IETF Logo Mail Archive

Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 07 November 2019 09:31 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26CA81200C1 for <dots@ietfa.amsl.com>; Thu, 7 Nov 2019 01:31:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 519K7wdjBEWq for <dots@ietfa.amsl.com>; Thu, 7 Nov 2019 01:31:53 -0800 (PST)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [216.205.24.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C7A01200A3 for <dots@ietf.org>; Thu, 7 Nov 2019 01:31:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1573119111; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fCq61hdkmb1w9jaPneV/faH7QDg+/Tr6irLNUC+y24g=; b=K3WKXzrFulh3JjDIvGQ6JVdSFU/7jk7j9Xf+ujpcruL4VpAqDmndyuWt9jDObRNYWSsoNC +ZTG6igFtJ4ZmKvFsARPsGY4T3nbWjpipAi4dG/FvfcQeiyDBQoy/mJw5u8nVFwAfcGB+V LUqaRLtzZVE65VyEDeFdcMIAvITUEXw=
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-bn3nam04lp2053.outbound.protection.outlook.com [104.47.46.53]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-367-4EW3PdIWPxecFj_5idAv6g-1; Thu, 07 Nov 2019 04:31:49 -0500
Received: from MWHPR16MB1693.namprd16.prod.outlook.com (10.172.59.151) by MWHPR16MB1471.namprd16.prod.outlook.com (10.175.4.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Thu, 7 Nov 2019 09:31:47 +0000
Received: from MWHPR16MB1693.namprd16.prod.outlook.com ([fe80::a8c3:180f:e08c:c557]) by MWHPR16MB1693.namprd16.prod.outlook.com ([fe80::a8c3:180f:e08c:c557%5]) with mapi id 15.20.2430.020; Thu, 7 Nov 2019 09:31:47 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Jon Shallow <supjps-ietf@jpshallow.com>, 'Valery Smyslov' <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>
Thread-Topic: [Dots] WGLC on draft-ietf-dots-server-discovery-05
Thread-Index: AdWJdJriVah9Pj1IRlOgUXigYgrLiQLPhj4AAAHYqgAAARUqAAAeQl6AAAQnISAAATMJAAAASiCQ
Date: Thu, 07 Nov 2019 09:31:47 +0000
Message-ID: <MWHPR16MB1693DE80704C2DB8650ADC03EA780@MWHPR16MB1693.namprd16.prod.outlook.com>
References: <011d01d58974$b70298b0$2507ca10$@smyslov.net> <1bb901d594b2$b4502b20$1cf08160$@jpshallow.com> <787AE7BB302AE849A7480A190F8B933031350F27@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <1bf401d594be$6b379700$41a6c500$@jpshallow.com> <787AE7BB302AE849A7480A190F8B933031358608@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <MWHPR16MB1693C04755D042E6D452FF0EEA780@MWHPR16MB1693.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93303135B723@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93303135B723@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.4.0.45
dlp-reaction: no-action
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4d1f8af1-b21a-4714-e52d-08d763654fa0
x-ms-traffictypediagnostic: MWHPR16MB1471:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <MWHPR16MB14712A9D6A2DA5DDA0FC6073EA780@MWHPR16MB1471.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0214EB3F68
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(346002)(136003)(39850400004)(396003)(13464003)(53754006)(189003)(32952001)(199004)(316002)(66556008)(5660300002)(66946007)(64756008)(66446008)(110136005)(66476007)(76116006)(305945005)(81166006)(81156014)(74316002)(8936002)(6116002)(3846002)(7736002)(8676002)(33656002)(99286004)(2906002)(25786009)(476003)(6436002)(486006)(55016002)(446003)(11346002)(66066001)(9686003)(229853002)(6306002)(2501003)(6506007)(966005)(71190400001)(71200400001)(6246003)(80792005)(256004)(5024004)(14444005)(76176011)(7696005)(478600001)(52536014)(86362001)(2201001)(102836004)(186003)(26005)(14454004)(53546011)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR16MB1471; H:MWHPR16MB1693.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: j5h3y0wIHzms1NOkWBNAdYMLYDIAvphjgMuISZupncyiYKeTygUhi5SP6YB4OK/B8VfCFBAc8oDz+SV7Wm75HkeKUZBtjYxHDe7q2r+94DjBUVds5L8p7LoE37Y/olgZP7kZILg+s1Xpeo3K3r44X0HxvZ7l19EFCWVkZH8CeMzVGAGdpz+61LKCf/v15J5iHZ2iykNZyRj1b+stFJGfy+DDFcg9O9rExi9NtAUXXmM7s9q9/mworCe6A8A1Y4epJn063fwIyvuLWeupHnOGu2e1/948sJuckpd7bVsSjEz9vAKDGEWxV2FDiuY/JW91D0wYDVLy5OHO10aXpja8kzTfrH1TMVn8JApnpXG9wItqrICTgx49M87cFXgpFnuhH2oPuQfNizYc1457Tidvi0k4OOajjj+Qyo4WvCcat8eUM9sKhB5aml2FUSo37gyxLGMwnhhCha0V2yfGcewQ/XSeyiHxQgd5s7/DaWtImqk=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: mcafee.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d1f8af1-b21a-4714-e52d-08d763654fa0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2019 09:31:47.2936 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tCB5mKsvZJB9McKejgqXCY0ONkhaaEn24U1+phBpOpU39Wh/y+sb2fTrIpY25qj8h30MhjMLsJBnq+PE3vVBt9ML8/j3d7aLrbFZahctWfaFmZLmpv8yDnrRgBBt3row
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR16MB1471
X-MC-Unique: 4EW3PdIWPxecFj_5idAv6g-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/fuAFwb0xqUo1kZTSD9MYW7GhPDg>
Subject: Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2019 09:31:55 -0000

