Re: [Dots] Murray Kucherawy's No Objection on draft-ietf-dots-signal-filter-control-06: (with COMMENT)
mohamed.boucadair@orange.com Mon, 22 June 2020 05:52 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A01513A092B; Sun, 21 Jun 2020 22:52:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xX_pTxk4u24l; Sun, 21 Jun 2020 22:52:08 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B2533A0925; Sun, 21 Jun 2020 22:52:08 -0700 (PDT)
Received: from opfedar00.francetelecom.fr (unknown [xx.xx.xx.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by opfedar27.francetelecom.fr (ESMTP service) with ESMTPS id 49qz7p3xD2z2xb4; Mon, 22 Jun 2020 07:52:06 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1592805126; bh=NLKuFat6gQqql966jKGYC1oThY39NaDsoIH4WBK4hMU=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=b2e9ATMbi17IqhhvpghZYwxbMSwh5mj414jL8wEd6DvA1JpTsqER17nQrpgjmdp2G vSKFf6El3bXfRCsBTQiqR2fGgMARj2F/0EHxc97GoZtpsP0BCdPBv+KIYOkjMBEBZo oU0BoITyMex9hu+8cGKWGNpJni6KARYK61hGFzXkDoZEcuAj1zZga+mBrlDcp344Bq Hmi2/LmNGXwD3jDsV45XWxvsAHuieINuLy9rJtRF+6ZLq+tLPL+q9NB4DMdIQbYmX7 EoDhxtT/ZSqZKDETEuZRUdOO/gstiIzV91S2U0fSRARZskBrZV8BTWAot4B9YbmNBK TQDd5eMv/Tvsw==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by opfedar00.francetelecom.fr (ESMTP service) with ESMTPS id 49qz7p2FbVzCqk7; Mon, 22 Jun 2020 07:52:06 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Murray Kucherawy <superuser@gmail.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-dots-signal-filter-control@ietf.org" <draft-ietf-dots-signal-filter-control@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "dots@ietf.org" <dots@ietf.org>, Valery Smyslov <valery@smyslov.net>, Liang Xia <frank.xialiang@huawei.com>
Thread-Topic: Murray Kucherawy's No Objection on draft-ietf-dots-signal-filter-control-06: (with COMMENT)
Thread-Index: AQHWR/nMxCKJiZikB0+Q0v+dxNPMBKjkIfEw
Date: Mon, 22 Jun 2020 05:52:05 +0000
Message-ID: <8418_1592805126_5EF04706_8418_303_1_787AE7BB302AE849A7480A190F8B9330314E4A4F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <159276412220.8151.4554809718487944981@ietfa.amsl.com>
In-Reply-To: <159276412220.8151.4554809718487944981@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/HV9O_xUcb_bCC3dwHLArYam2a1w>
Subject: Re: [Dots] Murray Kucherawy's No Objection on draft-ietf-dots-signal-filter-control-06: (with COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 05:52:12 -0000
Hi Murray, Thank you for the review. I implemented almost all your suggestions. An updated version can be seen at: https://github.com/boucadair/filter-control/blob/master/draft-ietf-dots-signal-filter-control-06.txt FWIW, a diff is available here: https://github.com/boucadair/filter-control/blob/master/IESG-Review%20Murray.pdf Cheers, Med > -----Message d'origine----- > De : Murray Kucherawy via Datatracker [mailto:noreply@ietf.org] > Envoyé : dimanche 21 juin 2020 20:29 > À : The IESG > Cc : draft-ietf-dots-signal-filter-control@ietf.org; dots-chairs@ietf.org; > dots@ietf.org; Valery Smyslov; Liang Xia > Objet : Murray Kucherawy's No Objection on draft-ietf-dots-signal-filter- > control-06: (with COMMENT) > > Murray Kucherawy has entered the following ballot position for > draft-ietf-dots-signal-filter-control-06: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dots-signal-filter-control/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Some minor stuff only: > > Section 1.1: > > OLD: > > A typical case is a conflict between filtering rules installed by a > DOTS client and the mitigation actions of a DDoS mitigator. Such > case is a DOTS client which configures during 'idle' time (i.e., no > mitigation is active) some filtering rules using the DOTS data > channel protocol to permit traffic from accept-listed sources, but > during a volumetric DDoS attack the DDoS mitigator identifies the > source addresses/prefixes in the accept-listed filtering rules are > attacking the target. For example, an attacker can spoof the IP > addresses of accept-listed sources to generate attack traffic or the > attacker can compromise the accept-listed sources and program them to > launch a DDoS attack. > > NEW: > > A typical case is a conflict between filtering rules installed by a > DOTS client and the mitigation actions of a DDoS mitigator. Consider, > for instance, a DOTS client that configures during 'idle' time (i.e., no > mitigation is active) some filtering rules using the DOTS data > channel protocol to permit traffic from accept-listed sources. However, > during a volumetric DDoS attack the DDoS mitigator identifies the > source addresses/prefixes in the accept-listed filtering rules are > attacking the target. For example, an attacker can spoof the IP > addresses of accept-listed sources to generate attack traffic or the > attacker can compromise the accept-listed sources and program them to > launch a DDoS attack. > > Section 1.2: > > * "An augment to the DOTS signal channel ..." -- s/augment/amendment/ > ("augment" isn't a thing, it's an action) > > Section 3.2.1: > > * Although this section declares the acronym "ACE" for "Access Control > Entry", > that acronym is used nowhere else in the document. > > * "... notifies that DOTS client with the change ..." -- s/with/of, I > think? > > Section 6: > > * "... does not allow to create new filtering rules ..." -- s/to > create/creation of/ > > * "... entitled to access only to resources ..." -- s/only to/only those/ > > _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [Dots] Murray Kucherawy's No Objection on draft-i… Murray Kucherawy via Datatracker
- Re: [Dots] Murray Kucherawy's No Objection on dra… mohamed.boucadair