IETF Logo Mail Archive

Re: [DNSOP] Suresh Krishnan's No Objection on draft-ietf-dnsop-dns-capture-format-08: (with COMMENT)

Suresh Krishnan <Suresh@kaloom.com> Fri, 30 November 2018 05:37 UTC

Return-Path: <Suresh@kaloom.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 207C7128A6E; Thu, 29 Nov 2018 21:37:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kaloom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KHnG5E99qG1I; Thu, 29 Nov 2018 21:37:19 -0800 (PST)
Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660123.outbound.protection.outlook.com [40.107.66.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48357128766; Thu, 29 Nov 2018 21:37:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaloom.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pXyLnv6EzjHhd8LT94LSrzN+vv3lAnO7jA/nhcn4644=; b=vCiRk+X9TnwV8ocaOedhuKPkVqSXimKATOftlpZ8WobBX+PyFzjzQF2TrgrDN9EUh4xhvYQ/nt2rqyXEwW9vXaTj9zc07rKrmsam/YT90vuwDrrDqaGpx3frDXHERhDi4OzWBP9odtzeRN/YFZ3skdeYuUw+2vvHHlb/FxfFB1A=
Received: from YTOPR0101MB1819.CANPRD01.PROD.OUTLOOK.COM (52.132.44.159) by YTOPR0101MB1561.CANPRD01.PROD.OUTLOOK.COM (52.132.50.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1361.18; Fri, 30 Nov 2018 05:37:17 +0000
Received: from YTOPR0101MB1819.CANPRD01.PROD.OUTLOOK.COM ([fe80::5cb8:6da5:fffa:d207]) by YTOPR0101MB1819.CANPRD01.PROD.OUTLOOK.COM ([fe80::5cb8:6da5:fffa:d207%3]) with mapi id 15.20.1294.048; Fri, 30 Nov 2018 05:37:17 +0000
From: Suresh Krishnan <Suresh@kaloom.com>
To: Jim Hague <jim@sinodun.com>
CC: The IESG <iesg@ietf.org>, Tim Wicinski <tjw.ietf@gmail.com>, "dnsop@ietf.org" <dnsop@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "draft-ietf-dnsop-dns-capture-format@ietf.org" <draft-ietf-dnsop-dns-capture-format@ietf.org>
Thread-Topic: [DNSOP] Suresh Krishnan's No Objection on draft-ietf-dnsop-dns-capture-format-08: (with COMMENT)
Thread-Index: AQHUgmJdvfmOm6QPHE2cLzgSfPtjqqVmwXeAgAEXRIA=
Date: Fri, 30 Nov 2018 05:37:17 +0000
Message-ID: <2E8D3A6E-6021-44D8-A320-616E3631B3A8@kaloom.com>
References: <154281142792.11466.13031799522956020256.idtracker@ietfa.amsl.com> <17073c5d-667a-6de9-9226-d628c5e559ab@sinodun.com> <ccfc15db-77a2-d658-55a8-b1ae0cc626bf@sinodun.com>
In-Reply-To: <ccfc15db-77a2-d658-55a8-b1ae0cc626bf@sinodun.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Suresh@kaloom.com;
x-originating-ip: [45.19.110.76]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; YTOPR0101MB1561; 6:LrZ2ndVNXsR/rLmwpUXHRpYRh5YsmTYoYJJDEOhSHVelWRkIXit3aTLt6ZV1Ob9aLC4N+Y5dFKIss4L7HFSiiXnu54vR5DbdJGbxRfFC56Zk1TqsHxHX98UOt+nd4oguZv7WDOxCmSxlzpkQTiJkiSlVLp89vSumD8gLFtyUNqLQDxXHGzKhb4joeMDB9MKF+qz9X0gGtjHN2u1LAOmUnvUrmZV0FhN4JcoSw5ELDkA9Dso2kRvdm7tWEKhdh6XZZ7kf2RXdyrUs3u/mpNRz3HGTYE7CaXngL4X0CgZ8OVlcHGzERtKHCRRSI5EXIJz/8LAS/dkvPvNGXxhvpnFSuaYgcIVMyOZZHivBvbEb1WcPCyaIyG/TZ0YfwV4e3mD5hDSklNYL8e2TLLnF/Dp+fyNJ8CPpdPXbJgvpfWR4ag4+yBh19DhQ8hK3JehNIehKiJylYlwfIEZgod96Q1sLfw==; 5:7SoMlFqsBbZ4DKtn/WQoNyRQCakQGXR0Gmd17gWaG1ljhQQlGJrwhDpjycUeqNfRU9Eef6mLMxdnUpUFNPm9XkBJT7D9CiCV8q0YYOeMwU2BZImtGKXPPdaUiLO0SIXR22ri+V5h83nZN+WePbzJ9ps0atZ6uzKYoJuNLJX5v8I=; 7:kNJHho1S9VGmm61Xo4er0tlN6iGtB8QpUhJWhGQHdkxkbaCn+Q8BprxWireS5A2EkPlnI+Dc8ZuBI8Kgf3B8IykZpKC2hp+UGzA9J1NbA8HHNQs9YNS8nw9KFKJSqn+/lBuQtoY8whaCklGNJfUSzw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 090e6a9e-e621-496c-3d84-08d65685e3f1
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:YTOPR0101MB1561;
x-ms-traffictypediagnostic: YTOPR0101MB1561:
x-microsoft-antispam-prvs: <YTOPR0101MB15619C2F8023C8584E59AE72B4D30@YTOPR0101MB1561.CANPRD01.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(3231453)(999002)(944501461)(52105112)(10201501046)(148016)(149066)(150057)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(2016111802025)(6043046)(201708071742011)(7699051)(76991095); SRVR:YTOPR0101MB1561; BCL:0; PCL:0; RULEID:; SRVR:YTOPR0101MB1561;
x-forefront-prvs: 087223B4DA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(376002)(366004)(396003)(39830400003)(346002)(199004)(189003)(66066001)(54906003)(3846002)(6512007)(6436002)(5660300001)(53936002)(76176011)(6506007)(33656002)(8936002)(99286004)(316002)(97736004)(6116002)(6246003)(80792005)(14444005)(256004)(8676002)(7736002)(305945005)(186003)(26005)(39060400002)(53546011)(25786009)(102836004)(71200400001)(229853002)(4326008)(71190400001)(6916009)(36756003)(105586002)(81156014)(6486002)(14454004)(81166006)(2616005)(86362001)(82746002)(72206003)(68736007)(11346002)(2906002)(486006)(106356001)(446003)(508600001)(476003)(83716004); DIR:OUT; SFP:1102; SCL:1; SRVR:YTOPR0101MB1561; H:YTOPR0101MB1819.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: kaloom.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: a81RYxHChsVPX8EDxDYlgEsDsH3usbYRyGVtmuCSx1pQWr5G0yWIhrAvwKdetC4euC3iNkSj0nJfdyTWyHkxkKZ0vuOfxv1IbKv0juiV7d+LOHyDwFYgjGrSYbka4TTWOB9sWgjXuwEZr6lk5iMzikvDcE05RAA2jsuqD1jyGYzt+sNVkQBIbrhgFh6y7IODlduObguwKnv8lFUSlmDIKlz4Q07brPIpqanrizhnhDqmkzg36112q1uN346Ph8uw2y86QrQ46FeWRxTB65+1vK+RTLbYrnZYwUOUs4vS+KlDMBDyH5/ejOACweeLQaw4Y5xo/ni93d+emLr17mBgUF83Go1gozy+W0vIs1GDz+E=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-ID: <5D253BE4D0CA244C9E8ADE3E815689F8@CANPRD01.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: kaloom.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 090e6a9e-e621-496c-3d84-08d65685e3f1
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2018 05:37:17.2829 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 47d58e26-f796-48e8-ac40-1c365c204513
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTOPR0101MB1561
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/HQsw1jtNXtLAZBbVCTAHgcgQUpE>
Subject: Re: [DNSOP] Suresh Krishnan's No Objection on draft-ietf-dnsop-dns-capture-format-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 05:37:22 -0000

