Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)

<mohamed.boucadair@orange.com> Thu, 02 May 2019 07:18 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB3FB1202FC; Thu, 2 May 2019 00:18:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OGaHyJAsab1v; Thu, 2 May 2019 00:18:37 -0700 (PDT)
Received: from orange.com (mta239.mail.business.static.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E9B91202F9; Thu, 2 May 2019 00:18:37 -0700 (PDT)
Received: from opfedar00.francetelecom.fr (unknown [xx.xx.xx.11]) by opfedar22.francetelecom.fr (ESMTP service) with ESMTP id 44vmp32nJfz2xQN; Thu, 2 May 2019 09:18:35 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.32]) by opfedar00.francetelecom.fr (ESMTP service) with ESMTP id 44vmp31QNJzCqk7; Thu, 2 May 2019 09:18:35 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM7C.corporate.adroot.infra.ftgroup ([fe80::2c53:f99a:e2a9:19c6%21]) with mapi id 14.03.0439.000; Thu, 2 May 2019 09:18:35 +0200
From: <mohamed.boucadair@orange.com>
To: Alissa Cooper <alissa@cooperw.in>, The IESG <iesg@ietf.org>
CC: "draft-ietf-dots-signal-channel@ietf.org" <draft-ietf-dots-signal-channel@ietf.org>, Liang Xia <frank.xialiang@huawei.com>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
Thread-Index: AQHVAIokqS7ZlrtkW0uINrDPnjKWIqZXZ00Q
Date: Thu, 2 May 2019 07:18:34 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA68A8D@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <155676213548.2612.17892772935784304109.idtracker@ietfa.amsl.com>
In-Reply-To: <155676213548.2612.17892772935784304109.idtracker@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/hLF_IV9t2vMN3Wnv0kUsAhipheY>
Subject: Re: [Dots] Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with DISCUSS and COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 07:18:40 -0000

Hi Alissa, 

Please see inline.

Cheers,
Med

> -----Message d'origine-----
> De : Alissa Cooper via Datatracker [mailto:noreply@ietf.org]
> Envoyé : jeudi 2 mai 2019 03:56
> À : The IESG
> Cc : draft-ietf-dots-signal-channel@ietf.org; Liang Xia; dots-
> chairs@ietf.org; frank.xialiang@huawei.com; dots@ietf.org
> Objet : Alissa Cooper's Discuss on draft-ietf-dots-signal-channel-31: (with
> DISCUSS and COMMENT)
> 
> Alissa Cooper has entered the following ballot position for
> draft-ietf-dots-signal-channel-31: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-dots-signal-channel/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> = Section 3 =
> 
> "By default, a DOTS signal channel MUST run over port number TBD as
>    defined in Section 9.1, for both UDP and TCP, unless the DOTS server
>    has a mutual agreement with its DOTS clients to use a different port
>    number.  DOTS clients MAY alternatively support means to dynamically
>    discover the ports used by their DOTS servers (e.g.,
>    [I-D.boucadair-dots-server-discovery])."
> 
> MUST implies an absolute requirement, so "MUST ... unless" is a problematic
> construction.

[Med] It seems that you missed "By default, ". 


 Furthermore, it doesn't make sense together with "MAY
> alternatively," which indicates that port number discovery is an alternative
> to
> the fixed to-be-assigned port.
> 
> I didn't have time to get very far into draft-boucadair-dots-server-
> discovery,

[Med] I updated that reference to I-D.ietf-dots-server-discovery. 

> but it appears that it does not mandate support for any single discovery
> mechanism for clients and servers to support. If so, that "alternatively"
> seems
> like more of a problem, since it allows for there to be no interoperable
> mechanism for clients to discover server ports. I think maybe what was
> intended
> here was:
> 
> s/MUST/SHOULD/
> s/MAY alternatively/MAY additionally/

[Med] I implemented the second change. 

> 
> = Section 4.4.1 =
> 
> (1)
> "In deployments where server-domain DOTS gateways are enabled,
>    identity information about the origin source client domain SHOULD be
>    propagated to the DOTS server.  That information is meant to assist
>    the DOTS server to enforce some policies such as grouping DOTS
>    clients that belong to the same DOTS domain, limiting the number of
>    DOTS requests, and identifying the mitigation scope.  These policies
>    can be enforced per-client, per-client domain, or both.  Also, the
>    identity information may be used for auditing and debugging purposes."
> 
> Does "identity information" just refer to cdid, or something else?

[Med] It refers to the information conveyed in cdid. 

> 
> (2) The constructions "MUST ... (absent explicit policy/configuration
> otherwise)" are problematic. I'm assuming these are meant to be SHOULDs.
> 

[Med] I checked this wording with Ben.  

> = Section 13.1 =
> 
> I don't understand why RFC 7951 is a normative reference but
> draft-ietf-core-yang-cbor is an informative reference.

[Med] We used to have both as informative references, but unless I'm mistaken 7951 was moved to normative so that at least one method is supported.

> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> = Section 4.4.1 =
> 
> "The 'cuid' is intended to be stable when communicating with a
>       given DOTS server, i.e., the 'cuid' used by a DOTS client SHOULD
>       NOT change over time. "
> 
> Why is this the recommended behavior?
> 

[Med] because all resources/state of a DOTS client are bound to this identifier.