proxy, is not required for DOTS protocols."
> >>
> >
> > [Med] I disagree with the last part of the proposed wording. The DOTS
> architecture involves gateways, hence the hop-by-hop security model.
> 
> This is not a technical comment. The technical content is correct. However, as I
> said above, the term hop-by-hop is associated by many people in the
> community with something like IPSec, while application layer gateways are
> rather considered as endpoints. All I'm requesting is to avoid the terms end-to-
> end and hop-by-hop in this context as it might be confusing to others.


SEC-002 is modified in version 18 to add more details to address the following comment from Robert Sparks (Genart review) :
from Paragraph 3 of SEC-002: This paragraph doesn't read as sensibly when you have the pictures of aggregating gateways from the architecture document in mind.
Does it constrain the types of connections that can be aggregated to those that share equivalent security properties? If so, it should be explicit.

Cheers,
-Tiru

> 
> Mirja
> 
> >
> >
> >> And finally one general comment:
> >>
> >> I understand that having wg  consensus for this document is import to
> >> proceed the work of the group, however, I don't see the value in
> >> archiving this document in the IETF RFC series as a stand-alone
> >> document. If the group thinks documenting these requirements for
> >> consumption outside the group's work at a later point in time is
> >> valuable, I would rather recommend to add the respective requirements
> >> to the appendix of the respective protocol specs.
> >>
> >>
> >> _______________________________________________
> >> Dots mailing list
> >> Dots@ietf.org
> >> https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email