Re: [secdir] SECDIR Review draft-ietf-dots-rfc8782-bis-05
Donald Eastlake <d3e3e3@gmail.com> Thu, 27 May 2021 14:26 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A742B3A0FC7; Thu, 27 May 2021 07:26:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 97mu2E7TMU-H; Thu, 27 May 2021 07:26:11 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8823C3A0FB9; Thu, 27 May 2021 07:26:10 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id z1so454769ils.0; Thu, 27 May 2021 07:26:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=TkdNopaE2rNhPGekYrHfBmqUSkr/tf+vtB2LZpYlqFM=; b=vZnrTWzckVTbElNyXozTEqZLoME7rHNcPea/RQkTg8s0TVII3fUZLr80AKqGzr0kPO GCS6JbTK+I9noF9s0usLcNmCc/R7QTvq1n5ZDRawoeNxHVooPytRFrH+eyuyQhe3r4Bu JRGcdLQ6Yhuv5ulHhbN1u8UEaFF8klKiwOGVFGg45m51bBSTKVPJahHjR3Np3mFY7iS8 1YU1cCxpoWg4r/exhThbklMfjpve1ZMkcWjf59UDmKWd72IPvFJ/ci9tQMDs7m8OgBV4 2n1siXjoPfmWsOfIOelStdcv36C3SPscCrAgLhhfTVEl0amL4CkSQOMixbmr7fKCNXiS QxLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=TkdNopaE2rNhPGekYrHfBmqUSkr/tf+vtB2LZpYlqFM=; b=A+ajtCaQIx42WZfv0cjw8huJJ5m5EaEQez4T+pwmOh5V/hPulrcc25UM/3ARmb9MIs zg/PocLiA/lYpiPRxgeo1w5LyKgoYWhey6Ko1PDm6q59fV+5xDsLNRVwfXBxdlKY/IOU ItUFJ/SraZIKM6LciVswGqI75nnih5X98dDv39B/byPMKQOl0RAdTDO+8YjVZLk9oy0Y fQUdEEiGWGGrAgkulBAv+eh8Ri+rVVJWeu5YgUAQUNacK0tsSrVuM0bCpLYmrrEq3tpz oCGgv7q8XQnBaMra4RuszWIhGQWdwNu9nv3dagonlGvmiQFfBG4+Ure1n4LY4iHw3H5F FTfw==
X-Gm-Message-State: AOAM530JydSJD3W44Uwoic52O6KttLKT+/cSK/M21rguSAcaY2GfMqWJ /lMNaFmp9NTJ9pqd+jtT7okEDcej5PN0rkZwx40=
X-Google-Smtp-Source: ABdhPJyFLm2J9teMEpI7Dj5CF6qJKetIJPtnrJW/FDFJ+l5chDiHpkcBOMWCYTUXJeihvlw2hi/r7W/kbo7v6Z2208c=
X-Received: by 2002:a92:6b05:: with SMTP id g5mr3210326ilc.40.1622125568473; Thu, 27 May 2021 07:26:08 -0700 (PDT)
MIME-Version: 1.0
References: <CAF4+nEEAQDNir0ApDqBu3b2H3c-9KM+b=zuaDkaMSn0x0v5Z-Q@mail.gmail.com> <23514_1616507505_6059F271_23514_186_1_787AE7BB302AE849A7480A190F8B93303535A427@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAF4+nEEX1P-15zaGGhKc05tjCH_s5bYTNy9tXDAz7=4iZzyQKA@mail.gmail.com> <20210527044240.GT32395@kduck.mit.edu> <25321_1622119706_60AF951A_25321_425_1_787AE7BB302AE849A7480A190F8B93303538FF1F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <25321_1622119706_60AF951A_25321_425_1_787AE7BB302AE849A7480A190F8B93303538FF1F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 27 May 2021 10:25:57 -0400
Message-ID: <CAF4+nEGZtPdFoX9OPM8dUuOyDRk+RGqrXXLLLXKcKvfqfBCp4Q@mail.gmail.com>
To: mohamed.boucadair@orange.com
Cc: Benjamin Kaduk <kaduk@mit.edu>, "iesg@ietf.org" <iesg@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-dots-rfc8782-bis.all@ietf.org" <draft-ietf-dots-rfc8782-bis.all@ietf.org>, secdir <secdir@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/817XJcB2cVRTahPiq-L6gk8ZoVA>
Subject: Re: [secdir] SECDIR Review draft-ietf-dots-rfc8782-bis-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 14:26:16 -0000
Hi Med, Thanks for the additional changes. I consider all my comments to have been adequately addressed. Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com On Thu, May 27, 2021 at 8:48 AM <mohamed.boucadair@orange.com> wrote: > > Hi Ben, Donald, > > I think this is now fixed in: > > https://www.ietf.org/rfcdiff?url1=draft-ietf-dots-rfc8782-bis-06&url2=draft-ietf-dots-rfc8782-bis-07 > > Cheers, > Med > > > -----Message d'origine----- > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] > > Envoyé : jeudi 27 mai 2021 06:43 > > À : Donald Eastlake <d3e3e3@gmail.com> > > Cc : BOUCADAIR Mohamed TGI/OLN <mohamed.boucadair@orange.com>; > > iesg@ietf.org; last-call@ietf.org; draft-ietf-dots-rfc8782- > > bis.all@ietf.org; secdir <secdir@ietf.org> > > Objet : Re: SECDIR Review draft-ietf-dots-rfc8782-bis-05 > > > > Hi Donald, > > > > First off, thanks for the review, and thanks to Med for the updates > > in response. Continuing inline... > > > > On Sat, Mar 27, 2021 at 11:42:56PM -0400, Donald Eastlake wrote: > > > Hi, > > > > > > Thanks for adopting so many of my suggestions. > > > > > > See below where I have trimmed to points where we disagree that I > > > think I have something to add. > > > > > > On Tue, Mar 23, 2021 at 9:51 AM <mohamed.boucadair@orange.com> > > wrote: > > > > Hi Donald, > > > > > > > >... > > > > > > > > De : Donald Eastlake [mailto:d3e3e3@gmail.com] Envoyé : mardi 23 > > > > mars 2021 05:53 À : iesg@ietf.org; last-call@ietf.org Cc : > > > > draft-ietf-dots-rfc8782-bis.all@ietf.org; secdir > > <secdir@ietf.org> > > > > Objet : SECDIR Review draft-ietf-dots-rfc8782-bis-05 > > > > > > > > ... > > > > > > > > Minor Issues / Nits: > > > > > > > >... > > > > > > > > General/Global: All six occurrences of "as a reminder" should be > > > > deleted from the draft. They just add useless words. > > > > > > > > [Med] Except the one about IPv4/IPv6, those were added to address > > comments that we received in the past. I prefer to maintain them. > > > > > > Perhaps I was not clear. I have no problem with the substantive > > > material you have included AFTER the words "as a reminder,". I was > > > mearly suggesting that the literal three word sequence "as a > > reminder" > > > is three superfluous words that should be removed. > > > > Thanks for reiterating the intent of the suggestion. > > I think I am okay leaving them in for now, and seeing if the rest of > > the IESG has an opinion. > > > > > > > > > > ... > > > > > > > > Section 4.4.1: > > > > > > > > The following draft text uses "the trailing "=" " which implies > > that > > > > a base 64 encoding ends with exactly one equal sign. But I > > believe > > > > there can be zero, one, or two equal signs. I suggest the > > following: > > > > OLD > > > > The truncated output is > > > > base64url encoded (Section 5 of [RFC4648]) with the > > trailing > > > > "=" removed from the encoding, and the resulting value > > used as > > > > the 'cuid'. > > > > NEW > > > > The truncated output is > > > > base64url encoded (Section 5 of [RFC4648]) with any > > trailing > > > > equal signs ("=") removed from the encoding, and the > > > > resulting value used as the 'cuid'. > > > > > > > > [Med] We meant “any trailing”. Fixed by updating to “two trailing > > "="” > > > > > > That still seems wrong to me. The initial wording ("the trainling > > > "="") implied exactly one equal sign. The new wording ("the two > > > training "="") implies exactly two equal signs. But there can be > > zero, > > > one, or two. If you mean "any training "="", which would be good, > > why > > > don't you say that (or, alternatively, "all trailing")? > > > > In this case the quantity in question is always a 16-byte binary > > quantity that's being base64-encoded, so there always will be two > > padding characters to remove. > > > > > > > > > >... > > > > > > > > Section 7.3: Since the PMTU can change and could be lower that > > the > > > > values suggested to be assumed in the first paragraph of Section > > > > 7.3, it is essentially