Minutes IETF100: dots
DDoS Open Threat Signaling
||Minutes IETF100: dots
DDoS Open Threat Signaling (DOTS) WG Minutes
Tuesday, November 14, 2017
13:30-15:30, Afternoon session I
Co-Chairs: Roman Danyliw and Tobias Gondrom
[Note: the minutes are sequenced according to the planned agenda. Due to
remote connectivity issues, certain topics were discussed in a different order.]
1. Note well, logistics and introduction
presenters: Roman Danyliw and Tobias Gondrom (chairs)
The chairs summarized the status of the working group. They highlighted:
** The use of GitHub (https://github.com/dotswg/) to working copies of drafts
and issue tracking ** The deployment of a public test server for implementers
(https://www.ietf.org/mail-archive/web/dots/current/msg01604.html) ** An
updated DOTS WG wiki page (https://trac.ietf.org/trac/dots/wiki) ** Milestone
for informational documents are behind
2. Use Case Discussion
presenter: Roland Dobbins
Roland Dobbins remotely presented an update on the use case draft,
Comment: (Flemming Andreasen): I don't think we are ready for WGLC; some topics
need more discussion. We should also be spending more time on the protocol
Comment: (Chairs): We encourage all discussion on the use cases to be done
opening on the mailing list. It would appear that at least one more iteration
is needed for WGLC.
3. Requirements Discussion
presenter: Andrew Mortensen
Andrew Mortensen remotely presented an update on the requirements draft,
Comment: (Flemming Andreasen): Resolution of some of the remaining issues can
be done in the protocol itself (i.e., acl, black/white list, etc). It does not
need to consider in the requirement draft. A: (Andrew Mortensen): I'm fine with
Comment: (Chairs): Is there any known issues that would preclude WGLC?
: None heard.
: Chairs will start a WGLC in the next 2 weeks with a 2 week
duration for comments.
4. Architecture Discussion
presenter: Andrew Mortensen
Andrew Mortensen remotely presented an update on the architecture draft,
Q: (Andrew Mortensen): Does the latest draft adequately cover the NAT issues on
the mailing list? A: (Kaname Nishizuka): For mobile users, the 2 channels are
separated. The private IP space use cases may exist.
Q: (?): Why we need to consider multi-homing?
A: (Andrew Mortensen): I don't think the multi-homing is needed in the
architecture draft, but additional changes are being discussed. A: (Flemming
Andreasen): I agree with Andrew. Certain text changes can be accepted, but a
new appendix is not necessary. A: (Roland Dobbins): I agree with Andrew and
Flemming. A: (Roman Danyliw as individual): I have the same questions on how to
handle the multi-homing content -- appendix, an individual draft, or something
else? A: (Roman Danyliw as chair): Let's defer the conversation until after the
Q: (Chairs): When can you finish a document ready for WGLC? Next month?
A: (Andrew Mortensen): Yes.
A: (Chairs): Then we can proceed to a WGLC next month.
5. Protocol Discussion
Hackathon activity report
presenter: Kaname Nishizuka
Kaname Nishizuka presented on the DOTs-related work during the Hackathon held
on November 11 - 12. In addition to new code development, interoperability
testing was conducted between three implementations.
Comment: (Roman Danyliw): Thank you for this work!
Q: (Roman Danyliw) In the inter-op results, can you clarify the column with
Huawei's code? A: (Kaname Nishizuka): Huawei's implementation added feature and
extension for DOTS protocols based on the go-dots open source project. It aims
to justify the DOTS protocol can work on those added features and extensions as
well through their internal test.
Q: (?): How many use cases were covered in this Hackathon?
A: (Kaname Nishizuka): As our first interoperability test, we covered part of
use cases, but not all. We tested the basic use cases from the protocol
Q: (Roman Danyliw): Did you do any testing on the data channel?
A: (Kaname Nishizuka): Not this time due to time constraints. It will be
explored at the next IETF meeting.
Q: (Chairs): Are there any other companies interested in joining the next
Hackathon? A: (Andrew Mortensen): Arbor Networks is hoping to have news in the
Command: (Chairs): Please Kaname any remaining open questions about the
Hackathon to the mailing list, and pulls to github.
presenter: Mohamed Boucadair
Mohamed Boucadair provided an update on the DOTS signal,
draft-ietf-dots-signal-channel, and data channel, draft-ietf-dots-data-channel,
Per Slide 9:
Q: (Chairs): Per the change related to lower number mitigation-id being
automatically deleted, any concerns by the WG (this was a topic during the
interim meeting and on the mailing list)? A: (Sajid ?): What is the criteria of
deleting the automatic deletion? A: (Mohamed Boucadair): We assume that the
latest request reflects the up to date situation of dots client, but is under
more discussion. One problem is that different clients have respective views,
how to handle them without silo effects, we like to hear more from the WG. A:
(Flemming Andreasen): is it the per client based management? If it's not, I
have concerns, since there are then assumptions that some coordination exists.
