DDoS Open Threat Signaling (DOTS) WG Minutes IETF 100 Tuesday, November 14, 2017 13:30-15:30, Afternoon session I Room: Olivia Co-Chairs: Roman Danyliw and Tobias Gondrom [Note: the minutes are sequenced according to the planned agenda. Due to remote connectivity issues, certain topics were discussed in a different order.] 1. Note well, logistics and introduction ======================================== presenters: Roman Danyliw and Tobias Gondrom (chairs) slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-dots-chairs-update/ The chairs summarized the status of the working group. They highlighted: ** The use of GitHub (https://github.com/dotswg/) to working copies of drafts and issue tracking ** The deployment of a public test server for implementers (https://www.ietf.org/mail-archive/web/dots/current/msg01604.html) ** An updated DOTS WG wiki page (https://trac.ietf.org/trac/dots/wiki) ** Milestone for informational documents are behind 2. Use Case Discussion ====================== presenter: Roland Dobbins slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-dots-use-cases/ draft: draft-ietf-dots-use-cases-09 [editor notes: Roland Dobbins remotely presented an update on the use case draft, draft-ietf-dots-use-cases. Comment: (Flemming Andreasen): I don't think we are ready for WGLC; some topics need more discussion. We should also be spending more time on the protocol drafts.  Milestone discussion: Comment: (Chairs): We encourage all discussion on the use cases to be done opening on the mailing list. It would appear that at least one more iteration is needed for WGLC. 3. Requirements Discussion ========================== presenter: Andrew Mortensen slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-dots-requirements/ draft: draft-ietf-dots-requirements-07 Andrew Mortensen remotely presented an update on the requirements draft, draft-ietf-dots-requirements. Comment: (Flemming Andreasen): Resolution of some of the remaining issues can be done in the protocol itself (i.e., acl, black/white list, etc). It does not need to consider in the requirement draft. A: (Andrew Mortensen): I'm fine with that approach. Milestone discussion: Comment: (Chairs): Is there any known issues that would preclude WGLC? : None heard. : Chairs will start a WGLC in the next 2 weeks with a 2 week duration for comments. 4. Architecture Discussion ========================== draft-ietf-dots-architecture ---------------------------- presenter: Andrew Mortensen slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-dots-architecture/ draft: draft-ietf-dots-architecture-05 Andrew Mortensen remotely presented an update on the architecture draft, draft-ietf-dots-architecture. Q: (Andrew Mortensen): Does the latest draft adequately cover the NAT issues on the mailing list? A: (Kaname Nishizuka): For mobile users, the 2 channels are separated. The private IP space use cases may exist. Q: (?): Why we need to consider multi-homing? A: (Andrew Mortensen): I don't think the multi-homing is needed in the architecture draft, but additional changes are being discussed. A: (Flemming Andreasen): I agree with Andrew. Certain text changes can be accepted, but a new appendix is not necessary. A: (Roland Dobbins): I agree with Andrew and Flemming. A: (Roman Danyliw as individual): I have the same questions on how to handle the multi-homing content -- appendix, an individual draft, or something else? A: (Roman Danyliw as chair): Let's defer the conversation until after the multi-homing presentation. Milestone discussion: Q: (Chairs): When can you finish a document ready for WGLC? Next month? A: (Andrew Mortensen): Yes. A: (Chairs): Then we can proceed to a WGLC next month. 5. Protocol Discussion ====================== Hackathon activity report ------------------------- presenter: Kaname Nishizuka slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-dots-hackathon-and-interoperability-test-report/ Kaname Nishizuka presented on the DOTs-related work during the Hackathon held on November 11 - 12. In addition to new code development, interoperability testing was conducted between three implementations. Comment: (Roman Danyliw): Thank you for this work! Q: (Roman Danyliw) In the inter-op results, can you clarify the column with Huawei's code? A: (Kaname Nishizuka): Huawei's implementation added feature and extension for DOTS protocols based on the go-dots open source project. It aims to justify the DOTS protocol can work on those added features and extensions as well through their internal test.      Q: (?): How many use cases were covered in this Hackathon? A: (Kaname Nishizuka): As our first interoperability test, we covered part of use cases, but not all. We tested the basic use cases from the protocol exchange aspect.   Q: (Roman Danyliw): Did you do any testing on the data channel? A: (Kaname Nishizuka): Not this time due to time constraints. It will be explored at the next IETF meeting.   Q: (Chairs): Are there any other companies interested in joining the next Hackathon? A: (Andrew Mortensen): Arbor Networks is hoping to have news in the near future. Command: (Chairs): Please Kaname any remaining open questions about the Hackathon to the mailing list, and pulls to github.           