Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05
<mohamed.boucadair@orange.com> Thu, 07 November 2019 09:50 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6766B120106; Thu, 7 Nov 2019 01:50:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B0uq8BqVxwYF; Thu, 7 Nov 2019 01:50:39 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D1701200CE; Thu, 7 Nov 2019 01:50:39 -0800 (PST)
Received: from opfednr05.francetelecom.fr (unknown [xx.xx.xx.69]) by opfednr27.francetelecom.fr (ESMTP service) with ESMTP id 477zDF2QbWz4wT5; Thu, 7 Nov 2019 10:50:37 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.89]) by opfednr05.francetelecom.fr (ESMTP service) with ESMTP id 477zDF1C6jzyQs; Thu, 7 Nov 2019 10:50:37 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM44.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0468.000; Thu, 7 Nov 2019 10:50:37 +0100
From: mohamed.boucadair@orange.com
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, Jon Shallow <supjps-ietf@jpshallow.com>, 'Valery Smyslov' <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>
Thread-Topic: [Dots] WGLC on draft-ietf-dots-server-discovery-05
Thread-Index: AdWJdJriiJ1zeDaA3CAo0XFND0KMCQLPhj4AAAHYqgAAARUqAAAeQl6AAAQnISAAATMJAAAASiCQAAAv6oAAAAW/wAAAXRXQ
Date: Thu, 07 Nov 2019 09:50:36 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93303135B7A7@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <011d01d58974$b70298b0$2507ca10$@smyslov.net> <1bb901d594b2$b4502b20$1cf08160$@jpshallow.com> <787AE7BB302AE849A7480A190F8B933031350F27@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <1bf401d594be$6b379700$41a6c500$@jpshallow.com> <787AE7BB302AE849A7480A190F8B933031358608@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <MWHPR16MB1693C04755D042E6D452FF0EEA780@MWHPR16MB1693.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93303135B723@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <MWHPR16MB1693DE80704C2DB8650ADC03EA780@MWHPR16MB1693.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93303135B770@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <MWHPR16MB169390C48F8ECB84F5CFA0B4EA780@MWHPR16MB1693.namprd16.prod.outlook.com>
In-Reply-To: <MWHPR16MB169390C48F8ECB84F5CFA0B4EA780@MWHPR16MB1693.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/wJ3ZZJ1Dt4T9f0utgF4cSNf_7rM>
Subject: Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2019 09:50:41 -0000
Re-, Yeah. My point is adding that citation/information does not change the behavior nor the design in the draft. Cheers, Med > -----Message d'origine----- > De : Konda, Tirumaleswar Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com] > Envoyé : jeudi 7 novembre 2019 10:40 > À : BOUCADAIR Mohamed TGI/OLN; Jon Shallow; 'Valery Smyslov'; > dots@ietf.org; dots-chairs@ietf.org > Objet : RE: [Dots] WGLC on draft-ietf-dots-server-discovery-05 > > > -----Original Message----- > > From: mohamed.boucadair@orange.com > > <mohamed.boucadair@orange.com> > > Sent: Thursday, November 7, 2019 3:06 PM > > To: Konda, Tirumaleswar Reddy > > <TirumaleswarReddy_Konda@McAfee.com>; Jon Shallow <supjps- > > ietf@jpshallow.com>; 'Valery Smyslov' <valery@smyslov.net>; > dots@ietf.org; > > dots-chairs@ietf.org > > Subject: RE: [Dots] WGLC on draft-ietf-dots-server-discovery-05 > > > > CAUTION: External email. Do not click links or open attachments unless > you > > recognize the sender and know the content is safe. > > > > Yes, but I was referring to this part: > > > > few certification authorities issue server certificates based on > > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > ^^ > > IP addresses, but preliminary evidence indicates that such > > ^^^^^^^^^^^^ > > certificates are a very small percentage (less than 1%) of issued > > certificates. > > It is part of the out of scope section 1.2 but ACME will make it more > common. > > -Tiru > > > > > Cheers, > > Med > > > > > -----Message d'origine----- > > > De : Konda, Tirumaleswar Reddy > > > [mailto:TirumaleswarReddy_Konda@McAfee.com] > > > Envoyé : jeudi 7 novembre 2019 10:32 > > > À : BOUCADAIR Mohamed TGI/OLN; Jon Shallow; 'Valery Smyslov'; > > > dots@ietf.org; dots-chairs@ietf.org Objet : RE: [Dots] WGLC on > > > draft-ietf-dots-server-discovery-05 > > > > > > > -----Original Message----- > > > > From: mohamed.boucadair@orange.com > > > > <mohamed.boucadair@orange.com> > > > > Sent: Thursday, November 7, 2019 2:52 PM > > > > To: Konda, Tirumaleswar Reddy > > > > <TirumaleswarReddy_Konda@McAfee.com>; Jon Shallow <supjps- > > > > ietf@jpshallow.com>; 'Valery Smyslov' <valery@smyslov.net>; > > > dots@ietf.org; > > > > dots-chairs@ietf.org > > > > Subject: RE: [Dots] WGLC on draft-ietf-dots-server-discovery-05 > > > > > > > > CAUTION: External email. Do not click links or open attachments > > > > unless > > > you > > > > recognize the sender and know the content is safe. > > > > > > > > Hi Tiru, > > > > > > > > I'm not sure this reference is needed. We do already cite 6125 to > > > > mention that CAs already issue certificates based on IP addresses. > > > > > > https://tools.ietf.org/html/rfc6125#section-1.7.2 says certificates > > > based on IP addresses is out of scope. > > > > > > Cheers, > > > -Tiru > > > > > > > > > > > Cheers, > > > > Med > > > > > > > > > -----Message d'origine----- > > > > > De : Konda, Tirumaleswar Reddy > > > > > [mailto:TirumaleswarReddy_Konda@McAfee.com] > > > > > Envoyé : jeudi 7 novembre 2019 09:56 À : BOUCADAIR Mohamed > > > > > TGI/OLN; Jon Shallow; 'Valery Smyslov'; dots@ietf.org; > > > > > dots-chairs@ietf.org Objet : RE: [Dots] WGLC on > > > > > draft-ietf-dots-server-discovery-05 > > > > > > > > > > If the DHCP client receives OPTION_V6_DOTS_ADDRESS only, the > > > > > address(es) included in OPTION_V6_DOTS_ADDRESS are used to > > > > > reach > > > > the > > > > > peer DOTS agent. In addition, these addresses can be used as > > > > > identifiers for authentication. > > > > > > > > > > We may want to add the following line to support the above lines: > > > > > [I-D.ietf-acme-ip] describes a new protocol that allows CA to > > > > > issue certificates for IP addresses. > > > > > > > > > > Cheers, > > > > > -Tiru > > > > > > > > > > > -----Original Message----- > > > > > > From: Dots <dots-bounces@ietf.org> On Behalf Of > > > > > > mohamed.boucadair@orange.com > > > > > > Sent: Thursday, November 7, 2019 12:19 PM > > > > > > To: Jon Shallow <supjps-ietf@jpshallow.com>; 'Valery Smyslov' > > > > > > <valery@smyslov.net>; dots@ietf.org; dots-chairs@ietf.org > > > > > > Subject: Re: [Dots] WGLC on draft-ietf-dots-server-discovery-05 > > > > > > > > > > > > CAUTION: External email. Do not click links or open attachments > > > > > > unless > > > > > you > > > > > > recognize the sender and know the content is safe. > > > > > > > > > > > > Hi Jon, > > > > > > > > > > > > OK, thanks. > > > > > > > > > > > > In order to further make things clear, I suggest to add this NEW > > > > > > text in > > > > > the > > > > > > introduction of Section 5: > > > > > > > > > > > > The list of the IP addresses returned by DHCP servers is > typically > > > > > > used to fed the DOTS server selection procedure detailed in > > > > > > Section 4.3 of [I-D.ietf-dots-signal-channel] or to provide > DOTS > > > > > > agents with primary and backup IP addresses of their peer DOTS > > > > > > agents. > > > > > > > > > > > > Would that be OK? > > > > > > > > > > > > I'm not sure the text need to hint any priority order set by the > > > > > > server > > > > > (backup > > > > > > case), though. The reason is that list will be ordered by the > > > > > > client > > > > > following HE. > > > > > > > > > > > > Cheers, > > > > > > Med > > > > > > > > > > > > > -----Message d'origine----- > > > > > > > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] > > > > > > > Envoyé : mercredi 6 novembre 2019 17:23 À : BOUCADAIR > > Mohamed > > > > > > TGI/OLN; > > > > > > > 'Valery Smyslov'; dots@ietf.org; dots- chairs@ietf.org Objet : > RE: > > > > > > > [Dots] WGLC on draft-ietf-dots-server-discovery-05 > > > > > > > > > > > > > > Hi Med, > > > > > > > > > > > > > > Sorry - not thinking straight - yes, you are correct in that a > > > > > > > single OPTION_Vx_DOTS_ADDRESS can contain multiple IP > > > > > > > addresses - must have glazed over the specific definition > > > > > > > before hitting the "it MUST only use the first instance" in > > > > > > > the next section (Client > > > > Behavior). > > > > > > > > > > > > > > Regards > > > > > > > > > > > > > > Jon > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of > > > > > > > mohamed.boucadair@orange.com > > > > > > > > Sent: 06 November 2019 15:52 > > > > > > > > To: Jon Shallow; 'Valery Smyslov'; dots@ietf.org; > > > > > > > > dots-chairs@ietf.org > > > > > > > > Subject: Re: [Dots] WGLC on > > > > > > > > draft-ietf-dots-server-discovery-05 > > > > > > > > > > > > > > > > Hi Jon, > > > > > > > > > > > > > > > > Thank you for the comments. > > > > > > > > > > > > > > > > Please see inline. > > > > > > > > > > > > > > > > Cheers, > > > > > > > > Med > > > > > > > > > > > > > > > > > -----Message d'origine----- De : Dots > > > > > > > > > [mailto:dots-bounces@ietf.org] De la part de Jon Shallow > > > > > > > > > Envoyé : mercredi 6 novembre 2019 15:59 À : 'Valery > > > > > > > > > Smyslov'; dots@ietf.org; dots-chairs@ietf.org Objet : Re: > > > > > > > > > [Dots] WGLC on > > > > > > > > > draft-ietf-dots-server-discovery-05 > > > > > > > > > > > > > > > > > > Hi All, > > > > > > > > > > > > > > > > > > I have read through draft-ietf-dots-server-discovery-05 > > > > > > > > > and think that > > > > > > > it > > > > > > > > > is > > > > > > > > > a good