IETF Logo Mail Archive

Re: [Dots] Mirja's DISCUSS: Pending Point (AD Help Needed)

<mohamed.boucadair@orange.com> Mon, 22 July 2019 07:08 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76BA0120105; Mon, 22 Jul 2019 00:08:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xdwD1RVwnuC6; Mon, 22 Jul 2019 00:08:23 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B83F4120104; Mon, 22 Jul 2019 00:08:22 -0700 (PDT)
Received: from opfedar07.francetelecom.fr (unknown [xx.xx.xx.9]) by opfedar26.francetelecom.fr (ESMTP service) with ESMTP id 45sXkr5Qr0zFpmY; Mon, 22 Jul 2019 09:08:20 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.64]) by opfedar07.francetelecom.fr (ESMTP service) with ESMTP id 45sXkr4BN4z5vP4; Mon, 22 Jul 2019 09:08:20 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBMA3.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0439.000; Mon, 22 Jul 2019 09:08:20 +0200
From: mohamed.boucadair@orange.com
To: Valery Smyslov <valery@smyslov.net>, "'Konda, Tirumaleswar Reddy'" <TirumaleswarReddy_Konda@McAfee.com>, 'Benjamin Kaduk' <kaduk@mit.edu>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Mirja's DISCUSS: Pending Point (AD Help Needed)
Thread-Index: AQI3NMpmw7DhsbF6RNCA2PYrEJMCCAFLQw4RAblfkIil9rStEIADcglQ
Date: Mon, 22 Jul 2019 07:08:19 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330312E32E9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B93302FA841A9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <00c201d53e27$194cfc20$4be6f460$@smyslov.net> <DM5PR16MB1705B5FC8E9204012E34636FEACB0@DM5PR16MB1705.namprd16.prod.outlook.com> <011701d53ea2$74d81540$5e883fc0$@smyslov.net>
In-Reply-To: <011701d53ea2$74d81540$5e883fc0$@smyslov.net>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/z0uDCqWZykvjnB8n5NQNO3KTyJo>
Subject: Re: [Dots] Mirja's DISCUSS: Pending Point (AD Help Needed)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 07:08:26 -0000

Hi Valery,

Actually, we have clarified that (see for example, https://mailarchive.ietf.org/arch/msg/dots/21wgxXEy-vWecFZK9BeviBFMdnA) 

> All the message transmission parameters including missing-hb-
> allowed are configurable using the DOTS signal channel (see draft-ietf-
> dots-signal-channel-35#section-4.5) and these message transmission
> parameter including the missing-hb-allowed is only used for UDP transport.

We can add this NEW text to Section 4.5 If this would help:

   When the DOTS signal channel is established over a reliable transport
   (e.g., TCP), there is no need for the reliability mechanisms provided
   by CoAP over UDP since the underlying TCP connection provides
   retransmissions and deduplication [RFC8323].  As such, the
   transmission-related parameters (missing-hb-allowed and acceptable
   signal loss ratio) are negotiated only for DOTS over unreliable
   transports.

