IETF Logo Mail Archive

Re: [Dots] clarification questions from the hackathon

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 28 March 2019 17:39 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0042012002F for <dots@ietfa.amsl.com>; Thu, 28 Mar 2019 10:39:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sHiBPpfy5wCJ for <dots@ietfa.amsl.com>; Thu, 28 Mar 2019 10:39:24 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E5A3120247 for <dots@ietf.org>; Thu, 28 Mar 2019 10:39:23 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1553794495; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=2 1yvv9FaPpMasoGgCtb1BL1UuZJfuvYhhWey0V+A3c 8=; b=atuDFMJJC0vHMpGvcqQkPhZT9sGRtCqT+rFeWUpA8hJ2 3dbVHrVf/FxSdAtazGUDgYKCLBW/cTK3VjsLfsDs0T9e3VkTSF U4iqaBT1TcthOpDioighutFFHMTuVOW1q3frdSf24FINIHYIEQ oxhDo7Y/1/C5wBjHKvBYsUYINlM=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 6d1a_8a0b_dbbbbbce_f3a4_4988_b443_6acd54aa123b; Thu, 28 Mar 2019 11:34:54 -0600
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 28 Mar 2019 11:39:03 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Thu, 28 Mar 2019 11:39:03 -0600
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (10.44.176.243) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 28 Mar 2019 11:39:02 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2983.namprd16.prod.outlook.com (20.178.235.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.15; Thu, 28 Mar 2019 17:39:01 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::45af:2add:90a4:135f]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::45af:2add:90a4:135f%3]) with mapi id 15.20.1750.014; Thu, 28 Mar 2019 17:39:01 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Jon Shallow <supjps-ietf@jpshallow.com>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, kaname nishizuka <kaname@nttv6.jp>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] clarification questions from the hackathon
Thread-Index: AdTliGx+SHuMyqAwQXGIbxMDIEwnuAAAWf7Q
Date: Thu, 28 Mar 2019 17:39:00 +0000
Message-ID: <BYAPR16MB27904C04BA21625D7635237CEA590@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <108a01d4e588$72f886b0$58e99410$@jpshallow.com>
In-Reply-To: <108a01d4e588$72f886b0$58e99410$@jpshallow.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [185.125.224.9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1715a14f-e763-4b25-bf01-08d6b3a443bf
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2983;
x-ms-traffictypediagnostic: BYAPR16MB2983:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BYAPR16MB29830BEE20C44AD604480BD0EA590@BYAPR16MB2983.namprd16.prod.outlook.com>
x-forefront-prvs: 0990C54589
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(136003)(396003)(366004)(39860400002)(13464003)(32952001)(53754006)(199004)(189003)(6436002)(3846002)(6116002)(6306002)(2906002)(106356001)(105586002)(66066001)(8936002)(229853002)(102836004)(6506007)(74316002)(476003)(446003)(81166006)(11346002)(81156014)(8676002)(26005)(486006)(68736007)(53546011)(7696005)(55016002)(76176011)(110136005)(186003)(99286004)(52536014)(316002)(6246003)(97736004)(305945005)(9686003)(5660300002)(80792005)(14454004)(25786009)(71200400001)(256004)(14444005)(53936002)(72206003)(966005)(5024004)(71190400001)(7736002)(478600001)(86362001)(2501003)(33656002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2983; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: AE4siBY/Llf+j75DeytmrfL8rTknX4JcjJAwEhXQj/nJK8HomhuLknbzakIFEtHv/wCC1WZn+rjveAhVNHtdbM/BCAG/VpU3pYygeTtmjwOY23z9Sc0BfYP7fv+MCET5cnUcV8BbbMafJCLBGU2pYkQx5+mAUAJj3EJS3r4XkOTZcREeocmgN7n6uX/PLBduFJ7hktfVIYJPQ1LJlvR4LSibi77P82ffkizNHCv90gf6Jf92K1UU3jww8oODFHQ+ztJiqZPs3TaZk3RMGSCPNwBJElhuFzzLgovdiplNf8Di7xRQUQfuRXEiWwXvlOEjnaEnxY0lOGk7azc/iVJmRYhvgmn6gxoQ7Tj8j9C+RknkKnezgD1llet2kmB+YtqvI3OJvnWZ5jjbEJXRZxdiVT7s5cD0M28WPEAcGidqFOs=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 1715a14f-e763-4b25-bf01-08d6b3a443bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2019 17:39:01.0420 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2983
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6513> : inlines <7045> : streams <1817035> : uri <2821395>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/-nc5hX9TNKrSnka-dBALz32LyMQ>
Subject: Re: [Dots] clarification questions from the hackathon
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 17:39:27 -0000

