IETF Logo Mail Archive

Re: [Dots] WGLC on draft-ietf-dots-architecture-08

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 29 November 2018 13:25 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79399130DD4 for <dots@ietfa.amsl.com>; Thu, 29 Nov 2018 05:25:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.261
X-Spam-Level:
X-Spam-Status: No, score=-4.261 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AYRgNa1UOkDl for <dots@ietfa.amsl.com>; Thu, 29 Nov 2018 05:25:25 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D21E128BCC for <dots@ietf.org>; Thu, 29 Nov 2018 05:25:25 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1543497942; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-ms-exchange-senderadcheck: x-exchange-antispam-report-cfa-test:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=dQ0XDE4DwKEfRY83FP/4gqbVSndZo67mVnTtuQ F10+8=; b=dqAd4pWHOQn4/v6P/wPSyxU0T/koCR31L3etDR2L LZoxxWMxlG5ZTUk1oaCuXUhtsJFoe8bwx0z+7W9tW7pLvcfUlt XpDLk0KuklvwrZIjdYgNDUPi1TgbxVSaV4bFEkhY0CQ6vHzenW jAf29ddIa31wkdWB+Ic46rwTDq95smk=
Received: from DNVEXAPP1N06.corpzone.internalzone.com (unknown [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 3aab_c1dd_59b49b7a_8e06_4022_8ab8_8bdc22b6b886; Thu, 29 Nov 2018 07:25:41 -0600
Received: from DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 29 Nov 2018 06:25:22 -0700
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 29 Nov 2018 06:25:21 -0700
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Thu, 29 Nov 2018 06:25:21 -0700
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 29 Nov 2018 06:25:20 -0700
Received: from BN6PR16MB1425.namprd16.prod.outlook.com (10.172.207.19) by BN6PR16MB1732.namprd16.prod.outlook.com (10.172.28.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1361.19; Thu, 29 Nov 2018 13:25:19 +0000
Received: from BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::b8de:7bb:cfa3:22ee]) by BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::b8de:7bb:cfa3:22ee%8]) with mapi id 15.20.1361.019; Thu, 29 Nov 2018 13:25:19 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Roman Danyliw <rdd@cert.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: WGLC on draft-ietf-dots-architecture-08
Thread-Index: AdSGnlgla3cLRB5MRLWQWFaJSQftBABEEW3wAAZceYA=
Date: Thu, 29 Nov 2018 13:25:19 +0000
Message-ID: <BN6PR16MB1425AD85A67FFE5A0EA5A769EAD20@BN6PR16MB1425.namprd16.prod.outlook.com>
References: <359EC4B99E040048A7131E0F4E113AFC0184C49169@marathon> <787AE7BB302AE849A7480A190F8B93302E04F649@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302E04F649@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.0.61
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [122.167.21.83]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR16MB1732; 6:o3mdA0USIPLBRD5xcl6DNoZjPFMTM5d8UjH7H9zuw7Y9uvGmLC5E2RlUlaUR2aRcjaX+svg4jzne88FsVfhnvW2dgn+/8Qbe5Bt0L0G4d4+KfxA4EQYGyQOKid1iqema//zoiKetDRAVo5OKwXC87GI4RQiuxQFgb38IkFCzjOvti01EjGWZaphedVQp6uyM4kp9qhPg3KXAqVm1JtUicOxfHzqnrk4g+zSJKzC5xIvMWaxfWk/fYNS64n1KMumwm+iA/tXlmCTFHD6y8DDo04vXtLSdvc24j1AcxIsICVXvk4K3j+V0WbSR5VnfFQTlor/CNicas8cApj7q7thk80/nhnzoKQ0ts0gSC95I0VbKXcUmtgkVSq7jHaLXhkMp26G1mfKyFpupux6f4L8GKw1zwk3iLM/YhXPrjnDsuK35sDmO1i1pC66zXaxB4iRLifmpIDiBgHLoGVARk50K0Q==; 5:X6/J3bZywG7nc+jNIGwVUMpaRYs1HxYcj/QSMqe93g/88fI7SK8jV86+EsHA7rZQw+uBECq83rwD0SRSW8NwgxyRTmqxpttV5ZCbf9deAAflbL/tBxgPYBmloCKgFoeLyXAUMkUXLmQ8dxZeliLn04Z8QhJRUuUzETiUDD5h73Q=; 7:nJ/g9ZWw4Wy6gP2+N3R9sCTzZNoLapXeq4SXD/3KEZ7dfBEsk1BwDRZVUUBll7/g8B/6OJAn+kpZpPIkBLaRfr/3LLUVT+tEW/8xLWddRU2sGbJ+1HAONySTMy0/KjQ7l2Lda6nRqSFqSYXhrur3rQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: b69cf644-3714-4e09-5607-08d655fe1baa
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:BN6PR16MB1732;
x-ms-traffictypediagnostic: BN6PR16MB1732:
x-microsoft-antispam-prvs: <BN6PR16MB1732EDB10B1EAE00E01C5E28EAD20@BN6PR16MB1732.namprd16.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231453)(999002)(944501447)(52105112)(93006095)(93001095)(10201501046)(3002001)(148016)(149066)(150057)(6041310)(20161123560045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:BN6PR16MB1732; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB1732;
x-forefront-prvs: 0871917CDA
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(39860400002)(136003)(376002)(346002)(366004)(55784004)(32952001)(13464003)(189003)(199004)(6246003)(6306002)(55016002)(53936002)(68736007)(2906002)(2501003)(9686003)(72206003)(966005)(478600001)(78486014)(186003)(53546011)(476003)(26005)(486006)(446003)(71190400001)(5660300001)(14454004)(71200400001)(86362001)(14444005)(256004)(11346002)(6506007)(76176011)(7696005)(99286004)(102836004)(74316002)(33656002)(110136005)(81166006)(3846002)(316002)(6116002)(97736004)(305945005)(66066001)(80792005)(8936002)(6436002)(81156014)(229853002)(106356001)(7736002)(105586002)(25786009)(8676002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB1732; H:BN6PR16MB1425.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: RAkmsdhvd0PbDvvVutklXnxpz/Qsn1ddQKuNPda/2ki5LVVt/BszP/ZYfaumUrJ06RZkfK4lNDeT1V+T2tIuUoV0Kqf2ZarJctGSSN+7+LCR3i5bi5Sb3C0ncrdV8QCWkhQRMWMKEG6J/E9N6ZDH4UsMVlrrbjq9pXbMQNo6oriVqGbTniUYN2mKgjFjwOl/Zb5EMglc8rra+PklhqTTyNHBZXada+zkSOYWDeX0HUsNkcqe2gO5x+YFUZ5ivB4u30aIeRnMCNnjHuyxTCeCtWX15bfYwh/M8eg4RPsiEC9Dvo/EElti6jZaZ2+MElE9Ml2yEv3iAGR+BtFGPfBwta7EiZFaJIjnObltDoeTzE0=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: b69cf644-3714-4e09-5607-08d655fe1baa
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Nov 2018 13:25:19.2004 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB1732
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6429> : inlines <6974> : streams <1805674> : uri <2757589>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/E1374i_SfPXvmAsdFEcxGfM_4Ec>
Subject: Re: [Dots] WGLC on draft-ietf-dots-architecture-08
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Nov 2018 13:25:29 -0000


