[Dots] WGLC signal draft: Conflict information conflicts
"Jon Shallow" <supjps-ietf@jpshallow.com> Thu, 16 August 2018 07:23 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEAB7130EC2 for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 00:23:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9gIA6zVG90n for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 00:23:55 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F8CB1274D0 for <dots@ietf.org>; Thu, 16 Aug 2018 00:23:55 -0700 (PDT)
Received: from [127.0.0.1] (helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.90_1) (envelope-from <jon.shallow@jpshallow.com>) id 1fqCdN-0003ME-FT for ietf-supjps-dots@ietf.org; Thu, 16 Aug 2018 08:23:53 +0100
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: dots@ietf.org
Date: Thu, 16 Aug 2018 08:23:52 +0100
Message-ID: <019701d43532$15826110$40872330$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0198_01D4353A.77480190"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdQ1MhVo+Ls9fJ86SFKNTBk529RlrQ==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Gpk0sAqWo8oPblyPO_4deG941Zk>
Subject: [Dots] WGLC signal draft: Conflict information conflicts
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 07:23:57 -0000
Hi there, Issue A. It is undefined as to how to tell the DOTS client that 4.09 conflict for a "cuid" has occurred as in 4.1.1 Request Mitigation DOTS servers MUST return 4.09 (Conflict) error code to a DOTS peer to notify that the 'cuid' is already in-use by another DOTS client. Upon receipt of that error code, a new 'cuid' MUST be generated by the DOTS peer. The DOTS client generates a new "cuid" for every 4.09 ??? I think we need a new conflict status 4: DOTS server has detected the presented 'cuid' is already in use by another DOTS client. A new 'cuid' needs to be generated. And text updated DOTS servers MUST return 4.09 (Conflict) error code to a DOTS peer to notify that the 'cuid' is already in-use by another DOTS client, along with a conflict-status of 4. Upon receipt of that error code and conflict-status, a new 'cuid' MUST be generated by the DOTS peer. Issue B. We have confusion over the use of the word "different" for "different DOTS client" - this was previously brought up but got lost on the way. The following is (correctly) for the same client For example, if the DOTS server receives a mitigation request which overlaps with an existing mitigation with a higher numeric 'mid', the DOTS server rejects the request by returning 4.09 (Conflict) to the DOTS client. The response includes enough information for a DOTS client to recognize the source of the conflict as described below: Yet we later have (which really should be corrected) If the request is conflicting with an existing mitigation request from a different DOTS client, the DOTS server may return 2.01 (Created) or 4.09 (Conflict) to the requesting DOTS client. If the DOTS server decides to maintain the new mitigation request, the DOTS server returns 2.01 (Created) to the requesting DOTS client. If the DOTS server decides to reject the new mitigation request, the DOTS server returns 4.09 (Conflict) to the requesting DOTS client. For both 2.01 (Created) and 4.09 (Conflict) responses, the response includes enough information for a DOTS client to recognize the source of the conflict as described below: conflict-information: Indicates that a mitigation request is conflicting with another mitigation request(s) from other DOTS client(s). This optional attribute has the following structure: conflict-status: Indicates the status of a conflicting mitigation request. The following values are defined: 1: DOTS server has detected conflicting mitigation requests from different DOTS clients. This mitigation request is currently inactive until the conflicts are resolved. Another mitigation request is active. 2: DOTS server has detected conflicting mitigation requests from different DOTS clients. This mitigation request is currently active. 3: DOTS server has detected conflicting mitigation requests from different DOTS clients. All conflicting mitigation requests are inactive. Issue C. 'mid' is missing from the second definition of conflict-scope as in conflict-scope: Indicates the conflict scope. It may include a list of IP addresses, a list of prefixes, a list of port numbers, a list of target protocols, a list of FQDNs, a list of URIs, a list of alias-names, or references to conflicting ACLs. Regards Jon
- [Dots] WGLC signal draft: Conflict information co… Jon Shallow
- Re: [Dots] WGLC signal draft: Conflict informatio… mohamed.boucadair
- Re: [Dots] WGLC signal draft: Conflict informatio… Jon Shallow