Re: [Dots] WGLC for draft-dots-use-cases-19

H Y <yuuhei.hayashi@gmail.com> Tue, 06 August 2019 09:46 UTC

Return-Path: <yuuhei.hayashi@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7625120140 for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 02:46:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xp6hLYct1gdR for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 02:46:50 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5250120131 for <dots@ietf.org>; Tue, 6 Aug 2019 02:46:49 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id z28so27490998ljn.4 for <dots@ietf.org>; Tue, 06 Aug 2019 02:46:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=JSWObYOfcLrlr8/G2jxFhdBn40orZlNVdT1N/5d/TUQ=; b=mDckqgy2I09fqzbLDfWIacPTvebqubOK7J35lHKOF6+Li0WB+Z+97L3viv0GTCAihT TA5yKzeFPT0mBv61ML5rD1+94BUwlXJ4o3zU1zZoc5IISaXfRqbhzHJO5lFVglotnCJH 9UsBaS3F8xe/vMJW24rjFe8oZoJdDOmrvg96B4uyT8/T76pLUQ0glnr6B/bBN+j2tIXA //OzFOjvHdIZk5ayM2m+GxJv7cGWcYFnowRl7lEfalo/NS/Np1UNW6kW7uxbIVE06ox+ W11qqEjQ1WqSyh2zx9kgDzzbb8kyjJ9gPdLYduOxC9/E+jwq7o1bncdL2QSM4rzw1/Bj FkfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=JSWObYOfcLrlr8/G2jxFhdBn40orZlNVdT1N/5d/TUQ=; b=sEqc8PAS0I+OmLMCwum3n4W27ojvaYiHbI1OR6izqtfWfrZymANFCofKQPosmqzaab ICSNUDeoKHnCZ4ZQwb8bIjq6r+grEczv6f5OxmNLXYL8WtJsd4jjBUgWtHOZedozGZA9 9Qy69WepDXfPNYOe3D1aHrlG9oqN39QftJ/Wvdauhx9MqlV1D9PSbayXmCkQnE/1V8AT GEReGkyPqkK1rAsGQiqfhgQYXxE0B3BV7gsVhUdYuG69BcP/KVDvTB+WvMbiruwA7gKJ PXCJTTSQw0f0oKB1jAovUN1JfNPyR8Q4wW9lJoBoyjn/KjaTPwyzEc3nydRF8qYr4hHl Smmw==
X-Gm-Message-State: APjAAAV4tOttxRH2xI278ZaOT9gYqxz42+9EaiPMb412TTedZyb44Siv t3gDLEvtE5qIfI6X3NvjcZT242lWk7pUtkd60Pk=
X-Google-Smtp-Source: APXvYqxhCOSZnoPbMDr0RQP1o080co6SnRNPuCB81kuWF+oN5kRI3OnEU06wO1PrhWYIl+eX2tMcrDArxlQofuKKHYg=
X-Received: by 2002:a2e:b4e4:: with SMTP id s4mr1114475ljm.207.1565084808003; Tue, 06 Aug 2019 02:46:48 -0700 (PDT)
MIME-Version: 1.0
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDBC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050DF869BABA8B3670DC85EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: H Y <yuuhei.hayashi@gmail.com>
Date: Tue, 6 Aug 2019 18:45:36 +0900
Message-ID: <CAA8pjUPGQcveORBS8egTWG83HzQe3+poSy9uzeb-mPefkWdbHA@mail.gmail.com>
To: Mohamed Boucadair <mohamed.boucadair@orange.com>
Cc: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>, Valery Smyslov <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>, "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/3hUKM-UymzmaB1286C4rA4spspE>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 09:46:54 -0000

Hi,

> [Med] Yes, but the current text describes the case where the DMS supplies "its blocked traffic information":
>
>   the DDoS mitigation system can send mitigation requests
>   with additional hints such as its blocked traffic information to the
>                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^
>   orchestrator.
>
> So, the DMS has already done that check.
[Yuhei]
+1. IMO, it's no problem with sending such hints because the DMS has
already blocked the traffic.