> -----Original Message-----
> From: Dots <dots-bounces@ietf.org> On Behalf Of
> mohamed.boucadair@orange.com
> Sent: Thursday, November 29, 2018 2:01 PM
> To: Roman Danyliw <rdd@cert.org>; dots@ietf.org
> Subject: Re: [Dots] WGLC on draft-ietf-dots-architecture-08
> 
> 
> 
> Hi Roman, all,
> 
> I support this draft to be sent to the IESG for publication.
> 
> Some easy-to-fix comment, though:
> 
> (1) The document cites [I-D.ietf-dots-requirements] in may occurrences. I
> suggest these citations to be more specific, that is to point the specific REQ# or
> the section. Doing so would help readers not familiar with DOTS documents to
> easily link the various pieces.
> 
> (2) I used to point people to the DOTS architecture I-D when I receive
> comments/questions about the notion of "DOTS session" and to the
> Requirements I-D for clarification about DOTS channels. It seems that some
> clarifications are needed in the architecture I-D to explain for readers not
> familiar with all DOTS documents, for example:
> - the link with the underlying transport sessions/connections and security
> associations.
> - mitigations are not bound to a DOTS session but to a DOTS client/domain.
> 
> (3) The signal channel I-D uses "DOTS signal channel session", "DOTS signal
> channel sessions" and "DOTS data channel session" to refer to specific DOTS
> sessions. I'd like to have these terms introduced also in the arch I-D.
> 
> BTW, the signal channel uses in few occurrences "DOTS session"; those can be
> changed to "DOTS signal channel session". There is no occurrence of "DOTS
> session" in the data channel I-D.

I don't see a need to modify the "DOTS session" discussed in the signal channel draft, https://tools.ietf.org/html/draft-ietf-dots-architecture-07#section-3.1 defines the term "DOTS session". However, I agree with your comments to update the section 3.1 to add the following lines:
Mitigation requests created using a DOTS session are not bound to the DOTS session. Mitigation requests are associated with a DOTS client and can be managed using different DOTS sessions. A DOTS session is associated with a single transport connection (e.g. TCP or UDP session) and an ephemeral security association (e.g. a TLS or DTLS session). 

The DOTS signal data channel session is a mutually authenticated DOTS session between DOTS agents.

DOTS data channel draft is not using the term "DOTS data channel session", we can fix the signal channel draft to use "DOTS data channel" instead of "DOTS data channel session".

Cheers,
-Tiru

> 
> Thank you.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Dots [mailto:dots-bounces@ietf.org] De la part de Roman Danyliw
> > Envoyé : mardi 27 novembre 2018 23:15 À : dots@ietf.org Objet : [Dots]
> > WGLC on draft-ietf-dots-architecture-08
> >
> > Hello!
> >
> > Consistent with our discussion at the Bangkok meeting, we are starting
> > a working group last call (WGLC) for the DOTS architecture draft:
> >
> > DOTS Architecture
> > draft-ietf-dots-architecture-08
> > https://tools.ietf.org/html/draft-ietf-dots-architecture-08
> >
> > Please send comments to the DOTS mailing list -- feedback on remaining
> > issues or needed changes; as well as endorsements that this draft is ready.
> >
> > This WGLC will end on December 12, 2018.
> >
> > Thanks,
> > Roman and Frank
> >
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email