IETF Logo Mail Archive

Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-29.txt

<mohamed.boucadair@orange.com> Tue, 26 February 2019 15:12 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E72C813106E for <dots@ietfa.amsl.com>; Tue, 26 Feb 2019 07:12:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ipAP2uLn7uDI for <dots@ietfa.amsl.com>; Tue, 26 Feb 2019 07:12:00 -0800 (PST)
Received: from orange.com (mta240.mail.business.static.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAD041310B7 for <dots@ietf.org>; Tue, 26 Feb 2019 07:11:59 -0800 (PST)
Received: from opfedar06.francetelecom.fr (unknown [xx.xx.xx.8]) by opfedar20.francetelecom.fr (ESMTP service) with ESMTP id 4482NG0jHmz8thK; Tue, 26 Feb 2019 16:11:58 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.26]) by opfedar06.francetelecom.fr (ESMTP service) with ESMTP id 4482NF724jz3wbN; Tue, 26 Feb 2019 16:11:57 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM31.corporate.adroot.infra.ftgroup ([fe80::34b6:11d0:147f:6560%21]) with mapi id 14.03.0435.000; Tue, 26 Feb 2019 16:11:57 +0100
From: mohamed.boucadair@orange.com
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] I-D Action: draft-ietf-dots-signal-channel-29.txt
Thread-Index: AQHUysO2BSyTdnM0Qka7k+Ykw8xjSaXr/0pggAY1FWA=
Date: Tue, 26 Feb 2019 15:11:57 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA25825@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <155084937056.5323.18401033305053602209@ietfa.amsl.com> <DM6PR16MB27941968A6A96F37C8A64E32EA7F0@DM6PR16MB2794.namprd16.prod.outlook.com>
In-Reply-To: <DM6PR16MB27941968A6A96F37C8A64E32EA7F0@DM6PR16MB2794.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/E1rk8WJ1CxpnAXSnIAzY0hTBK2s>
Subject: Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-29.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2019 15:12:08 -0000

Hi Tiru, 

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda, Tirumaleswar
> Reddy
> Envoyé : vendredi 22 février 2019 17:20
> À : dots@ietf.org; i-d-announce@ietf.org
> Objet : Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-29.txt
> 
> Hi Med,
> 
> Couple of Nits:
> 
> 1)
> OLD:
> Likewise, 'sid' value is
> monotonically increased by the DOTS client for each configuration
> session, attackers replaying configuration requests with lower
> numeric 'sid' values will be rejected by the DOTS server if it
> maintains a higher numeric 'sid' value for this DOTS client.
> 
> NEW:
> Likewise, 'sid' value is
> monotonically increased by the DOTS client for each configuration
> request, attackers replaying configuration requests with lower
> numeric 'sid' values will be rejected by the DOTS server if it
> maintains a higher numeric 'sid' value for this DOTS client.
> 

[Med] OK for s/session/request. 

> 2)
> Define 'idle' time (i.e. when no attack traffic is present).

[Med] This one is not needed, IMHO. We do already have the following in the draft: 

   The same or distinct configuration sets may be used during times when
                                                              ^^^^^^^^^^
   a mitigation is active ('mitigating-config') and when no mitigation
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   is active ('idle-config').  This is particularly useful for DOTS
   ^^^^^^^^^^^^^^^^^
   servers that might want to reduce heartbeat frequency or cease
   heartbeat exchanges when an active DOTS client has not requested
   mitigation.  If distinct configurations are used, DOTS agents MUST
   follow the appropriate configuration set as a function of the
   mitigation activity (e.g., if no mitigation request is active, 'idle-
   config'-related values must be followed).  Additionally, DOTS agents
   MUST automatically switch to the other configuration upon a change in
   the mitigation activity (e.g., if an attack mitigation is launched
   after an 'idle' time, the DOTS agent switches from 'idle-config' to
   'mitigating-config'-related values).

> 
> -Tiru
> 
> > -----Original Message-----
> > From: Dots <dots-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
> > Sent: Friday, February 22, 2019 9:00 PM
> > To: i-d-announce@ietf.org
> > Cc: dots@ietf.org
> > Subject: [Dots] I-D Action: draft-ietf-dots-signal-channel-29.txt
> >
> > This email originated from outside of the organization. Do not click links
> or
> > open attachments unless you recognize the sender and know the content is
> safe.
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the DDoS Open Threat Signaling WG of the IETF.
> >
> >         Title           : Distributed Denial-of-Service Open Threat
> Signaling (DOTS)
> > Signal Channel Specification
> >         Authors         : Tirumaleswar Reddy
> >                           Mohamed Boucadair
> >                           Prashanth Patil
> >                           Andrew Mortensen
> >                           Nik Teague
> > 	Filename        : draft-ietf-dots-signal-channel-29.txt
> > 	Pages           : 99
> > 	Date            : 2019-02-22
> >
> > Abstract:
> >    This document specifies the DOTS signal channel, a protocol for
> >    signaling the need for protection against Distributed Denial-of-
> >    Service (DDoS) attacks to a server capable of enabling network
> >    traffic mitigation on behalf of the requesting client.
> >
> >    A companion document defines the DOTS data channel, a separate
> >    reliable communication layer for DOTS management and configuration
> >    purposes.
> >
> > Editorial Note (To be removed by RFC Editor)
> >
> >    Please update these statements within the document with the RFC
> >    number to be assigned to this document:
> >
> >    o  "This version of this YANG module is part of RFC XXXX;"
> >
> >    o  "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling
> >       (DOTS) Signal Channel Specification";
> >
> >    o  "| [RFCXXXX] |"
> >
> >    o  reference: RFC XXXX
> >
> >    Please update this statement with the RFC number to be assigned to
> >    the following documents:
> >
> >    o  "RFC YYYY: Distributed Denial-of-Service Open Threat Signaling
> >       (DOTS) Data Channel Specification (used to be I-D.ietf-dots-data-
> >       channel)
> >
> >    Please update TBD/TBD1/TBD2 statements with the assignments made by
> >    IANA to DOTS Signal Channel Protocol.
> >
> >    Also, please update the "revision" date of the YANG modules.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-dots-signal-channel/
> >
> > There are also htmlized versions available at:
> > https://tools.ietf.org/html/draft-ietf-dots-signal-channel-29
> > https://datatracker.ietf.org/doc/html/draft-ietf-dots-signal-channel-29
> >
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-ietf-dots-signal-channel-29
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email