> -----Original Message-----
> From: Dots <dots-bounces@ietf.org> On Behalf Of Jon Shallow
> Sent: Thursday, March 28, 2019 6:05 PM
> To: mohamed.boucadair@orange.com; kaname nishizuka
> <kaname@nttv6.jp>; dots@ietf.org
> Subject: Re: [Dots] clarification questions from the hackathon
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
> 
> Hi All,
> 
> See inline
> 
> Regards
> 
> Jon
> 
> > -----Original Message-----
> > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of ietf-
> > supjps-mohamed.boucadair@orange.com
> > Sent: 28 March 2019 13:39
> > To: kaname nishizuka; dots@ietf.org
> > Subject: Re: [Dots] clarification questions from the hackathon
> >
> > Re-,
> >
> > Please see inline.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : Dots [mailto:dots-bounces@ietf.org] De la part de kaname
> > > nishizuka Envoyé : jeudi 28 mars 2019 11:38 À : dots@ietf.org Objet
> > > : [Dots] clarification questions from the hackathon
> > >
> > > Hi,
> > >
> > > I'd like to continue discussion of these topics in the ML.
> > >
> > > #1: Questions about signal-control-filtering
> > >   1. Should a mitigation request create a mitigation before doing a
> > > PUT + acl-list [{acl-name, activation-type}] against the active
> > > mitigation, or is a ‘PUT + acl-list [{acl-name, activation-type}]’
> > > allowed to create a new mitigation?
> >
> > [Med] Both are currently allowed in the draft. I don't still a valid
> > reason to restrict this.
> 
> [Jon] As per draft
>    A DOTS client MUST NOT use the filtering control over DOTS signal
>    channel if no attack (mitigation) is active;
> 
> [Jon] then needs to be reworded as there is no active mitigation until the
> PUT is done...
> I believe that both cases should be supported.

Agreed.

> >
> > >   2. Should the response to a GET (or Observed GET) include the
> > > acl-list [{acl-name, activation-type}] if the PUT included it?
> >
> > [Med] The current spec says "no". That's said, what would be the value
> > in returning it? Then, why not allowing to return the references to
> > all ACLs that are enabled during the mitigation time?
> >
> [Jon] When observing the mitigation request, if the activation-type is
> changed externally, the client will then know about the change. Assuming
> the response got back to the client, this is effectively an ACK to the fact that
> the ACL change got through.

Yup,  the GET response should include the acl-list. We will also have to discuss if the observed GET should convey the 
counters for the activated filtering rules using DOTS signal channel.

> 
> Interesting concept about knowing about all the relevant ACLs as returned
> over the signal channel.  More work for the server to do in determining
> which ACLs are valid for, say, a specific IP address that is being mitigated.
> Not entirely convinced of the benefit of this as this generally is available
> over the data channel.
> 
> > >   3. Does the response to the PUT (the echoed back response payload
> > > of the PUT representation
> > > https://tools.ietf.org/html/rfc7252#section-5.9.1.1 ) include the acl-list (if
> defined) or not?
> >
> > [Med] It doesn't as we don't change the behavior of the base spec.
> >
> [Jon] By base spec I assume you mean the signal draft.  However the answer
> has to be "yes - it is included" if following RFC7252 5.9.1.1 and "The payload
> returned with the response, if any, is a representation of the action result".
> 
> Again, it is letting the client know that the PUT actually did get through
> (assuming the response gets through) prior to doing any GETs.

Yup, the PUT response should include the acl-list.

> ~jon
> 
> > >   4. Is the activation change to the ACL a permanent change to the
> > > ACL (so a GET on the data channel returns the new type)?
> >
> > [Med] Yes. The draft will be updated to make this clearer.
> >
> > >   5. Does the activation change to the ACL count as an ACL refresh
> > > (pending- lifetime update)?
> >
> > [Med] Yes. Some text will be added to clarify the refresh point.
> > That's said, as discussed in the data-channel, the dots client may
> > need to send a GET after an attack for sync purposes.

If the pending-lifetime expires when the mitigation is active, the DOTS server must not delete the aliases and filtering entries.
We may want to update DOTS data channel to clarify the above point.

Cheers,
-Tiru

> >
> > >   6. Is CBOR activation –type comprehension-required or
> > > comprehension- optional?
> > >
> >
> > [Med] This is a comprehension-required attribute (already discussed in
> > the draft).
> >
> > > Regarding with the 1st point, we got feedbacks from Med and Tiru
> > > that both should be allowed.
> > > If ‘PUT + acl-list [{acl-name, activation-type}]’ allowed to create
> > > a new mitigation, it should be treated as this is a request in "attack-time".
> >
> > [Med] I confirm.
> >
> > >
> > > (#2: Data Channel Implicit protocol number was addressed clearly by
> > > Med's
> > > comment.)
> > >
> > > #3: (D)TLS session lifetime
> > >  From the view point of DOTS server, when to expire the old (D)TLS
> > > session
> > is
> > > implementation specific though, I'd like to hear from experts about
> > > preferable setting (timer or something else...?)
> > >
> >
> > [Med] For me, this is implementation-specific.
> >
> > > thanks,
> >
> > [Med] Many thanks for sharing the feedback from the hackathon. Much
> > appreciated.
> >
> > > Kaname
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email