Re: [Dots] FW: I-D Action: draft-teague-dots-protocol-00.txt
"Mortensen, Andrew" <amortensen@arbor.net> Wed, 16 November 2016 05:54 UTC
Return-Path: <amortensen@arbor.net>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E8D5129452 for <dots@ietfa.amsl.com>; Tue, 15 Nov 2016 21:54:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=arbor.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNl60gIWdsHh for <dots@ietfa.amsl.com>; Tue, 15 Nov 2016 21:54:40 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0118.outbound.protection.outlook.com [104.47.42.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DA8212943F for <dots@ietf.org>; Tue, 15 Nov 2016 21:54:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arbor.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=z+kKynrO1/IaSj45s1waeKVpDlVZv8x2qmpYihZmRcM=; b=memAkt0SBIwt4JuqCGCtA5q1zd4n0a7nVY108khYKBuwMxmIloYpyn0CFIMhBgMfSZrFPrWX74uMlAgDbKmt6KN7gPppMjjmf7ecTrcdA1BbHsiO5+KTyRmpOkmjoQE1Wuzjb0ZbSLwJDG3GjgFEKw5yXi7DmiYYhc6pz3KuElE=
Received: from BL2PR01MB1777.prod.exchangelabs.com (10.167.95.11) by BL2PR01MB1778.prod.exchangelabs.com (10.167.95.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8; Wed, 16 Nov 2016 05:54:32 +0000
Received: from BL2PR01MB1777.prod.exchangelabs.com ([10.167.95.11]) by BL2PR01MB1777.prod.exchangelabs.com ([10.167.95.11]) with mapi id 15.01.0734.007; Wed, 16 Nov 2016 05:54:32 +0000
From: "Mortensen, Andrew" <amortensen@arbor.net>
To: Gilbert Clark <gclark@mti-systems.com>
Thread-Topic: [Dots] FW: I-D Action: draft-teague-dots-protocol-00.txt
Thread-Index: AQHSM7v8rCG3+VhzbEu5bt6n9DpKoaDDVJ8AgBebsACAAEQDgA==
Date: Wed, 16 Nov 2016 05:54:31 +0000
Message-ID: <EABC178B-5E86-4399-86FB-DA7293C4F78B@arbor.net>
References: <147794855166.23245.16981613655325976144.idtracker@ietfa.amsl.com> <5F84CF27-3670-42B1-986C-E58F2FB610C5@verisign.com> <CA+LsFD7mP9EDthjoR7A9GDok11T-JXg8rxPmVvGOyzG2JMi0pQ@mail.gmail.com>
In-Reply-To: <CA+LsFD7mP9EDthjoR7A9GDok11T-JXg8rxPmVvGOyzG2JMi0pQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=amortensen@arbor.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [31.133.159.169]
x-ld-processed: 54f11205-d4aa-4809-bd36-0b542199c5b2,ExtAddr
x-microsoft-exchange-diagnostics: 1; BL2PR01MB1778; 7:ByDu45O+IQtbPaB0tuZ5hmKuYNbbAz9oGSWT+8go7RZGN56FAc+ImCFbRqZxlza/pZGknBZa5fyDslT/vTclVr6f5qBSYhbNMUi2+iHEeQCuyM8uONa0pxbYneYo/fcGKF5AIstT66CVDbgVSkz7w5VG73h1vklHImoOkoWoVc4yp1pWD8qDDi/29RPDyJ6/GPcqEl+NT9kefRPePnrSmSA6oYaIH3y3pze+QE+ARc8H4Vn7oukR6NCOfpKEbrScpU7nyXRp+oM4v99y0TjfC9CuEVugQUlNetib/hFOxy13zhKDvlQQ1J7PuGvs/POXoKP4yM0c2iIaxNVy+a6b2R2QTO1BSwUwrOViuUt/Km0=
x-ms-office365-filtering-correlation-id: 39493a0b-2ac9-4d31-d71b-08d40de50972
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:BL2PR01MB1778;
x-microsoft-antispam-prvs: <BL2PR01MB17786A1C572D71ED5F84749AD1BE0@BL2PR01MB1778.prod.exchangelabs.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(120809045254105)(192374486261705)(131327999870524)(211171220733660);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6060326)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6061324)(6072148)(6043046); SRVR:BL2PR01MB1778; BCL:0; PCL:0; RULEID:; SRVR:BL2PR01MB1778;
x-forefront-prvs: 01283822F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(7916002)(24454002)(189002)(377424004)(377454003)(199003)(606004)(33656002)(54356999)(7846002)(7736002)(7906003)(8936002)(4326007)(8676002)(3660700001)(3280700002)(2906002)(81166006)(2900100001)(77096005)(76176999)(82746002)(6512003)(50986999)(87936001)(83716003)(81156014)(92566002)(229853002)(5660300001)(6506003)(86362001)(36756003)(230783001)(101416001)(66066001)(6116002)(102836003)(105586002)(6916009)(2950100002)(110136003)(3846002)(68736007)(106116001)(106356001)(4001150100001)(97736004)(189998001)(122556002)(104396002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR01MB1778; H:BL2PR01MB1777.prod.exchangelabs.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: arbor.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_EABC178B5E86439986FBDA7293C4F78Barbornet_"
MIME-Version: 1.0
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2016 05:54:31.4007 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 54f11205-d4aa-4809-bd36-0b542199c5b2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR01MB1778
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/5lw4g3xHU3NbJP3U7QWOhgudFvs>
Cc: EXT-Teague Nik <nteague@verisign.com>, dots <dots@ietf.org>
Subject: Re: [Dots] FW: I-D Action: draft-teague-dots-protocol-00.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 05:54:43 -0000
Thanks, Gilbert. I appreciate the comments. See inline below.
