IETF Logo Mail Archive

Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04

Meiling Chen <chenmeiling@chinamobile.com> Wed, 16 February 2022 09:24 UTC

Return-Path: <chenmeiling@chinamobile.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 186F13A0C45; Wed, 16 Feb 2022 01:24:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1X3TaeNfz4b1; Wed, 16 Feb 2022 01:23:58 -0800 (PST)
Received: from cmccmta3.chinamobile.com (cmccmta3.chinamobile.com [221.176.66.81]) by ietfa.amsl.com (Postfix) with ESMTP id 679B53A0C1C; Wed, 16 Feb 2022 01:23:56 -0800 (PST)
Received: from spf.mail.chinamobile.com (unknown[172.16.121.19]) by rmmx-syy-dmz-app12-12012 (RichMail) with SMTP id 2eec620cc2a9f7a-7b177; Wed, 16 Feb 2022 17:23:53 +0800 (CST)
X-RM-TRANSID: 2eec620cc2a9f7a-7b177
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from cmcc-PC (unknown[10.2.51.26]) by rmsmtp-syy-appsvr10-12010 (RichMail) with SMTP id 2eea620cc2a6de7-0ae64; Wed, 16 Feb 2022 17:23:52 +0800 (CST)
X-RM-TRANSID: 2eea620cc2a6de7-0ae64
Date: Wed, 16 Feb 2022 17:23:56 +0800
From: Meiling Chen <chenmeiling@chinamobile.com>
To: "mohamed.boucadair" <mohamed.boucadair@orange.com>, H Y <yuuhei.hayashi@gmail.com>, dots <dots@ietf.org>
Cc: dots-chairs <dots-chairs@ietf.org>, Valery Smyslov <valery@smyslov.net>, "draft-ietf-dots-telemetry-use-cases@ietf.org" <draft-ietf-dots-telemetry-use-cases@ietf.org>
References: <181601d81da8$0cee3a80$26caaf80$@smyslov.net>, <23921_1644415165_6203C8BD_23921_233_1_787AE7BB302AE849A7480A190F8B93303548ECDA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>, <CAA8pjUPRUXSOwf-1EBA4BsDb7aYw792n59FUJFvzPYCKqNTcUg@mail.gmail.com>, <CAA8pjUOrYQnJrzwcAhzmp5FMBDm__u4UomCYFDLDD7G09zNPnA@mail.gmail.com>, <17353_1644562189_6206070D_17353_218_1_787AE7BB302AE849A7480A190F8B93303549155E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>, <CAA8pjUMeu0apgO6BZ0h2gq7x+KsOg0GOSH_SnznkRh1hNNuGgQ@mail.gmail.com>, <CAA8pjUOV=KLgmFxqeSA5dASrT2msWyu4T9Mvi3tzqruR-uEFvQ@mail.gmail.com>, <202202151526305133704@chinamobile.com>, <28467_1644930140_620BA45B_28467_168_17_787AE7BB302AE849A7480A190F8B933035494261@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.9.115[cn]
Mime-Version: 1.0
Message-ID: <202202161723559475581@chinamobile.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart005636645785_=----"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/AhBInbLNVy8cIyBnwF846TkjYC8>
Subject: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Feb 2022 09:24:03 -0000

Hi Med,
Thank you, the remaining yuuhei will be updated on Friday.

Best,
Meiling
 
From: mohamed.boucadair@orange.com
Date: 2022-02-15 21:02
To: Meiling Chen; H Y; dots
CC: dots-chairs; Valery Smyslov; draft-ietf-dots-telemetry-use-cases@ietf.org
Subject: RE: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
Hi Meiling, all, 
 
Thank you for these updates. 
 
It seems that the same “start-time” is used in many example. Please check that to see if more realistic examples (with distinct time starts) can be considered. 
 
The draft has some notes, e.g., “[Note: An example of total ..”. I understand that some examples are under preparation. 
 
The latest version removed some attributes such as “src_ip”, but I still see “dst-ip”. You can clarify the meaning/type of this attribute.
 
Thank you. 
 
