Re: [Dots] WGLC signal draft: Conflict information conflicts
"Jon Shallow" <supjps-ietf@jpshallow.com> Thu, 16 August 2018 08:05 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B564F13104D for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 01:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNBkfWuo0mbH for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 01:05:33 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01B8F130F6D for <dots@ietf.org>; Thu, 16 Aug 2018 01:05:32 -0700 (PDT)
Received: from [127.0.0.1] (helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.90_1) (envelope-from <jon.shallow@jpshallow.com>) id 1fqDHe-0003Nl-BH; Thu, 16 Aug 2018 09:05:30 +0100
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: mohamed.boucadair@orange.com, dots@ietf.org
References: <019701d43532$15826110$40872330$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93302DFAAAA3@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DFAAAA3@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Date: Thu, 16 Aug 2018 09:05:29 +0100
Message-ID: <01b601d43537$e5be89d0$b13b9d70$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01B7_01D43540.4784EDA0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQD2QQepuiCHo5SQHn0cuQkCWjKZGwIDwhgRpm3OUoA=
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/2I6mszBt4jwdifA8N2f2fJnswv0>
Subject: Re: [Dots] WGLC signal draft: Conflict information conflicts
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 08:05:47 -0000
Hi Med, Humble apologies not enough caffeine to get rid of word blindness! You are right, this is a non-issue. Regards Jon From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of mohamed.boucadair@orange.com Sent: 16 August 2018 08:55 To: Jon Shallow; dots@ietf.org Subject: Re: [Dots] WGLC signal draft: Conflict information conflicts Hi Jon, Please see inline. Cheers, Med De : Dots [mailto:dots-bounces@ietf.org] De la part de Jon Shallow Envoyé : jeudi 16 août 2018 09:24 À : dots@ietf.org Objet : [Dots] WGLC signal draft: Conflict information conflicts Hi there, Issue A. It is undefined as to how to tell the DOTS client that 4.09 conflict for a cuid has occurred as in 4.1.1 Request Mitigation DOTS servers MUST return 4.09 (Conflict) error code to a DOTS peer to notify that the 'cuid' is already in-use by another DOTS client. Upon receipt of that error code, a new 'cuid' MUST be generated by the DOTS peer. The DOTS client generates a new cuid for every 4.09 ??? [Med] Isnt this covered by this text? 3: CUID Collision. This code is returned when a DOTS client uses a 'cuid' that is already used by another DOTS client. This code is an indication that the request has been rejected and a new request with a new 'cuid' is to be re- sent by the DOTS client. I think we need a new conflict status 4: DOTS server has detected the presented cuid is already in use by another DOTS client. A new cuid needs to be generated. And text updated DOTS servers MUST return 4.09 (Conflict) error code to a DOTS peer to notify that the 'cuid' is already in-use by another DOTS client, along with a conflict-status of 4. Upon receipt of that error code and conflict-status, a new 'cuid' MUST be generated by the DOTS peer. [Med] We do already have the following: The response includes enough information for a DOTS client to recognize the source of the conflict as described below: which means that cuid collision will be included in such case. Issue B. We have confusion over the use of the word different for different DOTS client this was previously brought up but got lost on the way. The following is (correctly) for the same client For example, if the DOTS server receives a mitigation request which overlaps with an existing mitigation with a higher numeric 'mid', the DOTS server rejects the request by returning 4.09 (Conflict) to the DOTS client. The response includes enough information for a DOTS client to recognize the source of the conflict as described below: [Med] This text is about requests from the same client. Yet we later have (which really should be corrected) [Med] This is about conflicts involving multiple clients. What is the issue with this text? If the request is conflicting with an existing mitigation request from a different DOTS client, the DOTS server may return 2.01 (Created) or 4.09 (Conflict) to the requesting DOTS client. If the DOTS server decides to maintain the new mitigation request, the DOTS server returns 2.01 (Created) to the requesting DOTS client. If the DOTS server decides to reject the new mitigation request, the DOTS server returns 4.09 (Conflict) to the requesting DOTS client. For both 2.01 (Created) and 4.09 (Conflict) responses, the response includes enough information for a DOTS client to recognize the source of the conflict as described below: conflict-information: Indicates that a mitigation request is conflicting with another mitigation request(s) from other DOTS client(s). This optional attribute has the following structure: conflict-status: Indicates the status of a conflicting mitigation request. The following values are defined: 1: DOTS server has detected conflicting mitigation requests from different DOTS clients. This mitigation request is currently inactive until the conflicts are resolved. Another mitigation request is active. 2: DOTS server has detected conflicting mitigation requests from different DOTS clients. This mitigation request is currently active. 3: DOTS server has detected conflicting mitigation requests from different DOTS clients. All conflicting mitigation requests are inactive. Issue C. mid is missing from the second definition of conflict-scope as in conflict-scope: Indicates the conflict scope. It may include a list of IP addresses, a list of prefixes, a list of port numbers, a list of target protocols, a list of FQDNs, a list of URIs, a list of alias-names, or references to conflicting ACLs. [Med] It is not. mid is only required for conflicts which belong to the same clients. When multiple clients are involved, mid is not needed. Regards Jon
- [Dots] WGLC signal draft: Conflict information co… Jon Shallow
- Re: [Dots] WGLC signal draft: Conflict informatio… mohamed.boucadair
- Re: [Dots] WGLC signal draft: Conflict informatio… Jon Shallow