Re: [Gen-art] Gen-ART Last Call review of draft-ietf-dots-architecture-15
tirumal reddy <kondtir@gmail.com> Mon, 27 January 2020 12:34 UTC
Return-Path: <kondtir@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DA5F120033; Mon, 27 Jan 2020 04:34:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPvya3pTOUcE; Mon, 27 Jan 2020 04:34:00 -0800 (PST)
Received: from mail-il1-x12e.google.com (mail-il1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C06AF120115; Mon, 27 Jan 2020 04:34:00 -0800 (PST)
Received: by mail-il1-x12e.google.com with SMTP id g12so7311758ild.2; Mon, 27 Jan 2020 04:34:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=na9rUb20Dv0qQGvrJOi4xHZzC6bhGRyv31+7gFKxcYs=; b=N7+s546TXPGb/SFTDiW0oAFZyHevnSZgXAbECt1mtbAvuLJhGETQxRZODVXf+0CxM1 klPjFsX/7feUzWD1P4nUJQEK9YwZQ0LOL+R4wr0TbbWpB+scvPDc3YYiOYP1kCbULoGr ix1Ps0R8kie41SGiAyXmyLfYmh1eTFQwXwL1DVEkaoFJDVS6RK+l34EeJC0o6R5KJJIt 4kiUj76wcifvcMi8do0RE6lx8T/tdKReIa0a4ho2VdWaOO9v6ZEzm8xIAeu/wnZaAzc0 Ew0HlFL4gSdSkmfWGJio2r5JWtfw2EHJGcA+xGWkFPavLwObRaeLAgvkaXAFgHUiw9LS SXRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=na9rUb20Dv0qQGvrJOi4xHZzC6bhGRyv31+7gFKxcYs=; b=m/uEHVybk2lx7nXnhTL5wt97OBUVZhnIVUwh+U8LmCubBPPFUj8o0OpttDhqXL6ts4 NLAYUE0wso0XxgIjthRJKmDd6pejaWBtqUYP54L9MPH3BKQN8ttFtbXWXXPBUzlHnIyA eNsZeyD9exf0l5ynd08YazKyIpSV7EiFheaOKa5883GIs/cKCUBPuNYtUqLU9MEyLQSi wFJfnJTGjgeGXdHNXwUhrU9SHF6eoTlEWetQcjlCwCiqt5mAMH/zENicb9L+naiK0rIj 1/IaYIRtqVCA4d+9s63QeNtOl4WoyveClLnSGjUHCfqiOLdPOT7J7V0UKxsaACAae0hZ FC3A==
X-Gm-Message-State: APjAAAUzE1tCyf3IRGHZu4YDxpHPH4PGGlozE5Y3OZH7gPV22CZ9eqja YAd4YtMLLgdckjb6vl84B6D7rwTyfcrbUwf7UO4=
X-Google-Smtp-Source: APXvYqwMbr5hmjxxkIdPibl0y3V9fFF5nyIeXGF2kR//KoRukhKUmD78k8ajq1kZl3HzJvqaAdvWOl0pZdfOFioNRgQ=
X-Received: by 2002:a92:ca82:: with SMTP id t2mr14762891ilo.242.1580128439928; Mon, 27 Jan 2020 04:33:59 -0800 (PST)
MIME-Version: 1.0
References: <f659494f-a93b-48ab-e67a-3ff803673a1d@alum.mit.edu> <CAFpG3gddVF1wT0YZdQ22oxwfX1W0X6qsK=adsdUEdabctEHaGA@mail.gmail.com>
In-Reply-To: <CAFpG3gddVF1wT0YZdQ22oxwfX1W0X6qsK=adsdUEdabctEHaGA@mail.gmail.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Mon, 27 Jan 2020 18:03:48 +0530
Message-ID: <CAFpG3gdqY73si=_hzgW9bjAeAFmAiQmVMZG_uv128uvaxdK89w@mail.gmail.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Cc: draft-ietf-dots-architecture.all@ietf.org, General Area Review Team <gen-art@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005c910c059d1e529b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/K1kURvDZV3wlfRqtF0koum4phA8>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-dots-architecture-15
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 12:34:04 -0000
On Mon, 27 Jan 2020 at 15:36, tirumal reddy <kondtir@gmail.com> wrote: > Hi Paul, > > Thanks for the review. Please see inline > > On Thu, 23 Jan 2020 at 21:09, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote: > >> I am the assigned Gen-ART reviewer for this draft. The General Area >> Review Team (Gen-ART) reviews all IETF documents being processed >> by the IESG for the IETF Chair. Please treat these comments just >> like any other last call comments. >> >> For more information, please see the FAQ at >> >> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. >> >> Document: draft-ietf-dots-architecture-15 >> Reviewer: Paul Kyzivat >> Review Date: 2020-01-23 >> IETF LC End Date: 2020-01-27 >> IESG Telechat date: ? >> >> Summary: >> >> This draft is on the right track but has open issues, described in the >> review. >> >> General: >> >> This is a very well written document! Even though I lack any knowledge >> of the subject domain I was generally able to understand it. >> >> I had trouble classifying some of my issues below. I wanted to make them >> be questions. But in a review such as this it makes more sense to state >> them as issues of clarity in the text, since the reader should ideally >> not be left with questions. >> >> Issues: >> >> Major: 0 >> Minor: 5 >> Nits: 0 >> >> 1) MINOR: Resource Ownership: >> >> The 2nd paragraph of section 2.2.2 stresses that it is important for a >> DOTS Server to verify that the DOTS Client owns the resources over which >> it is requesting mitigation. >> >> There seems to be quite a lot hiding behind that requirement. In >> particular, how is the server supposed to be in a position to do that >> verification? This seems to require that the server have access to >> ownership information. While that may be easy in some cases (e.g., when >> the server is operated by the ISP that assigned the resources to the >> client), in other cases it could be hard. I'd like to see more >> discussion of this. >> > > The exact mechanism to validate the resources owned by the DOTS client > domain is deployment-specific. I can add the following example mechanisms > to address your comment: > > The exact mechanism for the DOTS servers to validate that the resources are within the > scope of the DOTS client domain is deployment-specific. For example, > if the DOTS client domain leverages the DDoS mitigation service of > its Internet Transit Provider (ITP), it knows the prefixes assigned > to the DOTS client domain. If the DDoS Mitigation is offered by a > third party DDoS mitigation service provider, and if the