IETF Logo Mail Archive

Re: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 09 April 2019 08:26 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8439F1207AC; Tue, 9 Apr 2019 01:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OKBQkudRXixy; Tue, 9 Apr 2019 01:26:45 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3606C120794; Tue, 9 Apr 2019 01:26:44 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1554798102; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=W /8skqqK0S+qFvKOg4mEi5wyGm2+MQRJK/prAe6V9q I=; b=ihZbFXXyWRYnhAiyuiPbmKFTNzb9pj1BgDqtRICKCw6t SMZdJQZ/hpmq9TentqLS2ThHV0mN9ZQD9BXSIVyjBgruKFfhg2 68CZl262pCu2ElYka/SCwUlbQE4J+9y7qOb5Oc5E0BJlXMRHop Hlr2l+RLiQnbA4nGUxRju6hPC6o=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 6273_4d03_70552d2f_2765_4fad_9d21_b05070050ac7; Tue, 09 Apr 2019 02:21:40 -0600
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 9 Apr 2019 02:26:13 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Tue, 9 Apr 2019 02:26:13 -0600
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 9 Apr 2019 02:26:11 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2645.namprd16.prod.outlook.com (20.177.228.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.15; Tue, 9 Apr 2019 08:26:10 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62%4]) with mapi id 15.20.1771.014; Tue, 9 Apr 2019 08:26:10 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
CC: "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-dots-signal-channel.all@ietf.org" <draft-ietf-dots-signal-channel.all@ietf.org>, "dots@ietf.org" <dots@ietf.org>, "tsv-art@ietf.org" <tsv-art@ietf.org>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Yoshifumi Nishida <nishida@wide.ad.jp>
Thread-Topic: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31
Thread-Index: AQHU6eeRbgxgi7muZUeZRYmL0MXooqYsNbsAgADTwkCABNJCAIAABDqQgAGO6ACAABe3UA==
Date: Tue, 09 Apr 2019 08:26:10 +0000
Message-ID: <BYAPR16MB279047FCA67C53A25FCE048EEA2D0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155402239346.12345.7871170827596594079@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA5053A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO249yf92bfdZCyfcQaHMt41SKO6CAQXOYEW2H++ZYQoXqKvpQ@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93302EA51A15@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO249yeRK7RJ59jcmpXkwFX5_RniwGoBCcno3tNsCcFCJiRhsA@mail.gmail.com> <BYAPR16MB27904373EA2F32A9805B239AEA510@BYAPR16MB2790.namprd16.prod.outlook.com> <CAO249yfhgvv3L9GxBQfYs-boeBecG+GhQSx90igDAuhA866WhA@mail.gmail.com> <BYAPR16MB2790E24D2D28A0C2AA981C0CEA2C0@BYAPR16MB2790.namprd16.prod.outlook.com> <CAO249ye9hD8eGRjsujsFtY=UXy29BYzHn-HeaOqgrPLNwU8dkA@mail.gmail.com>
In-Reply-To: <CAO249ye9hD8eGRjsujsFtY=UXy29BYzHn-HeaOqgrPLNwU8dkA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9f5cae7d-1414-4b70-a481-08d6bcc5055a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR16MB2645;
x-ms-traffictypediagnostic: BYAPR16MB2645:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BYAPR16MB2645F25038197B8206C99625EA2D0@BYAPR16MB2645.namprd16.prod.outlook.com>
x-forefront-prvs: 000227DA0C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(376002)(396003)(346002)(366004)(32952001)(51914003)(199004)(189003)(26005)(9686003)(4326008)(105586002)(7736002)(52536014)(106356001)(54906003)(68736007)(66066001)(476003)(71200400001)(3846002)(790700001)(6116002)(5660300002)(8676002)(25786009)(71190400001)(93886005)(6506007)(316002)(256004)(81166006)(72206003)(14454004)(53546011)(86362001)(74316002)(76176011)(5024004)(14444005)(81156014)(478600001)(54896002)(53936002)(80792005)(102836004)(99286004)(236005)(7696005)(6306002)(2906002)(33656002)(55016002)(6916009)(186003)(6246003)(11346002)(229853002)(446003)(97736004)(6436002)(8936002)(486006)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2645; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 9uFt4LzCtQrhzypAuqPbf8NGTwUgrQbvFUWh3SqoeNA5YBuAESqUJeHm44CTavHMe8/uM0fUI7fAP7oLAC33yoE7lHdmCOI2h9ZtM1ezXDMcKxj9niRAQrJy0DWWO5i/0IyTA7CQxWA0pcxgsb7ONyoeoE2Gromi0VeHriHKjzxK99APnNtE6I6sX3u/ZpROz99M76Je/6GpKa60QZZIiYljqPulKrUJ48f1iLQRAeWhb/dxxbm7U11axxvs8qnLEiHXjVZpW2x3TZpZ/Wt+iTRKZ5mARl8gxsKluMF+k8Ked/9Dw5q394QMpO94Ub8dav3263jvmyc9Gf6QrtU2BxV4L95/G2hPoiLLzTjdTxgEkbz67t7scPhSbzqJyzTRhCAgs745Kklp4nezcUOE4/iOhCp+iaPvCvsB3mqeNnw=
Content-Type: multipart/alternative; boundary="_000_BYAPR16MB279047FCA67C53A25FCE048EEA2D0BYAPR16MB2790namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 9f5cae7d-1414-4b70-a481-08d6bcc5055a
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2019 08:26:10.1838 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2645
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6520> : inlines <7050> : streams <1818142> : uri <2828800>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/m5mzxTaNdbjCqwI1-b2T7K2wlac>
Subject: Re: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2019 08:26:50 -0000