On Nov 15, 2016, at 8:51 PM, Gilbert Clark <gclark@mti-systems.com<mailto:gclark@mti-systems.com>> wrote:
Just now getting around to a quick read through this. A few thoughts:
* I found the reference to protobufs in the document to be rather strange. I'm not sold on the idea of a tight coupling between a document and a specific serialization library, no matter how convenient / awesome the library might be. I guess protobuf3 might reference a specific implementation of protobuf, so it would *kind of* count as a protocol assuming a specific definition existed someplace which could be referenced, but still ... why use that instead of something more common that might be easier for others to read and understand offhand?
I think it’s entirely reasonable to be uneasy about tying a standard to a specific library. The good news is that protobufs isn’t a library, it’s an IDL. We felt protobufs makes a good choice as the IDL for DOTS due its compact wire representation, its support for backward-compatible schema versioning, its language neutrality, and its extensibility. For what it’s worth, Google’s recent effort to standardize gRPC within the IETF mentions protobuf as the IDL, though so far it hasn’t been made a requirement (see <https://tools.ietf.org/html/draft-talwar-rtgwg-grpc-use-cases-00#section-2.2.5>).
Can you describe what you’re thinking of as “more common” and “easier to read” here? We specifically avoided JSON and the like because of the wasted bytes in the serialization.
* The port is 4646, which is "(the hex value for the ASCII character "." twice)" Why is this relevant?
It’s a weak joke (made weaker by the fact that its the *decimal* and not hex value).
Python 2.7.10 (default, Oct 23 2015, 19:19:21)
[GCC 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.0.59.5)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import struct
>>> struct.pack("BB", 46, 46)
'..’ <---- DOTS
/rimshot
That does remind me the draft needs an IANA Considerations section for port registration.
* 4.3.3 - "The DOTS client may send repeated requests until it receives a suitable response from the DOTS server by which it may interpret successful receipt." Rate control is needed here.
Yes, this needs clarification. We’ll update it for the -01 draft.
* I'd argue for an explanation of how often the client needs to perform specific actions, but also how frequently the server should expect to receive those notifications from the client. Since the environment can't be assumed to be terribly stable, I believe that it may be wise to assume that links are unstable and therefore explicitly enumerate how the most common failure modes should be addressed.
* I know the signaling protocol is intended to be relatively low overhead, but an explicit reference to congestion control in the general case might be useful.
Yes, will clarify.
* It's unusual to me to see endpoints in a protocol specification…. snip ...
* Really, the data channel has such an unbelievably tight binding to HTTP (or REST in general) that I think this document could be a lot shorter if the data section was simply a note that "The DOTS data channel uses HTTP (or a derivative thereof)", then add a reference to an external document with a supported list of endpoints that are listed as MUST, SHOULD, MAY, etc …
This seems like a very reasonable suggestion to me, thanks. I’m hoping further discussion about the use of RESTCONF with respect to DOTS will help set the direction this goes.
andrew
On Mon, Oct 31, 2016 at 5:19 PM, Teague, Nik <nteague@verisign.com<mailto:nteague@verisign.com>> wrote:
Hi,
Please see the below referenced protocol draft.
We welcome feedback as always and hope that this draft may lead to some stimulating discussion both on-list and in Seoul.
Thanks,
-Nik
On 31/10/2016, 21:15, "I-D-Announce on behalf of internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>" <i-d-announce-bounces@ietf.org<mailto:i-d-announce-bounces@ietf.org> on behalf of internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : DDoS Open Threat Signaling Protocol
Authors : Nik Teague
Andrew Mortensen
Filename : draft-teague-dots-protocol-00.txt
Pages : 39
Date : 2016-10-31
Abstract:
This document describes Distributed-Denial-of-Service (DDoS) Open
Threat Signaling (DOTS), a signaling protocol for requesting and
managing mitigation of DDoS attacks.
DOTS mitigation requests over the signal channel permit domains to
signal the need for help fending off DDoS attacks, setting the scope
and duration of the requested mitigation. Elements called DOTS
servers field the signals for help, and enable defensive
countermeasures to defend against the attack reported by the clients,
reporting the status of the delegated defense to the requesting
clients. DOTS clients additionally may use the data channel to
manage filters and black- and white-lists to restrict or allow
traffic to the clients' domains arbitrarily.
The DOTS signal channel may operate over UDP [RFC0768] and if
necessary TCP [RFC0793]. This revision discusses a transport-
agnostic approach to this channel, focusing on the message exchanges
and delegating transport specifics to other documents. The DOTS data
channel operates over HTTPS or a transport with similar reliability,
interaction and security characteristics.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-teague-dots-protocol/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-teague-dots-protocol-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org/>.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
_______________________________________________
Dots mailing list
Dots@ietf.org<mailto:Dots@ietf.org>
https://www.ietf.org/mailman/listinfo/dots
_______________________________________________
Dots mailing list
Dots@ietf.org<mailto:Dots@ietf.org>
https://www.ietf.org/mailman/listinfo/dots
- [Dots] FW: I-D Action: draft-teague-dots-protocol… Teague, Nik
- Re: [Dots] FW: I-D Action: draft-teague-dots-prot… Gilbert Clark
- Re: [Dots] FW: I-D Action: draft-teague-dots-prot… Mortensen, Andrew
- Re: [Dots] FW: I-D Action: draft-teague-dots-prot… Gilbert Clark
- Re: [Dots] FW: I-D Action: draft-teague-dots-prot… Mortensen, Andrew
- Re: [Dots] FW: I-D Action: draft-teague-dots-prot… Gilbert Clark
- Re: [Dots] FW: I-D Action: draft-teague-dots-prot… Mortensen, Andrew