Re: [Dots] Role reversal in RFC7252

<> Tue, 12 November 2019 07:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 16FB41200A1 for <>; Mon, 11 Nov 2019 23:59:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id x5t4L9T5sBlj for <>; Mon, 11 Nov 2019 23:59:05 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CE1FB120168 for <>; Mon, 11 Nov 2019 23:58:58 -0800 (PST)
Received: from (unknown [xx.xx.xx.4]) by (ESMTP service) with ESMTP id 47C0W51WyCzFq3v; Tue, 12 Nov 2019 08:58:57 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.95]) by (ESMTP service) with ESMTP id 47C0W50XrmzCql2; Tue, 12 Nov 2019 08:58:57 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM24.corporate.adroot.infra.ftgroup ([fe80::b43f:9973:861e:42af%21]) with mapi id 14.03.0468.000; Tue, 12 Nov 2019 08:58:57 +0100
From: <>
To: Carsten Bormann <>
CC: "" <>
Thread-Topic: Role reversal in RFC7252
Thread-Index: AdWWMCYu7mRjeWKMSre161Y2+4DxBQC9nnY0AAFJ0gA=
Date: Tue, 12 Nov 2019 07:58:55 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330313623BA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B93303135F7FE@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B9330313622C7@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Dots] Role reversal in RFC7252
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 12 Nov 2019 07:59:07 -0000


Please see inline. 


> -----Message d'origine-----
> De : Carsten Bormann []
> Envoyé : mardi 12 novembre 2019 07:59
> Cc :
> Objet : Re: Role reversal in RFC7252
> On Nov 12, 2019, at 07:40, <>
> <> wrote:
> >
> > Hi Carsten,
> >
> > Fully agree if we model an endpoint as both a client and server.
> >
> > The concern I had is when we want to model an endpoint solely as an
> “client" (or as a server).
> The question is why you would want to do this.

[Med] Our initial concerns were: (1) avoid duplicating functionality (CoAP keepalive vs application keepalive) and (2) avoid having dormant code. 

For the second one, I guess this can be controlled by limiting the code to the required functionality. As you can see in, we added this note:  

   DOTS clients and servers behave as CoAP endpoints.  By default, a
   DOTS client (or server) behaves as a CoAP client (or server).
   Nevertheless, a DOTS client (or server) behaves as a CoAP server (or
   client) for specific operations such as DOTS heartbeat operations
   (Section 4.7).  

> The main point about a server is that its transport address (IP address +
> port number) needs to be known to talk to it.  (The client implicitly
> indicates its transport address in a request, and it only needs to be
> stable up to a response — which may include an observe notification later.)

[Med] ... assuming the state in on-path NATs/FWs is maintained.

> So if your clients are hopping around on different addresses, role reversal
> requires the server-now-client to know the current one.  In a keep alive
> situation, I’d expect that to be the case, so there is very little against
> role reversal.

[Med] OK, thanks. 

In order to progress, we updated the spec with a DOTS heartbeat instead of CoAP ping messages. An example of such HB request is shown below:  
     Header: GET (Code=0.01)
     Uri-Path: ".well-known"
     Uri-Path: "dots"
     Uri-Path: "hb" 

FWIW, the required changes to the spec are straightforward:

> (I’m assuming DOTS environments are NAT free.)

[Med] We need to deal with both NATs and FWs. We are covering those details in the spec. These considerations will be valid with or without role reversal (observe notifications, for example).