> -----Original Message-----
> From: mohamed.boucadair@orange.com
> <mohamed.boucadair@orange.com>
> Sent: Thursday, November 7, 2019 2:52 PM
> To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>; Jon Shallow <supjps-
> ietf@jpshallow.com>; 'Valery Smyslov' <valery@smyslov.net>; dots@ietf.org;
> dots-chairs@ietf.org
> Subject: RE: [Dots] WGLC on draft-ietf-dots-server-discovery-05
> 
> CAUTION: External email. Do not click links or open attachments unless you
> recognize the sender and know the content is safe.
> 
> Hi Tiru,
> 
> I'm not sure this reference is needed. We do already cite 6125 to mention
> that CAs already issue certificates based on IP addresses.

https://tools.ietf.org/html/rfc6125#section-1.7.2 says certificates based on IP addresses is out of scope.

Cheers,
-Tiru

> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Konda, Tirumaleswar Reddy
> > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > Envoyé : jeudi 7 novembre 2019 09:56
> > À : BOUCADAIR Mohamed TGI/OLN; Jon Shallow; 'Valery Smyslov';
> > dots@ietf.org; dots-chairs@ietf.org Objet : RE: [Dots] WGLC on
> > draft-ietf-dots-server-discovery-05
> >
> >    If the DHCP client receives OPTION_V6_DOTS_ADDRESS only, the
> >    address(es) included in OPTION_V6_DOTS_ADDRESS are used to reach
> the
> >    peer DOTS agent.  In addition, these addresses can be used as
> >    identifiers for authentication.
> >
> > We may want to add the following line to support the above lines:
> > [I-D.ietf-acme-ip] describes a new protocol that allows CA to issue
> > certificates for IP addresses.
> >
> > Cheers,
> > -Tiru
> >
> > > -----Original Message-----
> > > From: Dots <dots-bounces@ietf.org> On Behalf Of
> > > mohamed.boucadair@orange.com
> > > Sent: Thursday, November 7, 2019 12:19 PM
> > > To: Jon Shallow <supjps-ietf@jpshallow.com>; 'Valery Smyslov'
> > > <valery@smyslov.net>; dots@ietf.org; dots-chairs@ietf.org
> > > Subject: Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05
> > >
> > > CAUTION: External email. Do not click links or open attachments
> > > unless
> > you
> > > recognize the sender and know the content is safe.
> > >
> > > Hi Jon,
> > >
> > > OK, thanks.
> > >
> > > In order to further make things clear, I suggest to add this NEW
> > > text in
> > the
> > > introduction of Section 5:
> > >
> > >    The list of the IP addresses returned by DHCP servers is typically
> > >    used to fed the DOTS server selection procedure detailed in
> > >    Section 4.3 of [I-D.ietf-dots-signal-channel] or to provide DOTS
> > >    agents with primary and backup IP addresses of their peer DOTS
> > >    agents.
> > >
> > > Would that be OK?
> > >
> > > I'm not sure the text need to hint any priority order set by the
> > > server
> > (backup
> > > case), though. The reason is that list will be ordered by the client
> > following HE.
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com]
> > > > Envoyé : mercredi 6 novembre 2019 17:23 À : BOUCADAIR Mohamed
> > > TGI/OLN;
> > > > 'Valery Smyslov'; dots@ietf.org; dots- chairs@ietf.org Objet : RE:
> > > > [Dots] WGLC on draft-ietf-dots-server-discovery-05
> > > >
> > > > Hi Med,
> > > >
> > > > Sorry - not thinking straight - yes, you are correct in that a
> > > > single OPTION_Vx_DOTS_ADDRESS can contain multiple IP addresses -
> > > > must have glazed over the specific definition before hitting the
> > > > "it MUST only use the first instance" in the next section (Client
> Behavior).
> > > >
> > > > Regards
> > > >
> > > > Jon
> > > >
> > > > > -----Original Message-----
> > > > > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of
> > > > mohamed.boucadair@orange.com
> > > > > Sent: 06 November 2019 15:52
> > > > > To: Jon Shallow; 'Valery Smyslov'; dots@ietf.org;
> > > > > dots-chairs@ietf.org
> > > > > Subject: Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05
> > > > >
> > > > > Hi Jon,
> > > > >
> > > > > Thank you for the comments.
> > > > >
> > > > > Please see inline.