Thanks,
Yuhei

2019年8月6日(火) 18:20 <mohamed.boucadair@orange.com>;:

>
> Re-,
>
> Please see inline.
>
> Cheers,
> Med
>
> > -----Message d'origine-----
> > De : Konda, Tirumaleswar Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > Envoyé : mardi 6 août 2019 11:15
> > À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org
> > Cc : Xialiang (Frank, Network Standard & Patent Dept)
> > Objet : RE: [Dots] WGLC for draft-dots-use-cases-19
> >
> > > -----Original Message-----
> > > From: mohamed.boucadair@orange.com
> > > <mohamed.boucadair@orange.com>;
> > > Sent: Tuesday, August 6, 2019 2:00 PM
> > > To: Konda, Tirumaleswar Reddy
> > > <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> > > <valery@smyslov.net>;; dots@ietf.org
> > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > <frank.xialiang@huawei.com>;
> > > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> > >
> > > This email originated from outside of the organization. Do not click
> > links or
> > > open attachments unless you recognize the sender and know the content is
> > > safe.
> > >
> > > Re-,
> > >
> > > Please see inline.
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Konda, Tirumaleswar Reddy
> > > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > > Envoyé : mardi 6 août 2019 10:14
> > > > À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > > > Xialiang (Frank, Network Standard & Patent Dept) Objet : RE: [Dots]
> > > > WGLC for draft-dots-use-cases-19
> > > >
> > > > Hi Med,
> > > >
> > > > No, the orchestrator is not ignoring the mitigation hints.
> > >
> > > [Med] Why? The text is clear the orchestrator acts as DOTS server. As
> > such, it
> > > can ignore/accept hints.
> > >
> > >  It is sending
> > > > filtering rules to block or rate-limit traffic to routers (last but
> > > > one line in the new paragraph).
> > >
> > > [Med] Yes. That filtering rule is that would be applied by the DMS if it
> > has
> > > sufficient resources.
> > >
> > >  The adverse impact is legitimate users whose
> > > > IP addresses were spoofed
> > > > cannot access the services of the target server.
> > >
> > > [Med] This is a check at the DMS side. This check applies independently
> > of **
> > > where ** the filters are applied. This is not specific to this NEW text.
> >
> > If the orchestrator is sending filtering rules to block traffic, checks
> > are required to ensure spoofed IP address are not conveyed by the DMS.
>
> [Med] Yes, but the current text describes the case where the DMS supplies "its blocked traffic information":
>
>   the DDoS mitigation system can send mitigation requests
>   with additional hints such as its blocked traffic information to the
>                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^
>   orchestrator.
>
> So, the DMS has already done that check.
>
>  If
> > the orchestrator delegates the mitigation to a separate domain (recursive
> > signaling),
> > the attack information provided by DMS can include spoofed IP addresses
> > (so the new mitigator in the separate domain learns the attack traffic is
> > coming from spoofed IP addresses).
>
> [Med] This is not specific to this case, but applies each time there is recursive signaling.
>
> >
> > -Tiru
> >
> > >
> > > >
> > > > Cheers,
> > > > -Tiru
> > > >
> > > > > -----Original Message-----
> > > > > From: mohamed.boucadair@orange.com
> > > > > <mohamed.boucadair@orange.com>;
> > > > > Sent: Tuesday, August 6, 2019 12:50 PM
> > > > > To: Konda, Tirumaleswar Reddy
> > > > > <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> > > > > <valery@smyslov.net>;; dots@ietf.org
> > > > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > > > <frank.xialiang@huawei.com>;
> > > > > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> > > > >
> > > > > This email originated from outside of the organization. Do not click
> > > > links or
> > > > > open attachments unless you recognize the sender and know the
> > > > > content is safe.
> > > > >
> > > > > Hi Tiru,
