Minutes for DOTS at interim-2016-dots-01
minutes-interim-2016-dots-01-1

DDoS Open Threat Signaling (DOTS) WG
Virtual Interim Meeting Minutes

Tuesday, June 21, 2016
1400-1530 UTC

1. Note well, logistics and introduction
========================================
Presenters: Roman Danyliw, Tobias Gondrom
Slides:
https://www.ietf.org/proceedings/interim/2016/06/21/dots/slides/slides-interim-2016-dots-1-0.pdf

The chairs presented a summary of the working group's activities.

Approximately 13 - 16 participants were online through-out the virtual interim
meeting.

Q: The milestones indicate data model and transport drafts. Should any current
drafts be designated as such? A (chairs): Not yet.  Some of the current
solutions oriented drafts include both a data model and transport in a single
document.

2. Use Case Discussion
======================
Existing drafts:
   - draft-ietf-dots-use-cases-01
   - draft-nishizuka-dots-inter-domain-usecases-01
   - Use cases of draft-nishizuka-dots-inter-domain-mechanism-00

Use Case drafts
---------------
Presenters: Roland Dobbins and Daniel Migault
Slides:
https://www.ietf.org/proceedings/interim/2016/06/21/dots/slides/slides-interim-2016-dots-1-1.pdf

Dobbins and Migault discussed progress on consolidating the current three use
case drafts into a single document, draft-dots-use-cases-02.

Q (Andrew Mortensen): How does the process section overlap with the
architecture draft? A (Roland Dobbins): Not significantly.  This section is
intended to show examples or categories of use cases. A (Tobias Gondrom):
Please document the text somewhere and we can deconflict between drafts as
required later.

Comment (Roland Dobbins): new -02 draft should be complete for review by June
30, 2016

Unique Use Cases
----------------
Presenter: Kaname Nishizuk
Slides:
https://www.ietf.org/proceedings/interim/2016/06/21/dots/slides/slides-interim-2016-dots-1-4.pdf

Nishizuk discussed the unique use cases present in the three use case drafts.

Comment (Frank Liang Xia): Use case #3 and 7 are the same.
A (Roland Dobbins): They are trying to call out different scenarios. A balance
needs to be found in consolidating use cases. A (Frank Liang Xia): The
signaling is not different between these use cases. A (Roland Dobbins):
Aggregation at a policy point may be different; not just a inter/intra domain
consideration A (Tobias Gondrom): Please make one document and we can
deconflict later.

3. Requirements Discussion
==========================
Presenter: Andrew Mortensen
Slides:
https://www.ietf.org/proceedings/interim/2016/06/21/dots/slides/slides-interim-2016-dots-1-2.pdf
Existing draft:
   - draft-ietf-dots-requirements-01

Mortensen discussed progress and open issues in the requirements draft.

Q (Flemming Andreasen): When should feedback be provided?  Should we wait until
-02 is released? A (Andrew Mortensen): No need to wait.

Q (Flemming Andreasen): Where are the data model requirements?
A (Andrew Mortensen): They're missing and still needed.  There won't be any in
-02. A (Flemming Andreasen): I recommend adding a placeholder section for them.
A (Andrew Mortensen): Makes sense.

Comment (Roland Dobbins): The use case editors don't see new requirements to
add from the use cases.

Comment (Roland Dobbins): There was a comment on the mailing list that it is
easy for clients to authenticate to a server, but the reverse is difficult.  We
definitely need mutual authentication.

Comment (Roland Dobbins): There was a comment on the mailing list to eliminate
relay as a node type (but leave it as a function).  This might add additional
requirements onto the client and servers.

Comment (Roland Dobbins): There was a comment on the mailing list concerning
congestion.  More discussion is needed to determine how communication channel
failure is handled.

Comment (Nik Teague): Consider adding text from the architecture draft's
Security Considerations into the requirements draft.

Comment (Andrew Mortensen): The requirements draft team needs to review the use
case drafts to find any conflicts. Comment (Frank Liang Xia): This is
important.  I can help.

4. Architecture Discussion
===========================
Presenter: Andrew Mortensen
Slides:
https://www.ietf.org/proceedings/interim/2016/06/21/dots/slides/slides-interim-2016-dots-1-3.pdf
Existing draft:
   - draft-mortensen-dots-architecture-00

Mortensen discussed progress and open issues in the architecture draft.  Per an
accepted call for adoption at IETF 95, the next version of this draft will be
submitted as a WG document.

Comment (Roland Dobbins): Do we need to distinguish between server and client? 
Maybe just peers?

Comment (Roland Dobbins): It will be challenging to rely on DNS during an
attack. Comment (Andrew Mortensen): Understood, the current DNS usage occurs
only at provisioning.  It doesn't make during an attack.

Comment (Flemming Andreasen): It may be useful to have a client server.  There
are operational differences in their behaviors.  Do we need distinct node types
or just properties? Comment (Nik Teague): There are definitely various roles
but they may switch during the attack.  Discovering capabilities can add
complexity.

Q (Tobias Gondrom): As to the presentation made at MAAWG Nik, is Verisign a
member? A (Nik Teague): Yes. A (Tobias Gondrom): Any other requirements from
MAAWG discussion? A (Andrew Mortensen): This was their first introduction. 
There wasn't clarity on what the WG was doing. A (Roland Dobbins): Who
presented? A (Andrew Mortensen): C. Gray (Comcast) and R. Compton (Charter)

5. Open discussion and additional business
==========================================

There was no new business.  There was discussion about planning design meetings
during IETF 96:

Q (chairs): Should we schedule a design team meeting for implementers?
A: Yes
A: <various discussion on the best timing, see mailing list>

Q (chairs): Should we schedule a design team meetings the current drafts?
A: Yes
A: <various discussion on the best timing, see mailing list>

Comment: Please schedule an interim meeting between IETF 96 and 97.
A (chairs): Yes.

6. Closing discussion and way ahead summary
===========================================

Comment (Roman Danyliw): Please watch the mailing list for the schedule of
design team meetings during IETF 96.