> > > > >
> > > > > Cheers,
> > > > > Med
> > > > >
> > > > > > -----Message d'origine-----
> > > > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de Jon
> > > > > > Shallow Envoyé : mercredi 6 novembre 2019 15:59 À : 'Valery
> > > > > > Smyslov'; dots@ietf.org; dots-chairs@ietf.org Objet : Re:
> > > > > > [Dots] WGLC on
> > > > > > draft-ietf-dots-server-discovery-05
> > > > > >
> > > > > > Hi All,
> > > > > >
> > > > > > I have read through draft-ietf-dots-server-discovery-05 and
> > > > > > think that
> > > > it
> > > > > > is
> > > > > > a good document.
> > > > > >
> > > > > > However, in particular with DHCPv(4|6), it is only possible to
> > > > > > use the first OPTION_Vx_DOTS_ADDRESS (5.1.3, 5.2.3).
> > > > >
> > > > > [Med] Yes
> > > > >
> > > > >   If the server at the first address
> > > > > > is down / unavailable for whatever reason, it is not possible
> > > > > > to define
> > > > a
> > > > > > backup IP address as a secondary entry.  Is it the intention
> > > > > > to not
> > > > allow
> > > > > > backup IP addresses?
> > > > >
> > > > > [Med] Hmm, that is possible given that an instance is designed
> > > > > to carry a
> > > > list
> > > > > of IP addresses.
> > > > >
> > > > >    If the DHCP client receives OPTION_V6_DOTS_ADDRESS only, the
> > > > >    address(es) included in OPTION_V6_DOTS_ADDRESS are used to
> > > > > reach
> > > the
> > > > >    ^^^^^^^^^^
> > > > >    peer DOTS agent.  In addition, these addresses can be used as
> > > > >    identifiers for authentication.
> > > > >
> > > > > >
> > > > > > With DNS, I know that A/AAAA records can be presented
> > > > > > round-robin
> > > > > which
> > > > > > gives the possibility of backup IP addresses, but am not sure
> > > > > > whether
> > > > this
> > > > > > holds true for implementations for other Resource Records.  If
> > > > > > backup addresses are to be allowed, the draft is unclear
> > > > > > whether only the
> > > > first
> > > > > > A/AAAA RR is allowed, or each can be tested until the first
> > > > > > non-failure
> > > > is
> > > > > > found, or whether happy-eyeballs it to be invoked against all
> > > > > > of the IP addresses and then the final IP preferentially
> > > > > > chosen according to the
> > > > RR
> > > > > > returned order.
> > > > >
> > > > > [Med] Considerations related to address selection (including HE)
> > > > > are not detailed here on purpose because this is not part of discovery.
> > > > >
> > > > > >
> > > > > > Regards
> > > > > >
> > > > > > Jon
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Dots [mailto:ietf-supjps-dots-bounces@ietf.org] On
> > > > > > > Behalf Of
> > > > > Valery
> > > > > > > Smyslov
> > > > > > > Sent: 23 October 2019 08:37
> > > > > > > To: dots@ietf.org
> > > > > > > Cc: dots-chairs@ietf.org
> > > > > > > Subject: [Dots] WGLC on draft-ietf-dots-server-discovery-05
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > this message starts a Work Group Last Call (WGLC) for
> > > > > > draft-ietf-dots-server-
> > > > > > > discovery-05.
> > > > > > > The version to be reviewed is here:
> > > > > > https://www.ietf.org/id/draft-ietf-dots-
> > > > > > > server-discovery-05.txt
> > > > > > >
> > > > > > > The WGLC will last for two weeks and will end on November
> > > > > > > the
> > 7th.
> > > > > > > Please send your comments to the list before this date.
> > > > > > >
> > > > > > > Regards,
> > > > > > > Frank & Valery.
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Dots mailing list
> > > > > > > Dots@ietf.org
> > > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > > >
> > > > > > _______________________________________________
> > > > > > Dots mailing list
> > > > > > Dots@ietf.org
> > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > >
> > > > > _______________________________________________
> > > > > Dots mailing list
> > > > > Dots@ietf.org
> > > > > https://www.ietf.org/mailman/listinfo/dots
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email