Re: [Dots] [Last-Call] Genart last call review of draft-ietf-dots-telemetry-19
Lars Eggert <lars@eggert.org> Thu, 03 February 2022 10:01 UTC
Return-Path: <lars@eggert.org>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DDA73A0CFB; Thu, 3 Feb 2022 02:01:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eggert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CytIcZUilP17; Thu, 3 Feb 2022 02:01:02 -0800 (PST)
Received: from mail.eggert.org (mail.eggert.org [91.190.195.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BC043A0CF8; Thu, 3 Feb 2022 02:01:01 -0800 (PST)
Received: from smtpclient.apple (unknown [IPv6:2a00:ac00:4000:400:3483:e6e7:fbe7:7efc]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.eggert.org (Postfix) with ESMTPSA id 714781D42D1; Thu, 3 Feb 2022 12:00:41 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=eggert.org; s=dkim; t=1643882441; bh=oE92m+CG4kHmoIFJPkthE3kB8jNtul0iOmva7Wo1Urg=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=maCNYpfkTkA4ZeBImlNJT0aXKBCPK9c1BnSmWJSBqYF8zQZ9dsgz6nEhCV/30y8M0 u4plLyKyg0L62ojus4o0PVyi8Fv1psDWI3tg/IWBvmUDrTsWZYgLZtaUBgY9ZcuXAU ocngnQu5aXzhLh10OfGjoFNsp3wZdI4UQYvz3UOY=
Content-Type: multipart/signed; boundary="Apple-Mail=_7CCDBF87-786F-4C8F-93B7-0CE0CEF5E163"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
From: Lars Eggert <lars@eggert.org>
In-Reply-To: <164280608786.26256.18141980913416166060@ietfa.amsl.com>
Date: Thu, 03 Feb 2022 12:00:40 +0200
Cc: gen-art@ietf.org, last-call@ietf.org, draft-ietf-dots-telemetry.all@ietf.org, dots@ietf.org
Message-Id: <1E30A831-FFB5-4344-AB30-A6A042EF2A80@eggert.org>
References: <164280608786.26256.18141980913416166060@ietfa.amsl.com>
To: Robert Sparks <rjsparks@nostrum.com>
X-MailScanner-ID: 714781D42D1.A273E
X-MailScanner: Found to be clean
X-MailScanner-From: lars@eggert.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/hPwlNnFIpVbQtd7FFzgIpiKe-CA>
Subject: Re: [Dots] [Last-Call] Genart last call review of draft-ietf-dots-telemetry-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Feb 2022 10:01:07 -0000
Robert, thank you for your review and thank you all for the following discussion. I have entered a Discuss ballot for this document based on my own review. Lars On 2022-1-22, at 1:01, Robert Sparks via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Robert Sparks > Review result: Ready with Issues > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-dots-telemetry-19 > Reviewer: Robert Sparks > Review Date: 2022-01-21 > IETF LC End Date: 2022-01-24 > IESG Telechat date: Not scheduled for a telechat > > Summary: Ready for publication as a Proposed Standard RFC, but with issues and > nits to consider before publication > > Issues: > ------- > > This document relies heavily on the requirements in the DOTS signal and data > channel specifications (RFC9132 and RFC8783) saying authenticated encryption > MUST be used. Explicitly calling that out in this document's security section > would be worthwhile. > > I am not a YANG Doctor. This document seems to make a reasonable but unusual > use of YANG. I would really like to see YANG Doctor review of -19. I wonder if > it would be possible to factor some of the more generic enums out into > something that could be reused elsewhere. Why do you stop at discouraging > rather than forbidding server deviations? The point of a specification like > this is interoperability. > > I'm a little uncomfortable with the passively stated requirement to use > ietf-dots-rehoming (at "clients are assumed to follow") while that document is > an Informative reference. > > In 6.1.2, I'm confused by the requirement that "'tsid' values MUST increase > monotonically when a new PUT is generated" combined with "If the dot server > finds the 'tsid' parameter value conveyed in the PUT request in its > configuration data and (it) has accepted the updated configuration parameters, > a 2.04 (Changed) MUST be returned". What am I missing that would allow a PUT > with a tsid that's already in the server's configuration data? Is there perhaps > leftover tension here from earlier designs that were changed? > > At the end of 7.1, there is a MUST NOT level requirement against repeating > attack-descriptions that have been previously sent to a peer. Is it always the > case that when these