Please see inline [TR3]

From: Dots <dots-bounces@ietf.org> On Behalf Of Yoshifumi Nishida
Sent: Tuesday, April 9, 2019 12:26 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
Cc: ietf@ietf.org; Yoshifumi Nishida <nishida@sfc.wide.ad.jp>; draft-ietf-dots-signal-channel.all@ietf.org; dots@ietf.org; tsv-art@ietf.org; mohamed.boucadair@orange.com; Yoshifumi Nishida <nishida@wide.ad.jp>
Subject: Re: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi Tiru,

I put my comments in lines.

On Mon, Apr 8, 2019 at 1:40 AM Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@mcafee.com<mailto:TirumaleswarReddy_Konda@mcafee.com>> wrote:
Hi Yoshi,

Please see inline [TR2]

From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp<mailto:nishida@sfc.wide.ad.jp>>
Sent: Monday, April 8, 2019 12:24 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>>
Cc: Yoshifumi Nishida <nishida@sfc.wide.ad.jp<mailto:nishida@sfc.wide.ad.jp>>; mohamed.boucadair@orange.com<mailto:mohamed..boucadair@orange.com>; ietf@ietf.org<mailto:ietf@ietf.org>; draft-ietf-dots-signal-channel.all@ietf.org<mailto:draft-ietf-dots-signal-channel.all@ietf.org>; dots@ietf.org<mailto:dots@ietf.org>; tsv-art@ietf.org<mailto:tsv-art@ietf..org>; Yoshifumi Nishida <nishida@wide.ad.jp<mailto:nishida@wide.ad.jp>>
Subject: Re: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi Tiru,

On Thu, Apr 4, 2019 at 10:46 PM Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@mcafee.com<mailto:TirumaleswarReddy_Konda@mcafee.com>> wrote:
Hmm. let's say the results of the happy eyeballs was TCP over IPv4 (just like the figure 4) and the client cache the info.
After certain period of time, the client will do happy eyeball again because other better connections might be available . But, in this case, how the cached info will be used?

[TR] The cache expires after a specific time period. If the cache has not expired, the client uses the information from the cache. If cache has expired, the client performs happy eyeball again.

It seems that an implementation that doesn't cache the info at all and does happy eyeballs at every 10 hours won't be allowed in this draft.

[TR] No, but if the subsequent attempt is within few seconds after the first attempt of happy eyeball, it would trash the network. The endpoint may have to re-establish the (D)TLS session within few seconds for several reasons (e.g. TLS session got terminated, DOTS server rebooted NAT rebooted etc.).

Thanks for the explanation. The logic makes sense to me.
I think it would be good to articulate this a bit more in the draft.
For example, the figure 4 example explains the probing period, but doesn't mention about the cache period.

[TR2]
Sure, we can update the text as follows:

Note that the DOTS client after successfully establishing a connection MUST cache information regarding the outcome of each
connection attempt and the cached information should be flushed when its age exceeds a system-defined maximum on the order of few minutes (e.g. 2 minutes).
If the DOTS client has to re-establish the connection with the DOTS server within few seconds after the Happy Eyeballs mechanism is complete,
  caching avoids trashing the network in the presence of DDoS attack traffic.

Thanks for the updates. But, one thing.. The text suggests cache period would be the order of few minutes.
But, this value seems to be much smaller compared to "probing SHOULD NOT be done more than every 24 hours".

[TR3] The probing is for a scenario where the client is using TLS (over TCP) for the signal channel and probes to check if DTLS (over UDP) becomes available. If the probing finds DTLS over UDP is available, the client disconnects the TLS over TCP and re-connects to the server using DTLS over UDP transport.

-Tiru

--
Yoshi

v2.23.0 | Report a Bug | By Email