draft-ietf-dots-signal-channel draft-ietf-dots-data-channel ------------------------------ presenter: Mohamed Boucadair slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-dots-signal-and-data-channel/ drafts: draft-ietf-dots-signal-channel-07 : draft-ietf-dots-data-channel-07 Mohamed Boucadair provided an update on the DOTS signal, draft-ietf-dots-signal-channel, and data channel, draft-ietf-dots-data-channel, drafts. Per Slide 9: Q: (Chairs): Per the change related to lower number mitigation-id being automatically deleted, any concerns by the WG (this was a topic during the interim meeting and on the mailing list)? A: (Sajid ?): What is the criteria of deleting the automatic deletion? A: (Mohamed Boucadair): We assume that the latest request reflects the up to date situation of dots client, but is under more discussion. One problem is that different clients have respective views, how to handle them without silo effects, we like to hear more from the WG. A: (Flemming Andreasen): is it the per client based management? If it's not, I have concerns, since there are then assumptions that some coordination exists. We need more discussion A: (Mohamed Boucadair): it's not per client way, it's per domain. A: (Roland Dobbins): I have concerns about ACLs support on DOTS protocol, as they are router specific. we need to discuss more about it. Per Slide 5: Q: (Tobias Gondrom): Can you clarify the lifetime design rational? Do we even need to specific the value of it? The real world situations will be varied. A: (Mohamed Boucadair): It's just the recommended value. Operators can set one that is appropriate. A: (Tobias Gondrom as an individual): recommended value works for me, but as a default value is my concern. Per Slide #11: Q: (Mohamed Boucadair): Any questions or feedback on supporting the mutual authentication? Certificates, TLS-PSK, or RSK? or all of them? A: (Bob Moskowitz): In addition to EST, any other mechanisms is in consideration? A: (Mohamed Boucadair): Of course, we can consider more in the protocol. A: (Bob Moskowitz): One recommended, more can be used, such as: BRSKI in ANIMA, ... A: (Roman Danyliw): How many authentication methods should be covered in DOTS protocol, how to handle the optionality? A: (Bob Moskowitz): Certificates, TLS-PSK, and RSK are ought to be included.      : (Flemming Andreasen): which mode to use is decided by the DOTS server. : (Bob Moskowitz): yes      Q: (Chairs): Have you take a look of go-dots implementation of the DOTS protocol? A: (Mohamed Boucadair): We have discussed some issues in interim meeting and mailing list until now. We still need to track the latest result of Hackathon to follow new issues. draft-boucadair-dots-multihoming -------------------------------- presenter: Mohamed Boucadair slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-dots-draft-boucadair-dots-multihoming/ draft: draft-boucadair-dots-multihoming-02 Mohamed Boucadair provided an update on the individual DOTS Multi-homing draft, draft-boucadair-dots-multihoming. Comment: (Roland Dobbins): I don't think we need to go into that level of detail in a draft. A: (Flemming Andreasen): As the architecture draft co-author, I am not in favor of include this multi-homing topic as the appendix. I think architecture draft already covers enough multi-homing content. A: (Chairs): How about an individual draft? A: (Flemming Andreasen): No idea. Q: (Chairs): How many people have reviewed this draft? : Not very many from the poll in the room. Comment: (Flemming Andreasen): Right now, we need to put more energy on the protocol drafts. As Med mentioned, there is no identified impact on the dots protocol, so I don't think we need to do it right now. I prefer to defer this work. A: (Roland Dobbins): Agree. A: (Chairs): This draft needs more discussion on the mailing list after there are more reviewers. draft-boucadair-dots-server-discovery ------------------------------------- presenter: Mohamed Boucadair slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-dots-draft-boucadair-dots-server-discovery/ draft: draft-boucadair-dots-server-discovery-03 Mohamed Boucadair provided an update on the individual DOTS Server discovery draft, draft-boucadair-dots-server-discovery. Comment: (Tobias Gondrom as individual): Using RFC2119 terms (MUST...) might be too strong; "must" is better. Comment: (Flemming Andreasen): We don't need so many options for auto discovery. Perhaps it should be based on the use cases and recommend one. A: (Mohamed Boucadair): Can you help us to focus? A: (Roland Dobbins): We need to finish the basic DOTS protocol ASAP. Auto discovery is getting ahead of ourselves now, and depending on DNS usage should not be considered. A: (Tobias Gondrom as individual): Generally agree the idea of auto discovery, it's useful. A: (Flemming Andreasen): Concur. A: (Chairs): We encourage more reviews and discussion on the mailing list. We will add this topic to the interim meeting agenda. 6. Closing ========== Open Mic -------- Q: (Chairs): Why are there not more vendors involved in the implementation work? A: (Roland Dobbins): Some vendors are waiting the standard to be finished and to do the implementation A: (Kathleen Moriarty): Maybe there are some implementation that we don't know about. TLS WG is a good example -- they are doing the implementation together with the standard design A: (Tobias Gondrom): If any vendors are interested in the protocol implementation, we as the chairs can talk with them and provide our help. Action summary -------------- The chairs summarized the draft actions from the meeting: ** draft-ietf-dots-use-cases: is not ready for WGLC; needs at least one more revision ** draft-ietf-dots-requirements: ready for WGLC; will start in early December 2017 ** draft-ietf-dots-architecture: is not ready for WGLC; will be updated in December 2017; WGLC in January