Cheers,
Med

> -----Message d'origine-----
> De : Valery Smyslov [mailto:valery@smyslov.net]
> Envoyé : samedi 20 juillet 2019 04:26
> À : 'Konda, Tirumaleswar Reddy'; BOUCADAIR Mohamed TGI/OLN; 'Benjamin
> Kaduk'; dots-chairs@ietf.org; dots@ietf.org
> Objet : RE: [Dots] Mirja's DISCUSS: Pending Point (AD Help Needed)
> 
> Hi Tiru,
> 
> thank you for clarification regarding TCP. It seems the this clarification
> somehow escaped from the
> discussion with Mirja (at least I cannot recall it was mentioned).
> 
> Regards,
> Valery.
> 
> > Hi Valery,
> >
> > The message transmission parameters including missing-hb-allowed is only
> for
> > UDP transport (not for TCP). For the UDP, she is suggesting us to go
> with a
> > mechanism that checks both side of the connectivity using non-
> confirmable
> > message with ping and pong at the application layer instead of relying
> on the
> > CoAP ping/pong.
> >
> > Cheers,
> > -Tiru
> >
> > > -----Original Message-----
> > > From: Dots <dots-bounces@ietf.org> On Behalf Of Valery Smyslov
> > > Sent: Friday, July 19, 2019 5:13 PM
> > > To: mohamed.boucadair@orange.com; 'Benjamin Kaduk' <kaduk@mit.edu>;
> > > dots-chairs@ietf.org; dots@ietf.org
> > > Subject: Re: [Dots] Mirja's DISCUSS: Pending Point (AD Help Needed)
> > >
> > >
> > >
> > > Hi Med,
> > >
> > > I believe Mirja's main point was that if you use liveness check
> > > mechanism in the transport layer, then if it reports that liveness
> > > check fails, then it _also_ closes the transport session.
> > >
> > > Quotes from her emails:
> > > "Yes, as Coap Ping is used, the agent should not only conclude that
> > > the DOTS signal session is disconnected but also the Coap session and
> > > not send any further Coap messages anymore."
> > >
> > > and
> > >
> > > "Actually to my understanding this will not work. Both TCP heartbeat
> > > and Coap Ping are transmitted reliably. If you don’t receive an ack
> > > for these transmissions you are not able to send any additional
> > > messages and can only close the connection."
> > >
> > > I'm not familiar with CoAP, but I suspect she's right about TCP - if
> > > TCP layer itself doesn't receive ACK for the sent data after several
> > > retransmissions, the connection is closed.
> > >
> > > As far as I understand the current draft allows underlying liveness
> > > check to fail and has a parameter to restart this check several times
> > > if this happens. It seems that a new transport session will be created
> > > in this case (at least if TCP is used). In my reading of the draft
> > > this seems not been assumed, it is assumed that the session remains
> > > the same. So, I think that main Mirja's concern is that it won't work
> (at least
> > with TCP).
> > >
> > > I didn't participate in the WG discussion on this, so I don't know
> > > what was discussed regarding this issue. If it was discussed and the
> > > WG has come to conclusion that this is not an issue, then I believe
> > > more text should be added to the draft so, that people like Mirja, who
> > > didn't participate in the discussion, don't have any concerns while
> reading
> > the draft.
> > >
> > > Regards,
> > > Valery.
> > >
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: mohamed.boucadair@orange.com
> > > > <mohamed.boucadair@orange.com>
> > > > Sent: Friday, July 19, 2019 9:57 AM
> > > > To: Benjamin Kaduk (kaduk@mit.edu) <kaduk@mit.edu>; dots-
> > > > chairs@ietf.org; dots@ietf.org
> > > > Subject: Mirja's DISCUSS: Pending Point (AD Help Needed)
> > > >
> > > > Hi Ben, chairs, all,
> > > >
> > > > (restricting the discussion to the AD/chairs/WG)
> > > >
> > > > * Status:
> > > >
> > > > All DISCUSS points from Mirja's review were fixed, except the one
> > > > discussed in this message.
> > > >
> > > > * Pending Point:
> > > >
> > > > Rather than going into much details, I consider the following as the
> > > > summary of the remaining DISCUSS point from Mirja:
> > > >
> > > > > I believe there are flaws in the design. First it’s a layer
> > > > > violation, but if more an idealistic concern but usually designing
> > > > > in layers is a good approach. But more importantly, you end up
> > > > > with un-frequent messages which may still terminate the connection
> > > > > at some point, while what you want is to simply send messages
> > > > > frequently in an unreliable fashion but a low rate until the
> attack is over.
> > > >
> > > > * Discussion:
> > > >
> > > > (1) First of all, let's remind that RFC7252 does not define how CoAP
> > > > ping must be used. It does only say:
> > > >
> > > > ==
> > > >       Provoking a Reset
> > > >       message (e.g., by sending an Empty Confirmable message) is
> also
> > > >       useful as an inexpensive check of the liveness of an endpoint
> > > >       ("CoAP ping").
> > > > ==
> > > >
> > > > How the liveness is assessed is left to applications. So, there is
> > > > ** no layer violation **.
> > > >
> > > > (2) What we need isn't (text from Mirja):
> > > >
> > > > > to simply send messages frequently in an unreliable fashion but a
> > > > > low rate until the attack is over "
> > > >
> > > > It is actually the other way around. The spec says:
> > > >
> > > >   "... This is particularly useful for DOTS
> > > >    servers that might want to reduce heartbeat frequency or cease
> > > >    heartbeat exchanges when an active DOTS client has not requested
> > > >    mitigation."
> > > >
> > > > What we want can be formalized as:
> > > >  - Taking into account DDoS traffic conditions, a check to assess
> > > > the liveness of the peer DOTS agent + maintain NAT/FW state on
> > > > on-path
> > > devices.
> > > >
> > > > An much more elaborated version is documented in SIG-004 of RFC
> 8612.
> > > >
> > > > * My analysis:
> > > >
> > > > - The intended functionality is naturally provided by existing CoAP
> > > messages.
> > > > - Informed WG decision: The WG spent a lot of cycles when specifying
> > > > the current behavior to be meet the requirements set in RFC8612.
> > > > - Why not an alternative design: We can always define messages with
> > > > duplicated functionality, but that is not a good design approach
> > > > especially when there is no evident benefit.
> > > > - The specification is not broken: it was implemented and tested.
> > > >
> > > > And a logistic comment: this issue fits IMHO under the non-discuss
> > > > criteria in
> > > > https://www.ietf.org/blog/discuss-criteria-iesg-review/#stand-
> > > undisc.
> > > >
> > > > * What's Next?
> > > >
> > > > As an editor, I don't think a change is needed but I'd like to hear
> > > > from Ben, chairs, and the WG.
> > > >
> > > > Please share your thoughts and whether you agree/disagree with the
> > > > above analysis.
> > > >
> > > > Cheers,
> > > > Med
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email