Re: [Dots] Éric Vyncke's No Objection on draft-ietf-dots-architecture-16: (with COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 04 February 2020 06:58 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDE57120043; Mon, 3 Feb 2020 22:58:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.497
X-Spam-Level:
X-Spam-Status: No, score=-14.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ASJoKmIF; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=y14oTG0D
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54BQrWZu4CZ0; Mon, 3 Feb 2020 22:58:19 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FCDD120013; Mon, 3 Feb 2020 22:58:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=17703; q=dns/txt; s=iport; t=1580799487; x=1582009087; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=M0qIT5s4gL96W/IU/fBPzK8d49BSw9FI6hVHw7bC9pE=; b=ASJoKmIFEkBPP62QrlVR0iD/v9agm1FDWtxbKowKJoThkDbvDredr1/i PrcHwMg8z1o+sXSu06QXzyu4j3ApKkj7SQ4OclqA1z7h9lCxIZ5Y+LjJi rQzqBn+m5X6OQWMrZeeLivT/jBzr0hQZe82FhgGarjqz6EwZ4u1nY/kh4 8=;
IronPort-PHdr: 9a23:gHHJZhU4fo4rsymq4al9GjMQM7nV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSA92J8OpK3uzRta2oGXcN55qMqjgjSNRNTFdE7KdehAk8GIiAAEz/IuTtank3AtVEX1xo13q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DxAADeFDle/4ENJK1lHAEBAQEBBwEBEQEEBAEBgWkFAQELAYEkL1AFbFggBAsqCoQKg0YDinmCX4EBiGCJTIRigS4UgRADVAkBAQEMAQElCAIBAYRAAheCHSQ2Bw4CAw0BAQQBAQECAQUEbYU3DIVmAQEBAQMSER0BATcBDwIBCBEBAgECKAMCAgIfERQDAwMIAgQOBSKDBAGBfU0DLgEDC6EeAoE5iGJ1gTKCfwEBBYFDQYMfDQuCDAMGgTgBiVaCSRqBQT+BEScgghc1PoIbSQEBAQEBAYEnBQESAQk4DQmCWjKCLI1QEoI6O4VgiXmOckQKgjuHRopQBIQmG4JIiA6ESItqg0mTf4IokAsCBAIEBQIOAQEFgVkMJmdYEQhwFWUBgkFQGA2OHQwXFYM7hRSFP3QCAYEmiy6BIgGBDwEB
X-IronPort-AV: E=Sophos;i="5.70,398,1574121600"; d="scan'208,217";a="627368874"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Feb 2020 06:58:05 +0000
Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 0146w682002042 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 4 Feb 2020 06:58:06 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 4 Feb 2020 00:58:05 -0600
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 4 Feb 2020 01:58:04 -0500
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 4 Feb 2020 00:58:03 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZZvYyeJXvtdH491fJ2FPjhNwh9/S4YdYHdN9OigkPcBXITX19slNoE+4pNZb0kZtS7iCpsyTVCBZtkaaQhj9BGGT1JjlvZ0D37mfuXXZke3eCYcU/xrPSy6lNiLnnP8Dc7YkKIuKgPQoWvHY3c9o2vI42I7lZI6H7p4nHDJwJ2AKz0N+hzf6tTYNGFUYHEWfEvyhPI8+6xGh2E7ap83XGgDMeonY3TQKUeMTq1Dgq1RFMW4KxD9kuLcj3xcOvb9J557L4hNhnCR0EQtfmgBN5euLDxG+f4ryc08gMYlrQSe9pBox4Sk3pTqxfCMIsHM1WONOJs7viLVg64kCDyG0Cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M0qIT5s4gL96W/IU/fBPzK8d49BSw9FI6hVHw7bC9pE=; b=HhJ16FyAmWtcYiHahqqVESyk4Syri2tz3VBeSnht8/X/trqKZHpaZJbbe0BluSjiqksp4t7qzweI8NnALI6Cv2nFAjtB24tM+xs2xsci0zQu+Q2+VOifIxr