Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Call Home
draft-ietf-dots-signal-call-home-14

[Ballot comment]
(5.3.1) Please clarify if the entire source-prefix needs to fall within the responsibility of the DOTS server.

e.g. If the client needs all of 1.2.3.0/24 to be squelched, and this prefix is split between two domains, can the client send the same request to both servers, or can it simply replicate the same message to both and expect them to administer the relevant portions?

[Ballot comment]
The original ballot writeup noted that this document requested a port allocation even in the face of opposition from the designated expert, but that port request has since been removed.

[Ballot comment]
This protocol could have early on taken the decision to adhere to RFC6335 intention to preserve ports and thus been designed to share the port with the regular DOTS. As it is based on COAP and DTLS there are several mechanism one could have been using for demultiplexing that would have had little impact on the protocol and allowed it to be co-located on the same port.

I really like to avoid this type of unnecessary assignments in the future.

[Ballot discuss]
Section 7.1: Port request for DOTS signal for home.

I think the WG has failed to take the assignment principles in RFC 6335 to heart:

From Section 7:

  "The basic principle of service name and port number registry
  management is to conserve use of the port space where possible."

  o  IANA strives to assign only one assigned port number per service
      or application.

      Note: At the time of writing of this document, there is no IETF
      consensus on when it is appropriate to use a second port for an
      insecure version of a protocol.

  o  IANA strives to assign only one assigned port number for all
      variants of a service (e.g., for updated versions of a service).

  o  IANA strives to encourage the deployment of secure protocols.

  o  IANA strives to assign only one assigned port number for all
      different types of devices using or participating in the same
      service.

  o  IANA strives to assign port numbers only for the transport
      protocol(s) explicitly named in an assignment request.

  o  IANA may recover unused port numbers, via the new procedures of
      de-assignment, revocation, and transfer.

After having reviewed Appendix A I think the WG has made the wrong choice and also not considered all the available choices for enabling DOTS signal and call home to be colocated on the same port. Several options exists:

- URI name space so that it is the same protocol just making requests with different URIs depending on mode
- Use the already existing settings negotiation to determine the mode of operation.
- Using ALPN on (D)TLS connection establishment

From my perspective the DOTS WG have multiple choices that are quite simple to solve there colocation issue that would not incur significnat cost or overhead. Using an additional port do incur a cost of consuming a resource that is endless and not easily recoverable. I do share the IANA port experts team's verdict that this port assignment should be denied and alternative solution found as the motivation appears very weak.

[Ballot comment]
Hi,

Thanks for this document.

I support both Roman's DISCUSS and Barry's comment, in the sense that the document could probably benefit from some more guidance about how it is expected to be deployed.  Perhaps the Applicability Scope should constrain where it is expected for this protocol to be deployed (e.g. only in an ISP managed device).  It might also be beneficial to understand when DOTS Signal Call Home should be deployed instead of the Base DOTS Signal Channel.

One other comment:  I found the introduction text to section 1.1 to be informative, but it seemed to be a bit of a jump to section 1.2 when it immediately starts describing call-home as the solution.  I.e. section 1.1 makes it clear as to why running DDOS mitigation in the source network is beneficial, but doesn't necessarily lead (at least to me) to the reason why that means adding a reverse control channel to DOTS is the solution.

Regards,
Rob

[Ballot comment]
[[ questions ]]

[ section 5.3.1 ]

* Can the source-prefix include IPv4/IPv6 link-local prefixes?

  Can the server and client be on the same link (and therefore
  link-local addresses might have some discernable meaning)?

[Ballot comment]
Thanks for an easy-to-read document.  I understand Roman’s points, but conclude that while a primary use case is for home networks, it’s expected that the server for this will be a router that’s managed by the home user’s ISP, not by the average home user.  That setup is increasingly common, at least in the U.S., and it’s enabled many such functions that were not practical when users had to provide and manage their own routers.

I just have a few very minor comments:

— Section 1.1 —

  Such misbehaviors will have both a collateral
  damage that affects end users, and can harm the reputation of an
  Internet Service Provider (ISP) for being a source of attack traffic.

Nit: This sentence isn’t properly formed, as the two pieces of the “both” construction aren’t parallel.  I suggest this:

NEW
  Such misbehaviors can cause collateral damage
  that will affect end users, and can also harm the reputation of an
  Internet Service Provider (ISP) for being a source of attack traffic.
END

— Section 5.1 —

  enabling means for automating the
  provisioning of credentials on Call Home DOTS servers to authenticate
  to the Call Home DOTS client are encouraged.