resources > are not owned by the requesting domain, it can impose penalties for > violating the service level agreement. Alternatively, the DDoS > mitigation service provider and the DOTS client domain can opt to use > the identifier validation challenges discussed in [RFC8555] and > [I-D.ietf-acme-ip] to identify whether the DOTS client domain > actually controls the resources. Note that the challenges for > validating control of resources must be performed when no attack > traffic is present. > > I have modified the above text as follows for better clarity: The exact mechanism for the DOTS servers to validate that the resources are within the scope of the DOTS client domain is deployment-specific. For example, if the DOTS client domain leverages the DDoS mitigation service of its Internet Transit Provider (ITP), the ITP knows the prefixes assigned to the DOTS client domain. However, if the DDoS Mitigation is offered by a third party DDoS mitigation service provider, it does not know the resources owned by the DOTS client domain. The DDoS mitigation service provider and the DOTS client domain can opt to use the identifier validation challenges discussed in [RFC8555] and [I-D.ietf-acme-ip] to identify whether the DOTS client domain actually controls the resources. The challenges for validating control of resources must be performed when no attack traffic is present and works only for "dns" and "ip" identifier types. Further, if the DOTS client lies about the resources owned by the DOTS client domain, the DDoS mitigation service provider can impose penalties for violating the service level agreement. -Tiru >> 2) MINOR: Scope and lifetime of sessions: >> >> Section 3.1 states that a session can be a signal channel session or a >> data channel session or both. I'm confused about the relationships here. >> >> If a session can consist of both, how are they related? Is there some >> state that ties them together? >> >> Can a channel survive the loss and reestablishment of a TCP connection? >> Or does the creation of a new connection create a new channel? >> >> What is the act that creates a new channel, and what destroys one? >> >> I'd like to see some more text explaining this. >> > > All above details are discussed in the DOTS signal and data channel > protocol drafts (currently in the RFC editor queue), added the following > like to address your comment: > > The DOTS server couples the DOTS signal and data channel sessions using the DOTS > client identity. The DOTS session is further elaborated in the DOTS > signal channel protocol defined in [I-D.ietf-dots-signal-channel] and > the DOTS data channel protocol defined in > [I-D.ietf-dots-data-channel]. > > > >> >> 3) MINOR: Feedback for recursive mitigation: >> >> Section 3.2.3 says: >> >> ... To maximize >> mitigation visibility to the DOTS client, however, the recursing >> domain SHOULD provide recursed mitigation feedback in signals >> reporting on mitigation status to the DOTS client. For example, the >> recursing domain's mitigator should incorporate into mitigation >> status messages available metrics such as dropped packet or byte >> counts from the recursed mitigation. >> >> This seems to imply that feedback from So to Cn is routed to Mn for >> merging with Mn's feedback. That seems to violate the architecture. Can >> the feedback from So be routed by Gn back to Cc? >> > > Yes, clarified text as follows: > > For example, the recursing domain's DOTS server should incorporate into mitigation > status messages available metrics such as dropped packet or byte > counts from the recursed domain's DOTS server. > > > >> >> Can this be clarified? >> >> 4) MINOR: Security of recursive mitigation: >> >> The last paragraph of section 3.2.3 says: >> >> Deployment of recursive signaling may result in traffic redirection, >> examination and mitigation extending beyond the initial bilateral >> relationship between DOTS client and DOTS server. As such, client >> control over the network path of mitigated traffic may be reduced. >> DOTS client operators should be aware of any privacy concerns, and >> work with DOTS server operators employing recursive signaling to >> ensure shared sensitive material is suitably protected. >> >> This sounds like hand waving. Am I right in thinking this is talking >> about incorporating the details of recursion in the service level >> agreement? >> > > Yes, will add the following line: > > Typically there is a contractual Service Level Agreement (SLA) negotiated among > the DOTS client domain, the recursed domain and the recursing domain > to meet the privacy requirements of the DOTS client domain. > > > >> >> 5) MINOR: Normative references: >> >> I was surprised by the scarcity of normative references. I went looking >> for MUSTs referencing RFCs and found three: RFC8612 (DOTS Requirements), >> and RFCs 5389 and 7350 (STUN related). Please consider making these >> normative references. >> > > Done (Replaced RFC5389 with > https://tools.ietf.org/html/draft-ietf-tram-stunbis-21). > > Cheers, > -Tiru >
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… tirumal reddy
- Re: [Gen-art] Gen-ART Last Call review of draft-i… tirumal reddy
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat