IETF Logo Mail Archive

Re: [Dots] Opsdir last call review of draft-ietf-dots-requirements-16

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 26 November 2018 10:12 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70DF5130F0D; Mon, 26 Nov 2018 02:12:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.76
X-Spam-Level:
X-Spam-Status: No, score=-5.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hZrjELAPLxA6; Mon, 26 Nov 2018 02:11:59 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1BAB130F09; Mon, 26 Nov 2018 02:11:58 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1543227127; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-ms-exchange-senderadcheck: x-exchange-antispam-report-cfa-test:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=luhgpsYhesjGQxFmvsUJcwHIT4NNy58VkUKUcn Jtz7k=; b=D+fBvFu74+wvnVE1LB2oGdD689tu/s2YxlFJtu9t X9r9jvrrIRzeVhC8lIZNwIuAT2djEt3ulCwyQAqP9KnanV+WtN TKk7N2ShAQUXjL6aHXnrYS+7iDMslWubAeeALynR4Tc5qPdw8g 176tC1cK7Ym24LjKwLjOfpyEdCmTxCY=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 7a43_f37d_a708e1a0_374d_4d1a_8860_f3324d9c2912; Mon, 26 Nov 2018 04:12:06 -0600
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 26 Nov 2018 03:11:45 -0700
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Mon, 26 Nov 2018 03:11:45 -0700
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 26 Nov 2018 03:11:44 -0700
Received: from BN6PR16MB1425.namprd16.prod.outlook.com (10.172.207.19) by BN6PR16MB0003.namprd16.prod.outlook.com (10.172.111.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1361.15; Mon, 26 Nov 2018 10:11:42 +0000
Received: from BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::b8de:7bb:cfa3:22ee]) by BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::b8de:7bb:cfa3:22ee%8]) with mapi id 15.20.1361.019; Mon, 26 Nov 2018 10:11:42 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Scott Bradner <sob@sobco.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>
CC: "draft-ietf-dots-requirements.all@ietf.org" <draft-ietf-dots-requirements.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Opsdir last call review of draft-ietf-dots-requirements-16
Thread-Index: AQHUhDTmLjFc+/OIs0ic94QUvZHQf6Vf65SggAHAMgCAACvvAA==
Date: Mon, 26 Nov 2018 10:11:42 +0000
Message-ID: <BN6PR16MB1425F8CDE752A19B8B4AD7F8EAD70@BN6PR16MB1425.namprd16.prod.outlook.com>
References: <154309157569.4300.10419245253211850237@ietfa.amsl.com> <BN6PR16MB1425E843797A597B75D14A38EAD70@BN6PR16MB1425.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302E04D374@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302E04D374@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.500.52