Nit: the subject of this is the singular “enabling”, so “enabling  is encouraged,” not “are”.

— Section 7 —
Throughout the IANA Considerations, please make the contact points and change controller be “IETF” (not IESG nor IETF Chair), and use the email address .  That’s what the IESG considers the best way to refer to items where the IETF has change control.

[Ballot discuss]
It seems to me there is a missing operational guidance or undocumented deployment assumptions.  Since the motivational use case seems to be home networks (per Section 1.1), I assumed that the call home servers are running primarily consumer grade routers not managed by professional IT expertise.  If that assumption is true (and it should be documented if that is the case), then I find many of the operational recommendations not congruent with that environment.  Specifically, the degree of interaction and tuning seems outside the realm of expertise of someone without IT training and capabilities of home network ecosystem.  In particular:

-- Section 1.2
The Call Home DOTS server uses the DDoS attack traffic information to
  identify the compromised device in its domain that is responsible for
  launching the DDoS attack, optionally notifies a network
  administrator, and takes appropriate mitigation action(s).

How would such notification work?

-- Section 1.2 and 5.1.  Leaves credentials configuration as out of scope.  Section 1.2 references [I-D.ietf-dots-server-discovery] for provisioning.  In turn, Section 1 of [I-D.ietf.server-discovery] also declares this problem out of scope by saying “This document assumes that security credentials to authenticate DOTS server(s) are pre-provisioned to a DOTS client using a mechanism such as (but not limited to) those discussed in [RFC8572] or [I-D.ietf-anima-bootstrapping-keyinfra]”.  However, RFC8572 seems to rely on NETCONF and RESTCONF which seems like a rather uncommon feature of home routers.  BRKSI relies on a manufacturer supplied/contracted infrastructure and keystores that also seem uncommon for consumer grade equipment.

-- Section 5.3.1.
The Call Home DOTS server domain administrator consent MAY be
  required to block the traffic from the compromised device to the
  attack target.  An implementation MAY have a configuration knob to
  block the traffic from the compromised device to the attack target
  with or without DOTS server domain administrator consent.

The suggestion here seems to be that consumers are acquiring devices that can be remotely reconfigured with out a defined trust model?  Some policy or operational context seems appropriate here.

-- Section 5.3.1
... notifies the CPE
  administrator about the compromised device

Notify how?

-- Section 8.
Appropriate
  filters (e.g., access control lists) can be installed on the Call
  Home DOTS server and network between the Call Home DOTS agents so
  that only communications from a trusted Call Home DOTS client to the
  Call Home DOTS server are allowed.

This seems like a level of sophistication beyond your average home router user and a place where implementations should consider a secure defaults.

-- Section 8.
Call Home DOTS servers can also seek the consent of DOTS
  server domain administrator to block the traffic from the potentially
  compromised device to the target (see Section 5.3.1).

What would be the means to gain such consent?

-- Section 9.
Note that a Call Home DOTS server can seek an administrator's
  consent, validate the request by inspecting the relevant traffic for
  attack signatures, or proceed with both courses of action.

As above.

-- Section 9.

    The DOTS Call Home is only advisory in nature.  Concretely, the DOTS
  Call Home does not impose any action to be enforced within the
  network hosting an attack source; it is up to the Call Home DOTS
  server (and/or network administrator) to decide whether and which
  actions are required.

Such a decisions seems out beyond the ability of your average home router user.

-- Section 8  “... explicit policy (e.g., the Call Home DOTS client and server are managed by the same administrative entity),

Is there an underlying assumption that the ISP is managing the device?

[Ballot comment]
Thank you to Radia Perlman for the SECDIR review.

** Section 1.1.  The motivation for this protocol in the “home network device” ecosystem could use a bit more focus.

(a) network devices in a home network can offer network
  security functions (e.g., firewall [RFC4949] or Intrusion Protection
  System (IPS) service [I-D.ietf-i2nsf-terminology] on a home router)

(b) Hence, it is not possible to detect various DDoS attacks in
  the slow path ...

(c) a full-fledged DPI to
  detect these type of DDoS attacks is functionally or operationally
  not possible for all the devices

If IPS is done per (a), (b) and (c) don’t seem like issues. Certainly, NOT all devices support (a), but not ALL devices or limited by (b) and (c). 