> > > > >
> > > > > The NEW text indicates the following:
> > > > >
> > > > > ==
> > > > >    In addition to the above DDoS Orchestration, the selected DDoS
> > > > >    mitigation systems can return back a mitigation request to the
> > > > >    orchestrator as an offloading.
> > > > >                      ^^^^^^^^^^^
> > > > >    ....
> > > > >    the DDoS mitigation system can send mitigation requests
> > > > >    with additional hints such as its blocked traffic information to
> > the
> > > > >                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > > >    orchestrator.
> > > > > ==
> > > > >
> > > > > Which means that the DMS is blocking that traffic based on "some"
> > > > > information. That same information is passed to an orchestrator so
> > > > > that
> > > > it can
> > > > > filter the traffic. What changes is ** how/where ** filters are
> > > > installed.
> > > > >
> > > > > Like the interface with a mitigator, the interface between the
> > > > controller and
> > > > > underlying routers is out of scope.
> > > > >
> > > > > From a DOTS perspective, the information supplied by the DMS to an
> > > > > Orchestrator is considered as "additional hints" which is adhering
> > > > > to
> > > > RFC8612:
> > > > >
> > > > > ==
> > > > >    GEN-004  Mitigation Hinting: DOTS clients may have access to
> > attack
> > > > >       details that can be used to inform mitigation techniques.
> > Example
> > > > >       attack details might include locally collected fingerprints
> > for an
> > > > >       on-going attack, or anticipated or active attack focal points
> > > > >       based on other threat intelligence.  DOTS clients MAY send
> > > > >       mitigation hints derived from attack details to DOTS servers,
> > with
> > > > >       the full understanding that the DOTS server MAY ignore
> > mitigation
> > > > >       hints.
> > > > > ==
> > > > >
> > > > > I don't think there are new security considerations induced by the
> > > > > NEW
> > > > text.
> > > > >
> > > > > Cheers,
> > > > > Med
> > > > >
> > > > > > -----Message d'origine-----
> > > > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda,
> > > > > > Tirumaleswar Reddy Envoyé : mardi 6 août 2019 08:52 À : Valery
> > > > > > Smyslov; dots@ietf.org Cc : Xialiang (Frank, Network Standard &
> > > > > > Patent
> > > > > > Dept) Objet : Re: [Dots] WGLC for draft-dots-use-cases-19
> > > > > >
> > > > > > The security implications of the new use case need to be discussed
> > > > > > in the draft, please see
> > > > > > https://mailarchive.ietf.org/arch/msg/dots/tb-
> > > > > > 1ojJ6TmSmRUci6JoUeD-gB1Y
> > > > > >
> > > > > > Cheers,
> > > > > > -Tiru
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Dots <dots-bounces@ietf.org>; On Behalf Of Valery Smyslov
> > > > > > > Sent: Tuesday, August 6, 2019 11:56 AM
> > > > > > > To: dots@ietf.org
> > > > > > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > > > > > <frank.xialiang@huawei.com>;
> > > > > > > Subject: [Dots] WGLC for draft-dots-use-cases-19
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > this message starts a short WGLC for
> > > > > > > draft-ietf-dots-use-cases-19 to
> > > > > > confirm
> > > > > > > the WG consensus regarding the latest addition of a new use case
> > > > > > > to the draft.
> > > > > > > The WGLS will last one week and will end on Tuesday, 13 August.
> > > > > > >
> > > > > > > Regards,
> > > > > > > Frank & Valery.
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Dots mailing list
> > > > > > > Dots@ietf.org
> > > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > > >
> > > > > > _______________________________________________
> > > > > > Dots mailing list
> > > > > > Dots@ietf.org
> > > > > > https://www.ietf.org/mailman/listinfo/dots
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots



--
----------------------------------
Yuuhei HAYASHI
08065300884
yuuhei.hayashi@gmail.com
iehuuy_0220@docomo.ne.jp
----------------------------------