We need more discussion A: (Mohamed Boucadair): it's not per client way, it's
per domain. A: (Roland Dobbins): I have concerns about ACLs support on DOTS
protocol, as they are router specific. we need to discuss more about it.
Per Slide 5:
Q: (Tobias Gondrom): Can you clarify the lifetime design rational? Do we even
need to specific the value of it? The real world situations will be varied. A:
(Mohamed Boucadair): It's just the recommended value. Operators can set one
that is appropriate. A: (Tobias Gondrom as an individual): recommended value
works for me, but as a default value is my concern.
Per Slide #11:
Q: (Mohamed Boucadair): Any questions or feedback on supporting the mutual
authentication? Certificates, TLS-PSK, or RSK? or all of them? A: (Bob
Moskowitz): In addition to EST, any other mechanisms is in consideration? A:
(Mohamed Boucadair): Of course, we can consider more in the protocol. A: (Bob
Moskowitz): One recommended, more can be used, such as: BRSKI in ANIMA, ... A:
(Roman Danyliw): How many authentication methods should be covered in DOTS
protocol, how to handle the optionality? A: (Bob Moskowitz): Certificates,
TLS-PSK, and RSK are ought to be included.
: (Flemming Andreasen): which mode to use is decided by the DOTS server.
: (Bob Moskowitz): yes
Q: (Chairs): Have you take a look of go-dots implementation of the DOTS
protocol? A: (Mohamed Boucadair): We have discussed some issues in interim
meeting and mailing list until now. We still need to track the latest result of
Hackathon to follow new issues.
presenter: Mohamed Boucadair
Mohamed Boucadair provided an update on the individual DOTS Multi-homing draft,
Comment: (Roland Dobbins): I don't think we need to go into that level of
detail in a draft. A: (Flemming Andreasen): As the architecture draft
co-author, I am not in favor of include this multi-homing topic as the
appendix. I think architecture draft already covers enough multi-homing
content. A: (Chairs): How about an individual draft? A: (Flemming Andreasen):
Q: (Chairs): How many people have reviewed this draft?
: Not very many from the poll in the room.
Comment: (Flemming Andreasen): Right now, we need to put more energy on the
protocol drafts. As Med mentioned, there is no identified impact on the dots
protocol, so I don't think we need to do it right now. I prefer to defer this
work. A: (Roland Dobbins): Agree. A: (Chairs): This draft needs more discussion
on the mailing list after there are more reviewers.
presenter: Mohamed Boucadair
Mohamed Boucadair provided an update on the individual DOTS Server discovery
Comment: (Tobias Gondrom as individual): Using RFC2119 terms (MUST...) might be
too strong; "must" is better.
Comment: (Flemming Andreasen): We don't need so many options for auto
discovery. Perhaps it should be based on the use cases and recommend one. A:
(Mohamed Boucadair): Can you help us to focus? A: (Roland Dobbins): We need to
finish the basic DOTS protocol ASAP. Auto discovery is getting ahead of
ourselves now, and depending on DNS usage should not be considered. A: (Tobias
Gondrom as individual): Generally agree the idea of auto discovery, it's
useful. A: (Flemming Andreasen): Concur. A: (Chairs): We encourage more reviews
and discussion on the mailing list. We will add this topic to the interim
Q: (Chairs): Why are there not more vendors involved in the implementation work?
A: (Roland Dobbins): Some vendors are waiting the standard to be finished and
to do the implementation A: (Kathleen Moriarty): Maybe there are some
implementation that we don't know about. TLS WG is a good example -- they are
doing the implementation together with the standard design A: (Tobias Gondrom):
If any vendors are interested in the protocol implementation, we as the chairs
can talk with them and provide our help.
The chairs summarized the draft actions from the meeting:
** draft-ietf-dots-use-cases: is not ready for WGLC; needs at least one more
revision ** draft-ietf-dots-requirements: ready for WGLC; will start in early
December 2017 ** draft-ietf-dots-architecture: is not ready for WGLC; will be
updated in December 2017; WGLC in January