The abstract is also clear that “The DOTS signal channel Call Home is not specific to home networks; the solution targets any deployment in which it is required to block DDoS attack traffic closer to the source(s) of a DDoS attack", but that fairly large other use cases doesn’t seem acknowledged here.

Bottom-line, I had difficulty following the motivation. 

** Section 1.1 presents an incomplete view of the problem to motivate the solution.  It notes that ISPs can already detect a DDoS attack down to the individual home network, but not the device (because of NATs).  The problem of what happens next remains unsaid.  It seems to me that options are the ISP shapes the traffic of that home network (affecting all of its devices) which is likely undesirable/blunt or the ISP tries to gain cooperation of the home network edge router to do something (which is the point of this document).

** Section 1.1.

  Existing approaches are still suffering from misused access network
  resources by abusive devices; the support of means for blocking such
  attacks close to the sources are missing. 

I didn’t understand what this means.  What “existing approaches”?

** Section 1.2.  For the home network case, the text seems to be missing text saying that this “Call Home DOTS” solution needs to be deployed on a CPE capable of some degree of mitigation per the kinds of features DOTS can express (and the details of this integration is out of scope).

[Ballot comment]
Thank you for the work put into this document. Congratulations for the many nice ASCII artworks ;-) Using the SVG alternate artwork could have even been nicer ;-)

Please find below  some non-blocking COMMENT points (but replies would be appreciated), and some nits.

I will let the transport AD to decide on the IANA point.

I hope that this helps to improve the document,

Regards,

-éric

== COMMENTS ==
-- Abstract --
I wonder whether the 2nd paragraph is really useful.

-- Section 1.1 --
Should the DOTS acronym be expanded before first use ?

Please add a reference to "Slowloris"

Did the authors/WG consider mentioning MUD in this lengthy discussion about IoT @ Home ?

-- Section 5.2.1 --
"When an outgoing attack that saturates the outgoing link", but, what about an "incoming attack" ?

-- Section 5.2.2 --
Thank you for using an IPv6-only example !

-- Section 5.3.1 --
Can source-prefix be a link-local address (normally not forwarded by a router but what if the CPE is a layer-2 node) ?

In figure 9, while "2001:db8:123::/128" is a valid node address but it looks like a prefix, may I suggest to use "2001:db8:123::1/128" that better suggest a host address ?

-- Section 5.3.2 --
Congratulations to the authors for describing the NAT64/MAP behaviors.

-- Section 8 --
"The DOTS Call Home can be misused " should probably include "server".

-- Section 9 --
How is the privacy among DOTS servers enforced ? E.g., how can the DOTS client only send mitigation information about subscriber A prefix(es) and not subscriber B prefix(es)? There could obviously be a link to RADIUS and DHCP servers but I did not read anything about this. Or is 'common sense' / implicit ?

== NITS ==

s/Figure 10 depictes/Figure 10 depicts/

[Ballot comment]
Copying from the ballot writeup:

  The IANA ports expert did not see sufficient reason to allocate another port for this usage, but the WG
  has found flaws in all alternate proposals raised to date.  It is also noted that NETCONF and RESTCONF
  call home have their own dedicated port numbers, and the situation here is somewhat analogous.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-dots-signal-call-home-11. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are five actions which we must complete.

First, IANA understands that the authors are requesting a port number for both TCP and UDP for dots-call-home. An expert review will be requested for the port request. The IANA state for the document will be set to "IANA NOT OK" until the port review is completed and approved.

Second, in the DOTS Signal Channel CBOR Key Values registry on the Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel registry page located at:

https://www.iana.org/assignments/dots/

eight new values are to be registered from the 32768-49151 range as follows:

+--------------------+-------+-------+------------+---------------+
| Parameter Name | CBOR | CBOR | Change | Specification |
| | Key | Major | Controller | Document(s) |
| | Value | Type | | |
+====================+=======+=======+============+===============+
|ietf-dots-call-home:| | | | |
| source-prefix | TBA1 | 4 | IESG | [ RFC-to-be ] |
+--------------------+-------+-------+------------+---------------+
|ietf-dots-call-home:| | | | |
| source-port-range | TBA2 | 4 | IESG | [ RFC-to-be ] |
+--------------------+-------+-------+------------+---------------+
|ietf-dots-call-home:| | | | |
| source-icmp-type- | TBA3 | 4 | IESG | [ RFC-to-be ] |
| range | | | | |
+--------------------+-------+-------+------------+---------------+
| lower-type | TBA4 | 0 | IESG | [ RFC-to-be ] |
+--------------------+-------+-------+------------+---------------+
| upper-type | TBA5 | 0 | IESG | [ RFC-to-be ] |
+--------------------+-------+-------+------------+---------------+
|ietf-dots-call-home:| | | | |
| alt-ch-client | TBA6 | 3 | IESG | [ RFC-to-be ] |
+--------------------+-------+-------+------------+---------------+
|ietf-dots-call-home:| | | | |
|alt-ch-client-record| TBA7 | 4 | IESG | [ RFC-to-be ] |
+--------------------+-------+-------+------------+---------------+
|ietf-dots-call-home:| | | | |
| ttl | TBA8 | 0 | IESG | [ RFC-to-be ] |
+--------------------+-------+-------+------------+---------------+

Third, in the DOTS Signal Channel Conflict Cause Codes registry also on the Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel registry page located at:

https://www.iana.org/assignments/dots/

a single value is to be registered as follows:

Code: [ TBD-at-Registration ]
Label: request-rejected-legitimate-traffic
Description: Mitigation request rejected. This code is returned by the DOTS server to indicate the attack traffic has been classified as legitimate traffic.
reference: [ RFC-to-be ]

IANA understands that the author have suggested a value of 4 for the code for this registration.

Fourth, in the ns registry on the IETF XML Registry page located at:

https://www.iana.org/assignments/xml-registry/

a new namespace will be registered as follows:

ID: yang:ietf-dots-call-home
URI: urn:ietf:params:xml:ns:yang:ietf-dots-call-home
Filename: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

As this document requests registrations in a Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. Expert review will need to be completed before your document can be approved for publication as an RFC.

Fifth, in the YANG Module Names registry on the YANG Parameters registry page located at:

https://www.iana.org/assignments/yang-parameters/

a new YANG module will be registered as follows:

Name: ietf-dots-call-home
File: [ TBD-at-Registration ]
Maintained by IANA? N
Namespace: urn:ietf:params:xml:ns:yang:ietf-dots-call-home
Prefix: dots-call-home
Module:
Reference: [ RFC-to-be ]

While the YANG module name will be registered after the IESG approves the document, the YANG module file will be posted after the RFC Editor notifies us that the document has been published.

The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2020-11-12):

From: The IESG
To: IETF-Announce
CC: kaduk@mit.edu, valery@smyslov.net, dots-chairs@ietf.org, dots@ietf.org, draft-ietf-dots-signal-call-home@ietf.org, Valery Smyslov
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Call Home) to Proposed Standard


The IESG has received a request from the DDoS Open Threat Signaling WG (dots)
to consider the following document: - 'Distributed Denial-of-Service Open
Threat Signaling (DOTS) Signal
  Channel Call Home'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-11-12. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document specifies the DOTS signal channel Call Home, which
  enables a Call Home DOTS server to initiate a secure connection to a
  Call Home DOTS client, and to receive attack traffic information from
  the Call Home DOTS client.  The Call Home DOTS server in turn uses
  the attack traffic information to identify compromised devices
  launching outgoing DDoS attacks and take appropriate mitigation
  action(s).

  The DOTS signal channel Call Home is not specific to home networks;
  the solution targets any deployment in which it is required to block
  DDoS attack traffic closer to the source(s) of a DDoS attack.

Editorial Note (To be removed by RFC Editor)

  Please update these statements within the document with the RFC
  number to be assigned to this document:

  o  "This version of this YANG module is part of RFC XXXX;"

  o  "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling
      (DOTS) Signal Channel Call Home";

  o  "| [RFCXXXX] |"

  o  reference: RFC XXXX

  Please update this statement with the RFC number to be assigned to
  the following documents:

  o  "RFC YYYY: Distributed Denial-of-Service Open Threat Signaling
      (DOTS) Signal Channel Specification" (used to be I-D.ietf-dots-
      rfc8782-bis)

  Please update TBD/TBA statements with the assignments made by IANA to
  DOTS Signal Channel Call Home.

  Also, please update the "revision" date of the YANG module.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dots-signal-call-home/


The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/3825/
  https://datatracker.ietf.org/ipr/3337/
  https://datatracker.ietf.org/ipr/4405/
  https://datatracker.ietf.org/ipr/3318/



The document contains these normative downward references.
See RFC 3967 for additional information:
    draft-ietf-dots-rfc8782-bis: Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification (None - IETF stream)

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? 