document. > > > > > > > > > > > > > > > > > > However, in particular with DHCPv(4|6), it is only > > > > > > > > > possible to use the first OPTION_Vx_DOTS_ADDRESS (5.1.3, > > 5.2.3). > > > > > > > > > > > > > > > > [Med] Yes > > > > > > > > > > > > > > > > If the server at the first address > > > > > > > > > is down / unavailable for whatever reason, it is not > > > > > > > > > possible to define > > > > > > > a > > > > > > > > > backup IP address as a secondary entry. Is it the > > > > > > > > > intention to not > > > > > > > allow > > > > > > > > > backup IP addresses? > > > > > > > > > > > > > > > > [Med] Hmm, that is possible given that an instance is > > > > > > > > designed to carry a > > > > > > > list > > > > > > > > of IP addresses. > > > > > > > > > > > > > > > > If the DHCP client receives OPTION_V6_DOTS_ADDRESS only, > > the > > > > > > > > address(es) included in OPTION_V6_DOTS_ADDRESS are used > > > > > > > > to reach > > > > > > the > > > > > > > > ^^^^^^^^^^ > > > > > > > > peer DOTS agent. In addition, these addresses can be used > as > > > > > > > > identifiers for authentication. > > > > > > > > > > > > > > > > > > > > > > > > > > With DNS, I know that A/AAAA records can be presented > > > > > > > > > round-robin > > > > > > > > which > > > > > > > > > gives the possibility of backup IP addresses, but am not > > > > > > > > > sure whether > > > > > > > this > > > > > > > > > holds true for implementations for other Resource Records. > > > > > > > > > If backup addresses are to be allowed, the draft is > > > > > > > > > unclear whether only the > > > > > > > first > > > > > > > > > A/AAAA RR is allowed, or each can be tested until the > > > > > > > > > first non-failure > > > > > > > is > > > > > > > > > found, or whether happy-eyeballs it to be invoked against > > > > > > > > > all of the IP addresses and then the final IP > > > > > > > > > preferentially chosen according to the > > > > > > > RR > > > > > > > > > returned order. > > > > > > > > > > > > > > > > [Med] Considerations related to address selection (including > > > > > > > > HE) are not detailed here on purpose because this is not > > > > > > > > part of > > > discovery. > > > > > > > > > > > > > > > > > > > > > > > > > > Regards > > > > > > > > > > > > > > > > > > Jon > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > > From: Dots [mailto:ietf-supjps-dots-bounces@ietf.org] On > > > > > > > > > > Behalf Of > > > > > > > > Valery > > > > > > > > > > Smyslov > > > > > > > > > > Sent: 23 October 2019 08:37 > > > > > > > > > > To: dots@ietf.org > > > > > > > > > > Cc: dots-chairs@ietf.org > > > > > > > > > > Subject: [Dots] WGLC on > > > > > > > > > > draft-ietf-dots-server-discovery-05 > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > > > this message starts a Work Group Last Call (WGLC) for > > > > > > > > > draft-ietf-dots-server- > > > > > > > > > > discovery-05. > > > > > > > > > > The version to be reviewed is here: > > > > > > > > > https://www.ietf.org/id/draft-ietf-dots- > > > > > > > > > > server-discovery-05.txt > > > > > > > > > > > > > > > > > > > > The WGLC will last for two weeks and will end on > > > > > > > > > > November the > > > > > 7th. > > > > > > > > > > Please send your comments to the list before this date. > > > > > > > > > > > > > > > > > > > > Regards, > > > > > > > > > > Frank & Valery. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > > Dots mailing list > > > > > > > > > > Dots@ietf.org > > > > > > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > Dots mailing list > > > > > > > > > Dots@ietf.org > > > > > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > Dots mailing list > > > > > > > > Dots@ietf.org > > > > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > > > > > > > _______________________________________________ > > > > > > Dots mailing list > > > > > > Dots@ietf.org > > > > > > https://www.ietf.org/mailman/listinfo/dots
- [Dots] WGLC on draft-ietf-dots-server-discovery-05 Valery Smyslov
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Jon Shallow
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Jon Shallow
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Jon Shallow
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Konda, Tirumaleswar Reddy
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Konda, Tirumaleswar Reddy
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Konda, Tirumaleswar Reddy
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Konda, Tirumaleswar Reddy
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Valery Smyslov
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Valery Smyslov
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Valery Smyslov
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… mohamed.boucadair
- Re: [Dots] WGLC on draft-ietf-dots-server-discove… Valery Smyslov