descriptions are sent, the message they are contained in > is acknowledged? If not, consider adding discussion of how/whether a peer can > ask for a description when it gets an attack-id it doesn't have a description > for. > > In 7.2, you require a freshly rebooted client to send a GET request to retrieve > active 'tmid' values. Why? Why not let it just send a DELETE with no 'tmid' > right away if that's what it would do after receiving the response to the GET > anyhow? > > In 7.3 at "The PUT request MUST be maintained in an active state", you mean the > configuration that the PUT established must be kept. The PUT request itself has > no state beyond its response. Consider saying something like "The > pre-or-ongoing mitigation requests MUST be considered active" instead. > > In the yang module, there's a reference at page 79 that points to "Section > 4.4.2 of RFC UUUU." This is the only occurrence of UUUU in the document, and if > it's meant to be replaced with 'this RFC', this document has no section 4.4.2. > > Nits: > --------------- > > Last paragraph of introduction at "Nevertheless, when..". That sentence is > particularly hard to parse, please simplify it. > > Curious that you called out TCP port 80 in the discussion in 3.3. Why not 443? > > At 4.1, where you say "that truly require reliable delivery", I think you mean > something more like "that are important to deliver". Nothing here is trying to > guarantee reliable delivery and the statement misleads the reader to look for > reliable delivery mechanisms. > > In 4.5 at "The reason for not including these keys...". That sentence does not > parse. Please simplify. > > In 4.6, the second paragraph is about validating messages, not examples. It's > not clear the paragraph is useful as a roadmap through the document. Consider > deleting it. > > The outline structure of section 4 is odd. There are several Considerations > subsections including "Generic Considerations" (which is jarring), and several > subsections that are not considerations sections. Having them under a section > titled "Design Overview" doesn't help pull them together. Perhaps a mild > restructure/reorder would bring more clarity? > > At 6.1, consider replacing "(with suitable default)." with ". Default values > are defined later in this section." > > In 6.1 you claim clients can negotiate configuration parameters with server. I > don't find a negotiation protocol specified here. I think you mean clients can > configure parameters at a servers, and servers can configure parameters at a > client. There's not really a mechanism for a peer to say "no, I don't the > percentile config you're trying to set and I won't do that". > > The introduction of "a third-party DOTS server" in the narrative after Figure > 13 is surprising. For the paragraph to make sense, the messages in the > discussion before Figure 13 would also have to have gone to that third-part > DOTS server. Consider calling out that the DOTS server may not be hosted at any > of the ISPs at the beginning of 6.2.1 instead. > > In 6.2.1 where you require servers to reject PUT requests with 0 capacity for > all included links, consider saying "Use DELETE instead." Maybe say _why_ you > require that PUT to be rejected. > > In the sentence after Figure 19 (at least in the text version), you mean to > point to Figure 20. > > At 7.1 "DOTS telemetry attributes are optionally signaled and therefore MUST > NOT be treated as mandatory fields in the DOTS signal channel protocol" is an > odd thing to call out this way. I think this was mentioned in the earlier yang > doctors review as well. Why is it here? > > In 7.1.1 consider replacing "the same attributes" with simply "the attributes". > > In 7.1.6, please replace "reiterates" with "repeats". > > In 7.1.6, please replace the phrase "Concretely, " with "A". > > > > -- > last-call mailing list > last-call@ietf.org > https://www.ietf.org/mailman/listinfo/last-call
- [Dots] Genart last call review of draft-ietf-dots… Robert Sparks via Datatracker
- Re: [Dots] Genart last call review of draft-ietf-… mohamed.boucadair
- Re: [Dots] Genart last call review of draft-ietf-… Benjamin Kaduk
- Re: [Dots] Genart last call review of draft-ietf-… mohamed.boucadair
- Re: [Dots] [Last-Call] Genart last call review of… Lars Eggert