  Proposed Standard as indicated on the title page header and in the datatracker.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: 
Technical Summary:

  This document specifies the DOTS signal channel Call Home, which
  enables a DOTS server to initiate a secure connection to a DOTS
  client, and to receive the attack traffic information from the DOTS
  client.  The DOTS server in turn uses the attack traffic information
  to identify the compromised devices launching the outgoing DDoS
  attack and takes appropriate mitigation action(s).

  The DOTS signal channel Call Home is not specific to the home
  networks; the solution targets any deployment which requires to block
  DDoS attack traffic closer to the source(s) of a DDoS attack.

Working Group Summary:

  The -00 version of the document was published as individual I-D in October 2018.
  The call for adoption was issued in April 2019 and the WG support for the adoption was strong.
  The draft was well discussed and has been reviewed by many WG members.

Document Quality:

  Document authors are also co-authors of core DOTS documents (signal channel, data channel etc.)
  I believe that they have good understanding of DOTS architecture.
  There are at least two implementations of the draft.

Personnel:

  Valery Smyslov (shepherd)
  Benjamin Kaduk (AD)

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. 

  I have reviewed the document and found it ready.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? 

  No. The document was a subject of several reviews in the WG.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. 

  This specification is closely tied with DOTS Signal Channel Specification, which had some issues from TSV AD during IESG evaluation.
  While I don't see any transport issues in this draft, I believe that a review made by TSV experts would be helpful.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. 

  None.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

  All authors and contributors confirmed that they are not aware of any IPR related to this draft other than have been filed.
  ** Tirumaleswar Reddy -- https://mailarchive.ietf.org/arch/msg/dots/TVpDZxeQt2Jawt1AOVykzPMzCTU
  ** Mohamed Boucadair -- https://mailarchive.ietf.org/arch/msg/dots/txs29nVYVO2Yjw87qMJdFPXAeQw
  ** Jon Shallow -- https://mailarchive.ietf.org/arch/msg/dots/Oo5IHjZ_oxWIiBtEg32WGxzSVhc
  ** Wei Pan -- https://mailarchive.ietf.org/arch/msg/dots/kuHOeLJVLI5q7Fn_B9CCXebXjCE
  ** Joshi Harsha -- confirmed (the confirmation message didn't get to the list)

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. 

  There are two IPRs filed for this draft: by McAfee and by Orange (Orange's IPR has been filed twice, the second one just updated the first one).
  No discussion took place in the WG regarding these IPRs.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? 

  The WG consensus is solid.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) 

  No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. 

  No real ID nits were found by idnits tool except for referencing old versions of some active I-Ds, that can easily be fixed during publication.
  Note, that idnits tool reports an error of the following type: the abstract contains references [RFCXXXX]. In fact the text they encounter in is a note for RFC Editor and will be removed during publication.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. 

  The document contains a YANG module; I think it should be reviewed by YANG Doctors.

(13) Have all references within this document been identified as either normative or informative? 

  Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? 

  No.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. 

  No.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. 

  No.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126). 

  IANA actions are clearly described and are consistent with the body of the document.
  1) A new service name "dots-call-home" is added to the "Service Name and Transport Protocol Port Number" registry along with allocation
    a port number for it (both for TCP and UDP). Note, that it is expected that this allocation will be made before draft-ietf-dots-server-discovery
    is processed by IANA, since draft-ietf-dots-server-discovery contains a request to update this record. A situation may happen when this draft is processed by IANA
    after draft-ietf-dots-server-discovery, so the IANA should be instructed to handle this correctly.
  2) Eight new entries are added into "DOTS Signal Channel CBOR Key Values" sub-registry, which should be created when IANA has processed draft-ietf-dots-signal-channel (currently in the RFC Editor queue).
  3) A new entry is added into "DOTS Signal Channel Conflict Cause Codes" sub-registry, which should be created when IANA has processed draft-ietf-dots-signal-channel (currently in the RFC Editor queue).
  4) A new URN in the "IETF XML Registry" registry (urn:ietf:params:xml:ns:yang:ietf-dots-call-home) and a new entry in the "YANG Module Names" registry (ietf-dots-call-home) are allocated.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. 

  No new registries are defined.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

  The automated checks of YANG module done via datatracker show no validation errors or warnings.

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

  The YANG module was checked with pyang (2.1.1) and yanglint (0.14.80) tools; no validation errors or warnings were found.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? 

