Re: [Dots] Warren Kumari's No Objection on draft-ietf-dots-data-channel-28: (with COMMENT)

Warren Kumari <warren@kumari.net> Thu, 02 May 2019 13:39 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6196B12037C for <dots@ietfa.amsl.com>; Thu, 2 May 2019 06:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EBRuX2MhGd-O for <dots@ietfa.amsl.com>; Thu, 2 May 2019 06:39:36 -0700 (PDT)
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A23C3120375 for <dots@ietf.org>; Thu, 2 May 2019 06:39:32 -0700 (PDT)
Received: by mail-qt1-x836.google.com with SMTP id g4so2434296qtq.10 for <dots@ietf.org>; Thu, 02 May 2019 06:39:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dDSX+QS/kNfRO74UjoYLTIiqNiHNT/jVn0LN7EHU2FQ=; b=c2gnOnz5otCwvbQoYmPBYFUnhKFLOYAt9Yln2w47O5u08NkQxrV/lAWvo7Fr5vq0Rk iEvpyodHh0oWeHoPu4YFGueyRyPtI0w5heI5bUCtDQ9bT04SDJp2DS59ew2TGZ/36IGu XQqAw44CFNKRpb0tePVsxt0zuUS7u5XFhmBNrttWsNrvXabajTV3YVF5VHH/RLoWgrmO ghiVfDjmbxLJowFyTKJkwZGprCT+G4X3oABUHXyM5e4ATQb0Pq24o4enZBvLzfpHKrpM QNpGG35m8ptelaa0DsRlSSMHXBsJfwYgHYdEi1f/U6JoObo524PMw+GYo3yaVApDRGw3 42ag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dDSX+QS/kNfRO74UjoYLTIiqNiHNT/jVn0LN7EHU2FQ=; b=r7Amqhla1eV3gslhhn+0A+tRG/1569Az1ebbjhPAV9uWomgaIlnLfbGGJ0uPyuwyyk Y/OktkCBsbtnA38oJHr8tZYqCHoy68qa89D6MctUzZmLHdrekumQjLYPgXYwNbRnlHJ8 N/OscRJwL9X0f9bVOvHMecAI4hngbheMw+dPal7Iq+EZ1QXI2s9VT/fLw7CwrOuqb7ra PCFSsQ1TWsRgE5QRAmBSV20uYqH24lHRf067siA3BxFck0QL0DWk8nNcXY2Swa2WbbId K5QORLI1H4ILcv2Ew0XRvXbwl6lKmCIyAqSObtkcTI8OIpSJ1IwIjgUYTSdGREa+qaeu n9mA==
X-Gm-Message-State: APjAAAUhJSkaq2yMf92vQ4sS30gWff3SRRtEGJeZ5mRjAlk/ECgNu8DP 5TvJrZyr+qarLIZwPx3TdfI9pqJuYGEXuFBOmBcZpA==
X-Google-Smtp-Source: APXvYqxXgEdP+Z8wBb6RpyoHTTXPw6KHhg6L/NfhjyRWE2+8jtS/YBGLxl1nA/FseE/rv0BQYsUjVY66sagsT7t9cfU=
X-Received: by 2002:ac8:2843:: with SMTP id 3mr3070692qtr.327.1556804371069; Thu, 02 May 2019 06:39:31 -0700 (PDT)
MIME-Version: 1.0
References: <155673847313.950.15705754597246734431.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA68DCE@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA68DCE@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 02 May 2019 09:38:54 -0400
Message-ID: <CAHw9_iJuPEcdpCn6Eac1ku2_eH3e=EwKoBfNuV_vhw_BcUvT5g@mail.gmail.com>
To: mohamed.boucadair@orange.com
Cc: The IESG <iesg@ietf.org>, "draft-ietf-dots-data-channel@ietf.org" <draft-ietf-dots-data-channel@ietf.org>, Roman Danyliw <rdd@cert.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000085d2270587e7c3b2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/vxtBIscl32AeHLBMkLT8kOKY-kM>
Subject: Re: [Dots] Warren Kumari's No Objection on draft-ietf-dots-data-channel-28: (with COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 13:39:39 -0000

On Thu, May 2, 2019 at 8:40 AM <mohamed.boucadair@orange.com> wrote:

> Hi Warren,
>
> Thank you for the comments.
>
> Went with almost all your rewording proposal. An example to illustrate the
> use of the tcp-flags will be added.
>
>
Awesome, thank you!
W



> Cheers,
> Med
>
> > -----Message d'origine-----
> > De : Warren Kumari via Datatracker [mailto:noreply@ietf.org]
> > Envoyé : mercredi 1 mai 2019 21:21
> > À : The IESG
> > Cc : draft-ietf-dots-data-channel@ietf.org; Roman Danyliw; dots-
> > chairs@ietf.org; rdd@cert.org; dots@ietf.org
> > Objet : Warren Kumari's No Objection on draft-ietf-dots-data-channel-28:
> > (with COMMENT)
> >
> > Warren Kumari has entered the following ballot position for
> > draft-ietf-dots-data-channel-28: No Objection
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to
> https://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-dots-data-channel/
> >
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > Thank you for writing this - I found it useful and interesting.
> >
> > I do have a few comments / suggestions to try improve the document
> further.
> >
> > 1:  "In most cases, sufficient scale can be achieved by compromising
> enough
> > end-hosts and using those infected hosts to perpetrate and amplify the
> > attack."
> > This is somewhat misleading - it sounds somewhat like the reflectors
> which
> > get
> > used for amplification attacks (e.g DNS servers) have been compromised.
> > Perhaps
> > "In most cases, sufficient scale can be achieved by compromising enough
> > end-hosts or using amplification attacks" - in the grand scheme of things
> > this
> > isn't super important, but because it is so close to the beginning of the
> > document it would be nice to set the tone correctly...
> >
> > 2: "After discovering the RESTCONF API root, a DOTS client uses this
> value as
> > the initial part of the path in the request URI, in any subsequent
> request to
> > the DOTS server." The commas seem superfluous, and make reading this
> hard.
> >
> > 3: "It is RECOMMENDED that DOTS clients and gateways support means to
> alert
> > administrators about loop errors so that appropriate actions are
> undertaken."
> > Truly a nit, but I had to reread this sentence multiple times before I
> got it
> > -- I would suggest s/means/methods/ (or "provide methods").
> >
> > 4: TCP flags. It is really common to match on "Established" sessions (or
> > packets with or without the SYN flag -- I think it would be **really**
> > helpful
> > to describe how this is done / have an example, etc. While readers
> should be
> > able to figure this out, it would be helpful to have this so people can
> find
> > it
> > in a panic. Actually, more examples in the Appendix would be generally
> > useful...
> >
> > 5: "The DOTS gateway, that inserted a ’cdid’ in a PUT request, MUST
> strip the
> > ’cdid’ parameter in the corresponding response before forwarding the
> response
> > to the DOTS client." Extra commas...
> >
>
>

-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf