Re: [Dots] Secdir last call review of draft-ietf-dots-signal-channel-30

Michael Richardson <> Fri, 15 March 2019 13:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1304A131244; Fri, 15 Mar 2019 06:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pt-3tN36Ie7u; Fri, 15 Mar 2019 06:21:35 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AE5BE13124B; Fri, 15 Mar 2019 06:21:34 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 21C533826B; Fri, 15 Mar 2019 09:21:12 -0400 (EDT)
Received: by (Postfix, from userid 179) id 6326119BE; Fri, 15 Mar 2019 09:21:32 -0400 (EDT)
Received: from (localhost []) by (Postfix) with ESMTP id 6090312A4; Fri, 15 Mar 2019 09:21:32 -0400 (EDT)
From: Michael Richardson <>
To: "Konda, Tirumaleswar Reddy" <>
cc: "" <>, Stephen Farrell <>, "" <>, "" <>, "" <>, "" <>
In-Reply-To: <>
References: <> <787AE7BB302AE849A7480A190F8B93302EA3DFC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B93302EA3E475@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B93302EA3E6E1@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Fri, 15 Mar 2019 09:21:32 -0400
Message-ID: <10751.1552656092@localhost>
Archived-At: <>
Subject: Re: [Dots] Secdir last call review of draft-ietf-dots-signal-channel-30
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 15 Mar 2019 13:21:37 -0000

Konda, Tirumaleswar Reddy <> wrote:
    > Stephen is referring to an attack where a compromised DOTS client
    > initiates mitigation request for a target resource that is attacked and
    > learns the mitigation efficacy of the DOTS server, informs the
    > mitigation efficacy to DDoS attacker to change the DDoS attack
    > strategy.

Is there a word for an an infantry troup who goes behind enemy lines in order
to communicate how will the artilery is?  I guess a modern form is these
laser targetted missiles, where the target is "painted".

I don't know if there are words for this kind of thing, but this would seem
to describe the situation.

    > We can add the following lines to address his comment:

    > A compromised DOTS client can collude with a DDoS attacker to send
    > mitigation request for a target resource, learns the mitigation
    > efficacy from the DOTS server, and conveys the efficacy to the DDoS
    > attacker to learn the mitigation capabilities of the DDoS mitigation
    > and to possibly change the DDoS attack strategy. This attack can be
    > prevented by auditing the behavior of DOTS clients and authorizing the
    > DOTS client to request mitigation for specific target resources.

If a resource is already under attack, there are already mitigation requests
for that target, can a compromised DOTS client leaern anything by requesting
mitigation on the same target?

Michael Richardson <>, Sandelman Software Works
 -= IPv6 IoT consulting =-