Re: [Dots] Warren Kumari's No Objection on draft-ietf-dots-architecture-16: (with COMMENT)
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 06 February 2020 08:48 UTC
Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CF7B120024 for <dots@ietfa.amsl.com>; Thu, 6 Feb 2020 00:48:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id beana6Sojp7j for <dots@ietfa.amsl.com>; Thu, 6 Feb 2020 00:48:24 -0800 (PST)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [63.128.21.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62ED31200CE for <dots@ietf.org>; Thu, 6 Feb 2020 00:48:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1580978903; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+43jAdYuXk2XmCjtKlmc9hmrwUO4+Ic8ic9IFwMzoH4=; b=S3ca8kQyNmMo/fvfCK1FfLmtkc4oCurv/sWQn3M2a4cMU4y5j2YWpp6bkEHWjulEHHOVFs arm+JbIshrnCB0KQZB3GTgW5FCT5M3qkhNklEkv6XLlIBa2IXsk/7fCUeRFP1PE2ktzM0W DJftfZGeHl7hLVTknp154W/mvH/oHG0=
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11lp2176.outbound.protection.outlook.com [104.47.56.176]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-232-3Q-pJRhFMKCas3Jx0ZJXvQ-1; Thu, 06 Feb 2020 03:47:04 -0500
Received: from DM5PR1601MB1259.namprd16.prod.outlook.com (10.172.87.13) by DM5PR1601MB1225.namprd16.prod.outlook.com (10.172.89.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.21; Thu, 6 Feb 2020 08:47:00 +0000
Received: from DM5PR1601MB1259.namprd16.prod.outlook.com ([fe80::5465:6a91:941f:36e0]) by DM5PR1601MB1259.namprd16.prod.outlook.com ([fe80::5465:6a91:941f:36e0%10]) with mapi id 15.20.2707.023; Thu, 6 Feb 2020 08:47:00 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Warren Kumari <warren@kumari.net>, The IESG <iesg@ietf.org>
CC: Roman Danyliw <rdd@cert.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "valery@smyslov.net" <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>, "draft-ietf-dots-architecture@ietf.org" <draft-ietf-dots-architecture@ietf.org>
Thread-Topic: [Dots] Warren Kumari's No Objection on draft-ietf-dots-architecture-16: (with COMMENT)
Thread-Index: AQHV3EoQeFJubEe7J0uSunHWCfz73KgNvs8Q
Date: Thu, 06 Feb 2020 08:47:00 +0000
Message-ID: <DM5PR1601MB125936110226AE27F45501A6EA1D0@DM5PR1601MB1259.namprd16.prod.outlook.com>
References: <158092386119.12787.6879612110839501695.idtracker@ietfa.amsl.com>
In-Reply-To: <158092386119.12787.6879612110839501695.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.4.0.45
dlp-reaction: no-action
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fda6206b-921f-4062-071d-08d7aae121cd
x-ms-traffictypediagnostic: DM5PR1601MB1225:
x-microsoft-antispam-prvs: <DM5PR1601MB122509DDFA1692B5C27A09E4EA1D0@DM5PR1601MB1225.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0305463112
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(136003)(366004)(396003)(39860400002)(189003)(32952001)(199004)(66574012)(54906003)(110136005)(7696005)(4326008)(9686003)(55016002)(966005)(478600001)(86362001)(52536014)(76116006)(5660300002)(66446008)(64756008)(66556008)(66476007)(66946007)(26005)(186003)(71200400001)(53546011)(6506007)(81156014)(8936002)(8676002)(81166006)(33656002)(316002)(2906002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR1601MB1225; H:DM5PR1601MB1259.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: V2a/PhWlA0BUdjV2KrNCfp5mIryKsHS+iMFdY6iygfEf8MgYK7riURshYd66ydn6vyUgNXH0My97NC20PKeDJoCxg/EVi8yeTknkRTeQVsOrlH4S8roB+dBzHDaMVu1UZCXXEx66W8u7A9jM4dtEzF5vzb5mXmgn6R0NeDqT3+tbbTy0xL9p0OtW30BXM1TW7Xm+gCk7tu0jIzcyki5Oo4gUyV55l2SRAT5O9XYddlQesgqgBJaU3813W60pfCNpRWumrGWYMkAxXhJXRRKfLMWZg5qO6GxTWy/tvr+ow9Nc9f+q+1ufqCzIEfa9Q2wtpoSH9XfpXBIDtdOde8Ukaonls5KztsbDSCfMYuLeL1myh6tlNTMXw0XubKo6o0IQXLh74SXWz/sFunR32+Yfz2LL0Rmhcp6R7EH99lWLFe2/d2QynNzR4HGdiVgA57qnTzioTW3EzX4ZkKZVjJN6g/9XH9ggLqHKBERQzSOmfea91LCNO1ci/YCsOPitGgOKD07V8eQExYFwqd9bq1FM6eqv26dbyBMM5kKoq60kj4tTpeMr6/G9BMPDbqCSF5BLP4RyDpnurnoFZrcXneBA7xuuwtN2fGaSCwR1MjV79Ho=
x-ms-exchange-antispam-messagedata: R6pJl52s1Tg6875BKkBQkkSkFuDIS2lVf1sdkF5STYqQWzbu50zsnn/+uPsw/m1nL7O2gl2SDuR4pl6MAUe5o25Hc0YK3IsQ/dWzQNP9l0ryZfTA6nQ0bzNXZNgzN/znekXDRRtk6yqv1yWkiNinVw==
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: mcafee.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fda6206b-921f-4062-071d-08d7aae121cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Feb 2020 08:47:00.6223 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: XY6Audu1+aMuleetjGDfAr6J2zemwgbzL7YIOmsYW81rVslxcRrQ3BYQ4+5W9k+S73moA1xcPdLXPb8S+bwrkbKDe1T7gHwyv95iyNdt+5yRXymoPYwsBYD+LZJ2LAAK
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1601MB1225
X-MC-Unique: 3Q-pJRhFMKCas3Jx0ZJXvQ-1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: mcafee.com
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/GlL0IdfsGcLWYdK6_4ELC3A9CnM>
Subject: Re: [Dots] Warren Kumari's No Objection on draft-ietf-dots-architecture-16: (with COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 08:48:27 -0000
> -----Original Message----- > From: Dots <dots-bounces@ietf.org> On Behalf Of Warren Kumari via > Datatracker > Sent: Wednesday, February 5, 2020 11:01 PM > To: The IESG <iesg@ietf.org> > Cc: Roman Danyliw <rdd@cert.org>; dots-chairs@ietf.org; > valery@smyslov.net; dots@ietf.org; draft-ietf-dots-architecture@ietf.org > Subject: [Dots] Warren Kumari's No Objection on draft-ietf-dots- > architecture-16: (with COMMENT) > > CAUTION: External email. Do not click links or open attachments unless you > recognize the sender and know the content is safe. > > Warren Kumari has entered the following ballot position for > draft-ietf-dots-architecture-16: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dots-architecture/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Firstly, thank you for a well written, and easy to understand document -- I > personally always find architecture type documents helpful... Thanks. > > I do have a few non-blocking comments: > 1: "For example, if the DOTS client domain leverages the DDoS mitigation > service of its Internet Transit Provider (ITP), the ITP knows the prefixes > assigned to the DOTS client domain. However, if the DDoS Mitigation is > offered by a third party DDoS mitigation service provider, it does not know > the resources owned by the DOTS client domain." This is vastly > oversimplifying the real-world, to the point that it is harmful / propagates > dangerous misconceptions. ISPs may or may not know the prefixes assigned > to their customers - they really *should* know the prefixes that the client is > choosing to announce to them, but the client may have other prefixes which > they only announce through other transits (yes, in this case this ISP would > only be providing mitigations for prefixes announced to it, but this isn't clear). Agreed (the intent of the example is to discuss PA addresses). > In addition, if the DDoS mitigation is provides by a 3rd party, it could know > what resources are owned by the client -- in fact, it kind of has to if it is going > to agree to mitigate for those prefixes. The service level agreement may not include the prefixes used by the DOTS client domain (e.g., Enterprise network may switch ISPs, add new uplinks for multihoming, ISP renumbering etc.) > Note that I *almost* made this a > DISCUSS point - I really really think that this bit should be either carefully > revised, or, better yet, just struck... The above text was recently added to address the comment from Gen-ART review, will modify the example as follows: For example, if the DOTS client domain uses Provider-Aggregatable prefixes for its resources and leverages the DDoS mitigation service of the Internet Transit Provider (ITP), the ITP knows the prefixes assigned to the DOTS client domain because they are assigned by the ITP itself. > > 2: "Signal loss is not caused by links congested with attack traffic alone, and as > such mitigation requests triggered by signal channel degradation in either > direction may incur unnecessary costs, in network performance and > operational expense alike." The "operational expense" is vary vague - > enabling DDoS mitigations is almost definitely going to cause a user visible > impact, especially in the case where the mitigator announces a BGP route to > attract traffic. It depends on the DDoS mitigator capability (for example, scrubbing centers could be located across the world) or ISP could offer DDoS mitigation service and the user may not see any noticeable delay in the traffic when the mitigation is in progress. Further, content providers may use DDoS mitigation service all the time due to the frequency of attacks. > Is this covered by 'operational expense'? Yes >This section also > leaves out the fact that there is likely a financial impact. Updated line as follows for clarity: Signal loss is not caused by links congested with attack traffic alone, and as such mitigation requests triggered by signal channel degradation in either direction may incur unnecessary costs due to scrubbing traffic, adversely impact network performance and operational expense alike. > > 3: "The signal and data channels are loosely coupled, and may not terminate > on the same DOTS server." - s/may not/might not/. Every-time I'm sitting on > a plane and the safety briefing says that oxygen mask will fall from the ceiling > and that "the bag may not inflate" I have visions of IETFers (and similar > pedants!) sitting there and squeezing the bag to ensure that it doesn't... "the > bag *might* not inflate" is what is intended, and is also what you want :-P Barry raised the same comment, will fix in the next revision. Cheers, -Tiru > > > _______________________________________________ > Dots mailing list > Dots@ietf.org > https://www.ietf.org/mailman/listinfo/dots
- [Dots] Warren Kumari's No Objection on draft-ietf… Warren Kumari via Datatracker
- Re: [Dots] Warren Kumari's No Objection on draft-… Konda, Tirumaleswar Reddy