  Proposed Standard as indicated on the title page header and in the datatracker.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: 
Technical Summary:

  This document specifies the DOTS signal channel Call Home, which
  enables a DOTS server to initiate a secure connection to a DOTS
  client, and to receive the attack traffic information from the DOTS
  client.  The DOTS server in turn uses the attack traffic information
  to identify the compromised devices launching the outgoing DDoS
  attack and takes appropriate mitigation action(s).

  The DOTS signal channel Call Home is not specific to the home
  networks; the solution targets any deployment which requires to block
  DDoS attack traffic closer to the source(s) of a DDoS attack.

Working Group Summary:

  The -00 version of the document was published as individual I-D in October 2018.
  The call for adoption was issued in April 2019 and the WG support for the adoption was strong.
  The draft was well discussed and has been reviewed by many WG members.

Document Quality:

  Document authors are also co-authors of core DOTS documents (signal channel, data channel etc.)
  I believe that they have good understanding of DOTS architecture.
  There are at least two implementations of the draft.

Personnel:

  Valery Smyslov (shepherd)
  Benjamin Kaduk (AD)

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. 

  I have reviewed the document and found it ready.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? 

  No. The document was a subject of several reviews in the WG.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. 

  This specification is closely tied with DOTS Signal Channel Specification, which had some issues from TSV AD during IESG evaluation.
  While I don't see any transport issues in this draft, I believe that a review made by TSV experts would be helpful.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. 

  None.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

  All authors and contributors confirmed that they are not aware of any IPR related to this draft other than have been filed.
  ** Tirumaleswar Reddy -- https://mailarchive.ietf.org/arch/msg/dots/TVpDZxeQt2Jawt1AOVykzPMzCTU
  ** Mohamed Boucadair -- https://mailarchive.ietf.org/arch/msg/dots/txs29nVYVO2Yjw87qMJdFPXAeQw
  ** Jon Shallow -- https://mailarchive.ietf.org/arch/msg/dots/Oo5IHjZ_oxWIiBtEg32WGxzSVhc
  ** Wei Pan -- https://mailarchive.ietf.org/arch/msg/dots/kuHOeLJVLI5q7Fn_B9CCXebXjCE
  ** Joshi Harsha -- confirmed (the confirmation message didn't get to the list)

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. 

  There are two IPRs filed for this draft: by McAfee and by Orange (Orange's IPR has been filed twice, the second one just updated the first one).
  No discussion took place in the WG regarding these IPRs.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? 

  The WG consensus is solid.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) 

  No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. 

  No real ID nits were found by idnits tool except for referencing old versions of some active I-Ds, that can easily be fixed during publication.
  Note, that idnits tool reports an error of the following type: the abstract contains references [RFCXXXX]. In fact the text they encounter in is a note for RFC Editor and will be removed during publication.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. 

  The document contains a YANG module; I think it should be reviewed by YANG Doctors.

(13) Have all references within this document been identified as either normative or informative? 

  Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? 

  No.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. 

  No.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. 

  No.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126). 

  IANA actions are clearly described and are consistent with the body of the document.
  1) A new service name "dots-call-home" is added to the "Service Name and Transport Protocol Port Number" registry along with allocation
    a port number for it (both for TCP and UDP). Note, that it is expected that this allocation will be made before draft-ietf-dots-server-discovery
    is processed by IANA, since draft-ietf-dots-server-discovery contains a request to update this record. A situation may happen when this draft is processed by IANA
    after draft-ietf-dots-server-discovery, so the IANA should be instructed to handle this correctly.
  2) Eight new entries are added into "DOTS Signal Channel CBOR Key Values" sub-registry, which should be created when IANA has processed draft-ietf-dots-signal-channel (currently in the RFC Editor queue).
  3) A new entry is added into "DOTS Signal Channel Conflict Cause Codes" sub-registry, which should be created when IANA has processed draft-ietf-dots-signal-channel (currently in the RFC Editor queue).
  4) A new URN in the "IETF XML Registry" registry (urn:ietf:params:xml:ns:yang:ietf-dots-call-home) and a new entry in the "YANG Module Names" registry (ietf-dots-call-home) are allocated.

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. 

  No new registries are defined.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

  The automated checks of YANG module done via datatracker show no validation errors or warnings.

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

  The YANG module was checked with pyang (2.1.1) and yanglint (0.14.80) tools; no validation errors or warnings were found.