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR16MB0003; 6:P9xIBexRZ21Ekf4ZJ7bX+DzdVdQUxXPH9o4sCznFRyjhZ8DVCVig0BibuXzbR78Bji9STOFMuw2O0MeiPci/9eilFHLUUeNqI25KTbFoF402AeTYVzqUkpR7cl7HY/7cg1GajgAL6Wv2V3B6PVYU4qJ0hfdte1CRkZBqa6e4Xtx0dkmzoy8y32FB9Uuop+kalMw53WCAkcjTW/6ybajPXO7UhFyx2AoAenFW4govgqmPx93OXIV0+JrxJdYMmJvV56VRn3CUdVLKRttgiSv7Qx3ukfAaPFeTZ+P4+wEmk0FlyOTPoGHvoJacyKv2IAqj865qequLPC/45JZ7beS9TSOFJp/cKVUnUwrVNv2TtcSBnsn44O+DQiFYkl/dJA0AfYPnVyaxgKTY73RMQ0wGEdib5Dvna/NdflnzE5lOyCdcte4nzjYzweT9T03vNTWigkg5DwjLwLRihDvvLR/E8A==; 5:L1P0IqiXhe22LZPPvyJHeH6BlcsPX7/gMOSSnf6V95CwZmqCcQIvwjOl4NFV6N5cQg2ckHBmZ1evspIlRRfuaOLU0GWy9fjC0J8ZVC0k+f9HhRhemxLWtPNAm0nQgWgTK4QiUDI065Ki8Lc59rlPawZmZ1XHPWCce3fUpEudYN4=; 7:qf1gq0IXbQ/KH8rhQoDjqTyb9Dpeq+bUG86oEbuQ60ZnECMX+Wz76/1ETTfiLefHk0iy15Wf8CTk1qwbuqxPQxLwWQjqlPUU+lFJycFp2F0c88E8NrWm0Rj09ggsQ5qTnyhHvK/ASYLT8aih1ON4BA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: d475d15a-c7a4-4504-fcec-08d653879064
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:BN6PR16MB0003;
x-ms-traffictypediagnostic: BN6PR16MB0003:
x-microsoft-antispam-prvs: <BN6PR16MB0003D8EE8665C152B855E6F7EAD70@BN6PR16MB0003.namprd16.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(3231443)(944501410)(52105112)(10201501046)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:BN6PR16MB0003; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB0003;
x-forefront-prvs: 086831DFB4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(136003)(346002)(39860400002)(366004)(13464003)(189003)(199004)(32952001)(55784004)(51914003)(76176011)(305945005)(54906003)(110136005)(7696005)(2501003)(966005)(5660300001)(478600001)(7736002)(33656002)(316002)(6506007)(53546011)(14444005)(5024004)(186003)(102836004)(26005)(99286004)(9686003)(2906002)(11346002)(229853002)(6436002)(86362001)(446003)(72206003)(4326008)(25786009)(53936002)(105586002)(14454004)(6116002)(3846002)(97736004)(6246003)(80792005)(106356001)(8676002)(486006)(68736007)(66066001)(256004)(71200400001)(71190400001)(74316002)(476003)(55016002)(6306002)(8936002)(81156014)(81166006)(21314003)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB0003; H:BN6PR16MB1425.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Yy9UJ03on5b8DQN0vAMJjP8NeXFd8NvNgBFBghhYHHOOD/E1M/5opYUIrvmoPNQYUjw6lscX+W6xsisF+E25mEX8juTaBTI6u0fzBG8eb/RDsKLIUhQPOQ+TNcIC5Oax36ICzkiPzIRuehl0vC4Z4SNRSXU9+zgRCl4pcZR0cr5Ur/Q5uiE9ml80RLeRD/LPgauSzSs6ir3KNwfWtfuTLhnkxm8U2sxd74Dvt3vb0lZYTb6TROm6G3MNuF2OTR+7sMGHGjzqJBK0UGPfy+1J5EYGhpxm/fT5bF+yDzcnlIKvU+kVdl6H1iwgrfNN3Abn8+ZT8+Pd+JlKnj10Fe5zAo3ZyVIXWQCsyKFQe8rsD/o=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d475d15a-c7a4-4504-fcec-08d653879064
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2018 10:11:42.6150 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB0003
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6425> : inlines <6970> : streams <1805375> : uri <2755897>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/786z6FnQWmBr95yoVRdlSDugmhc>
Subject: Re: [Dots] Opsdir last call review of draft-ietf-dots-requirements-16
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 10:12:03 -0000

