Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
mohamed.boucadair@orange.com Fri, 11 February 2022 06:49 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E18BA3A08DC; Thu, 10 Feb 2022 22:49:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KDXVWFSg4CQL; Thu, 10 Feb 2022 22:49:51 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81BFB3A08CE; Thu, 10 Feb 2022 22:49:51 -0800 (PST)
Received: from opfedar04.francetelecom.fr (unknown [xx.xx.xx.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfedar20.francetelecom.fr (ESMTP service) with ESMTPS id 4Jw43y0Dxxz8tNH; Fri, 11 Feb 2022 07:49:50 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1644562190; bh=F2LlgzuXm+gaASTOpJGo2PHcEesy1Pj4+JUsbpbxhkE=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=qZS1FIXCIxlzJJ7hRjvMPZsqyoI7bWSfBCDB7J5361+UUHehygggDlTxSmSoz9kYM YetK74HS5Af2upcZZJIhXgNmwsrd6wjum0/HEEI0Q7Wo51aGkEFD3sMJ1UQqdcEHRx Xoosh6Ym5H0Na7FZsI/L46Wf4ziOImXjXP1DPjwuMkBL/yXRekGi1ozEHVQ3gErUiE a+WjdsRn+H889HQiz+hK0H+wKJbTLDWj8XQypTBy6iTTBhvnqAQynOru2nrKYNvbTZ A/s/pNlKTrFYNpuKKd0r3rga2MZCyaQFEDqW3uAMtDI4D+HCcnh2D+x+aGR+x+u1N9 DiBCSV/3rqfdA==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfedar04.francetelecom.fr (ESMTP service) with ESMTPS id 4Jw43x629dz1xp3; Fri, 11 Feb 2022 07:49:49 +0100 (CET)
From: mohamed.boucadair@orange.com
To: H Y <yuuhei.hayashi@gmail.com>, "dots@ietf.org" <dots@ietf.org>
CC: "dots-chairs@ietf.org" <dots-chairs@ietf.org>, Valery Smyslov <valery@smyslov.net>, "draft-ietf-dots-telemetry-use-cases@ietf.org" <draft-ietf-dots-telemetry-use-cases@ietf.org>
Thread-Topic: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
Thread-Index: AQHYHv49GMy/qStv90mVO3hDtAzquKyN54Vw
Content-Class:
Date: Fri, 11 Feb 2022 06:49:49 +0000
Message-ID: <17353_1644562189_6206070D_17353_218_1_787AE7BB302AE849A7480A190F8B93303549155E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <181601d81da8$0cee3a80$26caaf80$@smyslov.net> <23921_1644415165_6203C8BD_23921_233_1_787AE7BB302AE849A7480A190F8B93303548ECDA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAA8pjUPRUXSOwf-1EBA4BsDb7aYw792n59FUJFvzPYCKqNTcUg@mail.gmail.com> <CAA8pjUOrYQnJrzwcAhzmp5FMBDm__u4UomCYFDLDD7G09zNPnA@mail.gmail.com>
In-Reply-To: <CAA8pjUOrYQnJrzwcAhzmp5FMBDm__u4UomCYFDLDD7G09zNPnA@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-02-11T06:49:29Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=92ceb894-c2de-4057-bd11-fe18d8165218; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/1KIzL-0Ijo-eYWNIx8FHytyKbt4>
Subject: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Feb 2022 06:49:57 -0000
Hi Yuhei,
One quick comment about:
==
"attack-description": "DNS amplification Attack: This attack is a type of reflection attack in which attackers spoofes a target's IP address. The attackers abuses vulnerbilities in DNS servers to turn small queries into larger payloads."
==
and
==
"attack-description":"NTP amplification Attack: This attack is a type of reflection attack in which attackers spoofes a target's IP address. The attackers abuses vulnerbilities in NTP servers to turn small queries into larger payloads."
==
Please note that the telemetry spec says the following:
When conveying attack details in DOTS telemetry messages (Sections
8.2, 8.3, and 9), DOTS agents MUST NOT include the 'attack-
description' attribute unless the corresponding attack mapping
details were not previously shared with the peer DOTS agent.