> On Nov 29, 2018, at 7:57 AM, Jim Hague <jim@sinodun.com> wrote:
> 
> On 22/11/2018 12:53, Jim Hague wrote:
>> On 21/11/2018 14:43, Suresh Krishnan wrote:
>>> * Section 7.4.1.1.
>>> 
>>> Looks like you can limit the
> {client,server}-address-prefix-{ipv4,ipv6} fields
>>> to one byte to restrict the range. e.g.
>>> 
>>> client-address-prefix-ipv6 => uint .size 1
>>> 
>>> Similar restrictions can be used for port (2) and TTL/hop limit (1)
> fields.
>> [....]
>> 
>> As to whether there is value in applying size or range restrictions
>> throughout the rest of the fields, we're not so sure. As well as port
>> and hoplimit, many of the DNS items (e.g. opcode, rcode) could also be
>> allocated a maximum size. Or possibly we should only put a range on
>> user-specified items such as VLAN IDs or opcodes to capture.
>> 
>> We'll ask the CBOR WG mailing list if there is a preferred CDDL style
>> for these cases.
> The CBOR WG report there is as yet no received style, or in this case
> right answer.
> 
> In the context of C-DNS, I am inclined to express ranges where values
> stored are generated by the C-DNS application, but not for values of DNS
> traffic items. C-DNS is storing traffic collected by one means or
> another, and I think it should be storing what's reported. Expressing
> validity ranges moves towards C-DNS being required to validate the
> traffic. We intend C-DNS to be a storage mechanism, not a validation one.
> 
> So I suggest we specify validity ranges only for the following
> configuration items:
> 
> StorageParameters:
> * IPv6 prefix length. 1..32.
> * IPv4 prefix length. 1..128.
> * OPCODE (in list of OPCODEs to collect). 0..15.
> * RR TYPE (in list of RR TYPEs to collect). 0..65535 or uint .size 2.
> 
> CollectionParameters:
> * Promiscuous mode. Make this a boolean, holding CBOR true or false.
> * VLAN ID (in list of VLAN IDs to collect). 1..0xffe.

Thanks Jim. That works for me.

Regards
Suresh

v2.23.0 | Report a Bug | By Email