--- 1/draft-ietf-dots-requirements-21.txt	2019-03-25 02:13:10.722239485 -0700
+++ 2/draft-ietf-dots-requirements-22.txt	2019-03-25 02:13:10.770240661 -0700
@@ -1,21 +1,21 @@
 
 DOTS                                                        A. Mortensen
 Internet-Draft                                            Arbor Networks
 Intended status: Informational                                  T. Reddy
-Expires: September 10, 2019                                       McAfee
+Expires: September 24, 2019                                       McAfee
                                                             R. Moskowitz
                                                                   Huawei
-                                                           March 9, 2019
+                                                          March 23, 2019
 
 Distributed Denial of Service (DDoS) Open Threat Signaling Requirements
-                    draft-ietf-dots-requirements-21
+                    draft-ietf-dots-requirements-22
 
 Abstract
 
    This document defines the requirements for the Distributed Denial of
    Service (DDoS) Open Threat Signaling (DOTS) protocols enabling
    coordinated response to DDoS attacks.
 
 Status of This Memo
 
    This Internet-Draft is submitted in full conformance with the
@@ -24,21 +24,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at https://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on September 10, 2019.
+   This Internet-Draft will expire on September 24, 2019.
 
 Copyright Notice
 
    Copyright (c) 2019 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (https://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
@@ -653,21 +653,21 @@
 
    SEC-002  Message Confidentiality, Integrity and Authenticity: DOTS
       protocols MUST take steps to protect the confidentiality,
       integrity and authenticity of messages sent between client and
       server.  While specific transport- and message-level security
       options are not specified, the protocols MUST follow current IETF
       best practices [RFC7525] for encryption and message
       authentication.  Client-domain DOTS gateways are more trusted than
       DOTS clients, while server-domain DOTS gateways and DOTS servers
       share the same level of trust.  A security mechanism at the
-      transport layer (e.g., TLS) is thus adequate to provide security
+      transport layer TLS/DTLS is thus adequate to provide security
       between peer DOTS agents.
 
       In order for DOTS protocols to remain secure despite advancements
       in cryptanalysis and traffic analysis, DOTS agents MUST support
       secure negotiation of the terms and mechanisms of protocol
       security, subject to the interoperability and signal message size
       requirements in Section 2.2.
 
       While the interfaces between downstream DOTS server and upstream
       DOTS client within a DOTS gateway are implementation-specific,
@@ -677,22 +677,22 @@
       server and DOTS client is running on the same logical device, the
       two DOTS agents could be implemented within the same process
       security boundary.
 
    SEC-003  Data privacy and integrity: Transmissions over the DOTS
       protocols are likely to contain operationally or privacy-sensitive
       information or instructions from the remote DOTS agent.  Theft,
       modification, or replay of message transmissions could lead to
       information leaks or malicious transactions on behalf of the
       sending agent (see Section 4 below).  Consequently data sent over
-      the DOTS protocols MUST be encrypted using secure transports (like
-      TLS and DTLS).  DOTS servers MUST enable means to prevent leaking
+      the DOTS protocols MUST be encrypted using secure transports TLS/
+      DTLS.  DOTS servers MUST enable means to prevent leaking
       operationally or privacy-sensitive data.  Although administrative
       entities participating in DOTS may detail what data may be
       revealed to third-party DOTS agents, such considerations are not
       in scope for this document.
 
    SEC-004  Message Replay Protection: To prevent a passive attacker
       from capturing and replaying old messages, and thereby potentially
       disrupting or influencing the network policy of the receiving DOTS
       agent's domain, DOTS protocols MUST provide a method for replay
       detection and prevention.