So, the text should explain why "attack-description" attributes are present in the example.
You may consider removing them but add some text to recall the attack mapping over the data channel.
Thank you.
Cheers,
Med
> -----Message d'origine-----
> De : Dots <dots-bounces@ietf.org> De la part de H Y
> Envoyé : vendredi 11 février 2022 05:16
> À : dots@ietf.org
> Cc : dots-chairs@ietf.org; Valery Smyslov <valery@smyslov.net>;
> BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; draft-ietf-
> dots-telemetry-use-cases@ietf.org
> Objet : Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
>
> Hi all,
>
> We modified some nits and upload as 05. We will add some description to
> clarify our use cases.
>
> Comments are welcome.
>
> Thanks,
> Yuhei
>
> 2022年2月9日(水) 23:34 H Y <yuuhei.hayashi@gmail.com>:
> >
> > Hi Med,
> >
> > Thank you for your comments and suggestions.
> >
> > I will revise the draft in a few days.
> >
> > Thanks,
> > Yuhei
> >
> > 2022年2月9日(水) 22:59 <mohamed.boucadair@orange.com>:
> > >
> > > Hi Valery, all,
> > >
> > > I support advancing this document, but I think a revised version is
> needed.
> > >
> > > FWIW, some comments and suggestions can be found at:
> > > * pdf:
> > > https://raw.githubusercontent.com/boucadair/IETF-Drafts-Reviews/mast
> > > er/draft-ietf-dots-telemetry-use-cases-04-rev%20Med.pdf
> > > * doc:
> > > https://github.com/boucadair/IETF-Drafts-Reviews/raw/master/draft-ie
> > > tf-dots-telemetry-use-cases-04-rev%20Med.doc
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Dots <dots-bounces@ietf.org> De la part de Valery Smyslov
> > > > Envoyé : mercredi 9 février 2022 12:28 À : dots@ietf.org Cc :
> > > > dots-chairs@ietf.org; draft-ietf-dots-telemetry-use-cases@ietf.org
> > > > Objet : [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
> > > >
> > > > Hi,
> > > >
> > > > this message starts a two-week working group last call for
> > > > draft-ietf- dots-telemetry-use-cases-04.
> > > > The WGLC will end on Thursday, February 24. Please, review the
> > > > draft and send your comments to the mailing list.
> > > >
> > > > Regards,
> > > > Frank & Valery.
> > > >
> > > > _______________________________________________
> > > > Dots mailing list
> > > > Dots@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/dots
> > >
> > > ____________________________________________________________________
> > > _____________________________________________________
> > >
> > > Ce message et ses pieces jointes peuvent contenir des informations
> > > confidentielles ou privilegiees et ne doivent donc pas etre
> > > diffuses, exploites ou copies sans autorisation. Si vous avez recu
> > > ce message par erreur, veuillez le signaler a l'expediteur et le
> detruire ainsi que les pieces jointes. Les messages electroniques etant
> susceptibles d'alteration, Orange decline toute responsabilite si ce
> message a ete altere, deforme ou falsifie. Merci.
> > >
> > > This message and its attachments may contain confidential or
> > > privileged information that may be protected by law; they should not
> be distributed, used or copied without authorisation.
> > > If you have received this email in error, please notify the sender
> and delete this message and its attachments.
> > > As emails may be altered, Orange is not liable for messages that
> have been modified, changed or falsified.
> > > Thank you.
> > >
> >
> >
> > --
> > ----------------------------------
> > Yuuhei HAYASHI
> > 08065300884
> > yuuhei.hayashi@gmail.com
> > iehuuy_0220@docomo.ne.jp
> > ----------------------------------
>
>
>
> --
> ----------------------------------
> Yuuhei HAYASHI
> 08065300884
> yuuhei.hayashi@gmail.com
> iehuuy_0220@docomo.ne.jp
> ----------------------------------
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
- [Dots] WGLC for draft-ietf-dots-telemetry-use-cas… Valery Smyslov
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… Meiling Chen
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… Meiling Chen
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… Valery Smyslov