Cheers,
Med
 
De : Meiling Chen <chenmeiling@chinamobile.com> 
Envoyé : mardi 15 février 2022 08:27
À : H Y <yuuhei.hayashi@gmail.com>; BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; dots <dots@ietf.org>
Cc : dots-chairs <dots-chairs@ietf.org>; Valery Smyslov <valery@smyslov.net>; draft-ietf-dots-telemetry-use-cases@ietf.org
Objet : Re: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
 
Hi all,
Thank you for Med's comments, I have updated the draft to 07.
 
Name: draft-ietf-dots-telemetry-use-cases
Revision: 07
Title: Use Cases for DDoS Open Threat Signaling (DOTS) Telemetry
Document date: 2022-02-15
Group: dots
Pages: 27
URL: https://www.ietf.org/archive/id/draft-ietf-dots-telemetry-use-cases-07.txt
Status: https://datatracker.ietf.org/doc/draft-ietf-dots-telemetry-use-cases/
Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-dots-telemetry-use-cases
Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-dots-telemetry-use-cases-07
 
From: H Y
Date: 2022-02-11 16:00
To: Mohamed Boucadair; dots@ietf.org
CC: dots-chairs@ietf.org; Valery Smyslov; draft-ietf-dots-telemetry-use-cases@ietf.org
Subject: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
Hi Med, All,
 
I updated the draft and submitted it as 06.
 
>You may consider removing them but add some text to recall the attack mapping over the data channel.
I removed the "attack-description" in signal channel but add some
mapping in data channel.
 