impossible to conform to the first > > sentence > > > > as written. I suggest the following change: > > > > OLD > > > > To avoid DOTS signal message fragmentation and the subsequent > > > > decreased probability of message delivery, DOTS agents MUST > > ensure > > > > that the DTLS record fits within a single datagram. > > > > > > > > [Med] We are echoing the following from Section 4.1.1 of 6347: > > > > > > > > “Each DTLS record MUST fit within a single datagram.” > > > > > > I don't agree that you are "echoing" RFC 6347. If you were, you > > would > > > say > > > > > > "To avoid DOTS signal message fragmentation and the subsequent > > > decreased probability of message delivery, the DTLS records MUST > > fit > > > within a single datagram." > > > > > > If you had said that, I would not have complained. It is a true > > > statement of the bad effects DTLS records not fitting in a > > datagram. > > > > I think I see your point. Since RFC 6347 already has a "MUST fit" > > requirement, we could just rely on that and avoid using new normative > > language (I think your point is that "MUST ensure" is not something > > that can reliably be achieved, since the DOTS agent may not know > > about MTU changes). Perhaps we can say something like: > > > > To avoid DOTS signal message fragmentation and the subsequent > > decreased probability of message delivery, the DLTS records need to > > fit within a single datagram [RFC6347]. > > > > > > > > NEW > > > > To avoid DOTS signal message fragmentation and the subsequent > > > > decreased probability of message delivery, DOTS agents MUST > > NOT > > > > send datagrams exceeding the limits discussed in this Section. > > > > > > > > ... > > > > > > > > The way this sentence talks about moving around "mitigation > > efficacy" > > > > reads very strangely to me. I suggest the following re-wording: > > > > OLD > > > > A compromised DOTS client can collude with a DDoS attacker to > > send > > > > mitigation request for a target resource, get the mitigation > > efficacy > > > > from the DOTS server, and convey the mitigation efficacy to > > the DDoS > > > > attacker to possibly change the DDoS attack strategy. > > > > NEW > > > > A compromised DOTS client can be commanded by a DDoS attacker > > to > > > > abuse mitigation requests for a target resource. This could > > use the > > > > "mitigation" abilities of the DOTS server for the benefit of > > the > > > > attacker possibly leading to a changed and more effective DDoS > > > > attack strategy. > > > > > > > > [Med] Thanks. I prefer the OLD wording. > > > > > > I think I understand what you mean by "efficacy" more clearly now > > but > > > I still think you should fix the grammar by changing "request" in > > the > > > 2nd line to "requests" (or, if you really mean this to be singular, > > > change the wording to "a mitigation request"). > > > > (I think it's supposed to be singular. Yes, there's a cardinality > > mismatch.) > > > > Thanks again, > > > > Ben > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. >
- [secdir] SECDIR Review draft-ietf-dots-rfc8782-bi… Donald Eastlake
- Re: [secdir] SECDIR Review draft-ietf-dots-rfc878… mohamed.boucadair
- Re: [secdir] SECDIR Review draft-ietf-dots-rfc878… Donald Eastlake
- Re: [secdir] SECDIR Review draft-ietf-dots-rfc878… Benjamin Kaduk
- Re: [secdir] SECDIR Review draft-ietf-dots-rfc878… mohamed.boucadair
- Re: [secdir] SECDIR Review draft-ietf-dots-rfc878… Donald Eastlake