> -----Original Message-----
> From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
> Sent: Monday, November 26, 2018 1:02 PM
> To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>;
> Scott Bradner <sob@sobco.com>; ops-dir@ietf.org
> Cc: draft-ietf-dots-requirements.all@ietf.org; ietf@ietf.org; dots@ietf.org
> Subject: RE: Opsdir last call review of draft-ietf-dots-requirements-16
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is safe.
> 
> Hi Tiru, all,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda,
> > Tirumaleswar Reddy Envoyé : lundi 26 novembre 2018 06:16 À : Scott
> > Bradner; ops-dir@ietf.org Cc :
> > draft-ietf-dots-requirements.all@ietf.org; ietf@ietf.org;
> > dots@ietf.org Objet : Re: [Dots] Opsdir last call review of
> > draft-ietf-dots-requirements-16
> >
> > Hi Scott,
> >
> > Thanks for the review, Please see inline
> >
> > > -----Original Message-----
> > > From: Scott Bradner <sob@sobco.com>
> > > Sent: Sunday, November 25, 2018 2:03 AM
> > > To: ops-dir@ietf.org
> > > Cc: draft-ietf-dots-requirements.all@ietf.org; ietf@ietf.org;
> > > dots@ietf.org
> > > Subject: Opsdir last call review of draft-ietf-dots-requirements-16
> > >
> > > This email originated from outside of the organization. Do not click
> > > links
> > or
> > > open attachments unless you recognize the sender and know the
> > > content is
> > safe.
> > >
> > > Reviewer: Scott Bradner
> > > Review result: Has Nits
> > >
> > > This is an OPS-DIR review of Distributed Denial of Service (DDoS)
> > > Open
> > Threat
> > > Signaling Requirements (draft-ietf-dots-requirements)
> > >
> > > This document lists requirements for a protocol to used between
> > > providers
> > of
> > > DDOS mitigation services and users of such services, as such there
> > > can be
> > no
> > > direct operational issues with the document.  I also did not find
> > > any
> > indirect
> > > operational issues.
> > >
> > > I think the document would benefit from the addition of a section
> > > before
> > the
> > > requirements section that specifically describes the setup assumed
> > > by the document. The descriptions before there hint at a presumed
> > > setup but a new section that clearly states the setup would be
> > > helpful. (the setup appears
> > to be
> > > one where all network traffic to and from a protected entity flows
> > > through
> > a
> > > DDoS mitigation service provider.  The provider includes one or more
> > > DOTS servers.  The protected entity includes one or more DOTS
> > > clients that communicate with the DOTS servers)
> >
> > The requirements drafts refers to the DOTS architecture draft that
> > discusses the architectural relationships, components and concepts
> > used in a DOTS deployment.
> >
> > >
> > > Requirement SIG-005 addresses channel redirection – maybe there
> > > needs to be a way that clients can move to a new server on their own
> > > if they lose
> > hearbeat
> > > from the server they were using – that might include a way for a
> > > server to provide a list of alternative servers to the clients
> >
> > We can update SIG-004 requirement to say the following:
> >
> > The DOTS client may be provided with a list of DOTS servers.
> 
> [Med] IMHO given that the requirements I-D points to the architecture I-D, we
> don't need to be redundant:
> 
>    The DOTS client may be provided with a list of DOTS servers, each
>    associated with one or more IP addresses.  These addresses may or may
>    not be of the same address family.  The DOTS client establishes one
>    or more sessions by connecting to the provided DOTS server addresses.
> 
> But, of course it is not harmful to restate it if it helps the reader.
> 
>   If the DOTS
> > client considers the signal channel is defunct due to the extended
> > absence of DOTS server heartbeat, the DOTS client can establish  a new
> > DOTS signal channel with the other DOTS servers in the list.
> >
> 
> [Med] Some comments here:
> * I would not mix server selection/server migration with server redirection.
> That is, the proposed text is to be placed somewhere else in the I-D, not under
> SIG-004.
> * I would not describe the behavior (e.g., if xxx, establish a new session) in the
> Requirements I-D, but focus on the expected functionality if we really need to
> say something.
> * A DOTS client provisioned with multiple dots server may already have other
> sessions established. How those sessions are established is policy-based.
> * Establishing a new session should be carefully considered to avoid, e.g.,
> leaking information among servers not belonging to the same domain or
> oscillate between servers.
> 
> We can include a generic text such as the following:
> 
>   "Additional means to enhance the resilience of DOTS protocols, including
> when multiple DOTS servers are provisioned to the DOTS clients, SHOULD be
> considered."

Works for me.

-Tiru

> 
> 
> > -Tiru
> >
> > >
> >
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email