Thanks,
Yuhei
 
2022年2月11日(金) 16:40 H Y <yuuhei.hayashi@gmail.com>:
> 
> Hi Med,
> 
> I got it. I misunderstood the way to use "attack-description".
> 
> >You may consider removing them but add some text to recall the attack mapping over the data channel.
> I will remove the "attack-description".
> 
> Thanks,
> Yuhei
> 
> 2022年2月11日(金) 15:49 <mohamed.boucadair@orange.com>:
> >
> > Hi Yuhei,
> >
> > One quick comment about:
> >
> > ==
> >             "attack-description": "DNS amplification Attack: This attack is a type of reflection attack in which attackers spoofes a target's IP address. The attackers abuses vulnerbilities in DNS servers to turn small queries into larger payloads."
> > ==
> >
> > and
> >
> > ==
> >             "attack-description":"NTP amplification Attack: This attack is a type of reflection attack in which attackers spoofes a target's IP address. The attackers abuses vulnerbilities in NTP servers to turn small queries into larger payloads."
> > ==
> >
> > Please note that the telemetry spec says the following:
> >
> >    When conveying attack details in DOTS telemetry messages (Sections
> >    8.2, 8.3, and 9), DOTS agents MUST NOT include the 'attack-
> >    description' attribute unless the corresponding attack mapping
> >    details were not previously shared with the peer DOTS agent.
> >
> > So, the text should explain why "attack-description" attributes are present in the example.
> >
> > You may consider removing them but add some text to recall the attack mapping over the data channel.
> >
> > Thank you.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : Dots <dots-bounces@ietf.org> De la part de H Y
> > > Envoyé : vendredi 11 février 2022 05:16
> > > À : dots@ietf.org
> > > Cc : dots-chairs@ietf.org; Valery Smyslov <valery@smyslov.net>;
> > > BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; draft-ietf-
> > > dots-telemetry-use-cases@ietf.org
> > > Objet : Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
> > >
> > > Hi all,
> > >
> > > We modified some nits and upload as 05. We will add some description to
> > > clarify our use cases.
> > >
> > > Comments are welcome.
> > >
> > > Thanks,
> > > Yuhei
> > >
> > > 2022年2月9日(水) 23:34 H Y <yuuhei.hayashi@gmail.com>:
> > > >
> > > > Hi Med,
> > > >
> > > > Thank you for your comments and suggestions.
> > > >
> > > > I will revise the draft in a few days.
> > > >
> > > > Thanks,
> > > > Yuhei
> > > >
> > > > 2022年2月9日(水) 22:59 <mohamed.boucadair@orange.com>:
> > > > >
> > > > > Hi Valery, all,
> > > > >
> > > > > I support advancing this document, but I think a revised version is
> > > needed.
> > > > >
> > > > > FWIW, some comments and suggestions can be found at:
> > > > > * pdf:
> > > > > https://raw.githubusercontent.com/boucadair/IETF-Drafts-Reviews/mast
> > > > > er/draft-ietf-dots-telemetry-use-cases-04-rev%20Med.pdf
> > > > > * doc:
> > > > > https://github.com/boucadair/IETF-Drafts-Reviews/raw/master/draft-ie
> > > > > tf-dots-telemetry-use-cases-04-rev%20Med.doc
> > > > >
> > > > > Cheers,
> > > > > Med
> > > > >
> > > > > > -----Message d'origine-----
> > > > > > De : Dots <dots-bounces@ietf.org> De la part de Valery Smyslov
> > > > > > Envoyé : mercredi 9 février 2022 12:28 À : dots@ietf.org Cc :
> > > > > > dots-chairs@ietf.org; draft-ietf-dots-telemetry-use-cases@ietf.org
> > > > > > Objet : [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > this message starts a two-week working group last call for
> > > > > > draft-ietf- dots-telemetry-use-cases-04.
> > > > > > The WGLC will end on Thursday, February 24. Please, review the
> > > > > > draft and send your comments to the mailing list.
> > > > > >
> > > > > > Regards,
> > > > > > Frank & Valery.
> > > > > >
> > > > > > _______________________________________________
> > > > > > Dots mailing list
> > > > > > Dots@ietf.org
> > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > >
> > > > > ____________________________________________________________________
> > > > > _____________________________________________________
> > > > >
> > > > > Ce message et ses pieces jointes peuvent contenir des informations
> > > > > confidentielles ou privilegiees et ne doivent donc pas etre
> > > > > diffuses, exploites ou copies sans autorisation. Si vous avez recu
> > > > > ce message par erreur, veuillez le signaler a l'expediteur et le
> > > detruire ainsi que les pieces jointes. Les messages electroniques etant
> > > susceptibles d'alteration, Orange decline toute responsabilite si ce
> > > message a ete altere, deforme ou falsifie. Merci.
> > > > >
> > > > > This message and its attachments may contain confidential or
> > > > > privileged information that may be protected by law; they should not
> > > be distributed, used or copied without authorisation.
> > > > > If you have received this email in error, please notify the sender
> > > and delete this message and its attachments.
> > > > > As emails may be altered, Orange is not liable for messages that
> > > have been modified, changed or falsified.
> > > > > Thank you.
> > > > >
> > > >
> > > >
> > > > --
> > > > ----------------------------------
> > > > Yuuhei HAYASHI
> > > > 08065300884
> > > > yuuhei.hayashi@gmail.com
> > > > iehuuy_0220@docomo.ne.jp
> > > > ----------------------------------
> > >
> > >
> > >
> > > --
> > > ----------------------------------
> > > Yuuhei HAYASHI
> > > 08065300884
> > > yuuhei.hayashi@gmail.com
> > > iehuuy_0220@docomo.ne.jp
> > > ----------------------------------
> >
> > _________________________________________________________________________________________________________________________
> >
> > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> >
> > This message and its attachments may contain confidential or privileged information that may be protected by law;
> > they should not be distributed, used or copied without authorisation.
> > If you have received this email in error, please notify the sender and delete this message and its attachments.
> > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> > Thank you.
> >
> 
> 
> --
> ----------------------------------
> Yuuhei HAYASHI
> 08065300884
> yuuhei.hayashi@gmail.com
> iehuuy_0220@docomo.ne.jp
> ----------------------------------
 
 
 
-- 
----------------------------------
Yuuhei HAYASHI
08065300884
yuuhei.hayashi@gmail.com
iehuuy_0220@docomo.ne.jp
----------------------------------
 
 
_______________________________________________
Dots mailing list
Dots@ietf.org
https://www.ietf.org/mailman/listinfo/dots
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email