[Dots] clarification questions from the hackathon

kaname nishizuka <kaname@nttv6.jp> Thu, 28 March 2019 10:37 UTC

Return-Path: <kaname@nttv6.jp>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7C34812024B for <dots@ietfa.amsl.com>; Thu, 28 Mar 2019 03:37:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nttv6.jp
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id mR-K_WjqBFeI for <dots@ietfa.amsl.com>; Thu, 28 Mar 2019 03:37:48 -0700 (PDT)
Received: from guri.nttv6.jp (guri.nttv6.jp []) by ietfa.amsl.com (Postfix) with ESMTP id CBFB41200A4 for <dots@ietf.org>; Thu, 28 Mar 2019 03:37:47 -0700 (PDT)
Received: from z.nttv6.jp (z.nttv6.jp [IPv6:2402:c800:ff06:6::f]) by guri.nttv6.jp (NTTv6MTA) with ESMTP id 319CF25F6A1 for <dots@ietf.org>; Thu, 28 Mar 2019 19:37:46 +0900 (JST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nttv6.jp; s=20180820; t=1553769466; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=UdH3k8kEnlp81/0eRes5oHvC4plSEHZ0i0WC/dC+4Ik=; b=IwiCaxizYGLdKBsSMXMCgrwMOJIbzbSgydEU8f3jyE38X4w+Bkv2zkq3sGuIMC2SxxZYqk AwNneVVnOInd4TFNzWFLvWYV0/iyVs99X4ygLNRbCxLCKuRe55nOBZ6lU0LNXgi+lHjfxV 68x2WGoe1XwdtT5Pnan5Nl4CSVB4Gp8=
Received: from dhcp-8181.meeting.ietf.org (fujiko.nttv6.jp [IPv6:2402:c800:ff06:136::141]) by z.nttv6.jp (NTTv6MTA) with ESMTP id 5F99F759079 for <dots@ietf.org>; Thu, 28 Mar 2019 19:37:45 +0900 (JST)
To: dots@ietf.org
From: kaname nishizuka <kaname@nttv6.jp>
Message-ID: <946bcc8c-2e3e-3b09-b8d1-631475ea0ea0@nttv6.jp>
Date: Thu, 28 Mar 2019 19:37:44 +0900
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Authentication-Results: guri.nttv6.jp; spf=pass smtp.mailfrom=kaname@nttv6.jp
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/pdiC4xsbQiaazm14hvdTLefcUeY>
Subject: [Dots] clarification questions from the hackathon
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 10:37:51 -0000


I'd like to continue discussion of these topics in the ML.

#1: Questions about signal-control-filtering
  1. Should a mitigation request create a mitigation before doing a PUT + acl-list [{acl-name, activation-type}] against the active mitigation, or is a ‘PUT + acl-list [{acl-name, activation-type}]’ allowed to create a new mitigation?
  2. Should the response to a GET (or Observed GET) include the acl-list [{acl-name, activation-type}] if the PUT included it?
  3. Does the response to the PUT (the echoed back response payload of the PUT representation https://tools.ietf.org/html/rfc7252#section- ) include the acl-list (if defined) or not?
  4. Is the activation change to the ACL a permanent change to the ACL (so a GET on the data channel returns the new type)?
  5. Does the activation change to the ACL count as an ACL refresh (pending-lifetime update)?
  6. Is CBOR activation –type comprehension-required or comprehension-optional?

Regarding with the 1st point, we got feedbacks from Med and Tiru that both should be allowed.
If ‘PUT + acl-list [{acl-name, activation-type}]’ allowed to create a new mitigation, it should be treated as this is a request in "attack-time".

(#2: Data Channel Implicit protocol number was addressed clearly by Med's comment.)

#3: (D)TLS session lifetime
 From the view point of DOTS server, when to expire the old (D)TLS session is implementation specific though, I'd like to hear from experts about preferable setting (timer or something else...?)