Re: [Dots] Are we being too restrictive in the Alias definition requirements?

"Jon Shallow" <supjps-ietf@jpshallow.com> Thu, 20 September 2018 08:25 UTC

Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD1DE124C04 for <dots@ietfa.amsl.com>; Thu, 20 Sep 2018 01:25:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JWYWqM1RIBjr for <dots@ietfa.amsl.com>; Thu, 20 Sep 2018 01:25:22 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2426D1200D6 for <dots@ietf.org>; Thu, 20 Sep 2018 01:25:22 -0700 (PDT)
Received: from [127.0.0.1] (helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.90_1) (envelope-from <jon.shallow@jpshallow.com>) id 1g2uH1-0006zr-GE; Thu, 20 Sep 2018 09:25:19 +0100
From: "Jon Shallow" <supjps-ietf@jpshallow.com>
To: <mohamed.boucadair@orange.com>, <dots@ietf.org>
References: <110001d450b4$a0da8d80$e28fa880$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93302DFE2C1B@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DFE2C1B@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Date: Thu, 20 Sep 2018 09:25:19 +0100
Message-ID: <113401d450bb$77922580$66b67080$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_1135_01D450C3.D957C600"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQK2Abf0pMK6nV9J6OIe57dd8LakygJ1ZFOVoyHII7A=
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/73806FEqBNjumIQmrSi13GTu-_w>
Subject: Re: [Dots] Are we being too restrictive in the Alias definition requirements?
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Sep 2018 08:25:24 -0000

Hi Med,

 

Not a problem, I just needed to ask the question.

 

Regards

 

Jon

 

From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of
mohamed.boucadair@orange.com
Sent: 20 September 2018 08:49
To: Jon Shallow; dots@ietf.org
Subject: Re: [Dots] Are we being too restrictive in the Alias definition
requirements?

 

Hi Jon, 

 

Please remind that aliases are meant to identify resources.  A single port
number does not identify a resource; the combination of an ip address/fqdn
and ports does. 

 

If you want to include only an port number or a protocol, you can create an
alias which will set the target-prefix to all prefixes of the domain. 

 

I don’t see the need to modify the current text. Thanks.

 

Cheers,

Med

 

De : Dots [mailto:dots-bounces@ietf.org] De la part de Jon Shallow
Envoyé : jeudi 20 septembre 2018 09:36
À : dots@ietf.org
Objet : [Dots] Are we being too restrictive in the Alias definition
requirements?

 

Hi there,

 

Signal Draft 4.4.1.  Request Mitigation

 

   In the PUT request at least one of the attributes 'target-prefix',

   'target-fqdn', 'target-uri', or 'alias-name' MUST be present.

 

Data Draft 6.1.  Create Aliases

 

   In POST or PUT requests, at least one of the 'target-prefix',

   'target-fqdn', or 'target-uri' attributes MUST be present.  DOTS

   agents can safely ignore Vendor-Specific parameters they don't

   understand.

 

So, it is not possible to have an Alias template that contains just ports or
protocols that can be used in a mitigation request that does include the
'target-prefix', 'target-fqdn', or 'target-uri' attributes.  Is this too
restrictive?

 

Possible updates

 

Signal Draft 4.4.1.  Request Mitigation

 

NEW:

   In the PUT request at least one of the attributes 'target-prefix',

   'target-fqdn', 'target-uri', or 'alias-name' where the alias contains at
least one of the attributes 'target-prefix', 'target-fqdn', 'target-uri',
MUST be present.

 

Data Draft 6.1.  Create Aliases

 

NEW:

   In POST or PUT requests, at least one of the 'target-',

   attributes MUST be present.  DOTS

   agents can safely ignore Vendor-Specific parameters they don't

   understand.

 

 

Regards

 

Jon