/NC2RJihL3sCsqAJbDMWdtp6JtmIMQxjE4L8IQjIUgyrLrbziNI5m/791kalagsOXdOzXEbI/5t5Hgr3FwJ6PBE0q8d18TXfSm6gL8Xe0TWBgrWtgWXYXHhjx6keWcYw2YHevFFKgJzTX6NmtTC26nv46nOhmeF3iHn8JDa4QrmcwRx3WDXmjMGXAy9DJh1IIfNxvRyy9CybJR+O8lQU/3msj1Pouug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M0qIT5s4gL96W/IU/fBPzK8d49BSw9FI6hVHw7bC9pE=; b=y14oTG0DVAB5PXQ8TsiCLoChcTdn2XUo4tne4emyPa9Ppm2XGTOkwQzixS4KKOfkAeGMNttzGTAyXsz+ZKPsd8z32enWgoTAzq/BClDb47nNGbANVEHckRQiBaPwmLdjZzuLKOICSB+aAPl3X/wHGvOptMeVrs1IUxR7NtVJCsw=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (10.175.88.141) by DM5PR11MB1481.namprd11.prod.outlook.com (10.172.36.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.32; Tue, 4 Feb 2020 06:58:02 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::bcaa:91e6:c27b:b8ff]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::bcaa:91e6:c27b:b8ff%11]) with mapi id 15.20.2686.031; Tue, 4 Feb 2020 06:58:02 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: tirumal reddy <kondtir@gmail.com>
CC: Roman Danyliw <rdd@cert.org>, Valery Smyslov <valery@smyslov.net>, "draft-ietf-dots-architecture@ietf.org" <draft-ietf-dots-architecture@ietf.org>, "dots@ietf.org" <dots@ietf.org>, The IESG <iesg@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-dots-architecture-16: (with COMMENT)
Thread-Index: AQHV2wkFS+QZC5FdwkW3TOGEDqhA5KgKq5KA
Date: Tue, 04 Feb 2020 06:58:02 +0000
Message-ID: <DF09511E-C705-4E9A-8A79-4B6E40BA774A@cisco.com>
References: <158072512768.28459.10822203567819861277.idtracker@ietfa.amsl.com> <CAFpG3gfiktWgo=o3a23MUTg3APHgAfGPcpS3Vkg-7tGM7TW2Qw@mail.gmail.com>
In-Reply-To: <CAFpG3gfiktWgo=o3a23MUTg3APHgAfGPcpS3Vkg-7tGM7TW2Qw@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [92.184.117.8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c91058b0-d4b0-45cd-d90c-08d7a93f93d6
x-ms-traffictypediagnostic: DM5PR11MB1481:
x-microsoft-antispam-prvs: <DM5PR11MB14810D9D9049BDE0AA4036AAA9030@DM5PR11MB1481.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03030B9493
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(396003)(366004)(136003)(39860400002)(376002)(189003)(199004)(53546011)(21615005)(6506007)(2906002)(36756003)(966005)(478600001)(4326008)(33656002)(186003)(8936002)(6486002)(81156014)(316002)(81166006)(54906003)(86362001)(2616005)(6916009)(26005)(5660300002)(66446008)(71200400001)(224303003)(66556008)(66946007)(64756008)(91956017)(6512007)(76116006)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1481; H:DM5PR11MB1753.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: IKxZJoDdl+69BHJysfLFps2kFTXn3YG2Mqy9bbNMY82yF0Ma5Q6DwGkD8WJUfU/pociclwM8cHTwopuarJUBqtGHzPJn3dPq/5F1CS8uIaqdYOL2WfDEdYhe7+6LQpJiMi8PSAvOh5F54hVMg7E6hR61oRgPjxakcv7SkKNdodYlabjzcTXPAfZgT+J5DnW6Fcq86D+XgFoaIKDiqHPImJoPgO67lITxfLnYOPPLLRVd+UpEiHBRYivqD2P/eb3p8BxwUGN2iRLCwr4DJfYGhqSx9omTJh+rYuT3kxGTO4fWr+jiLksZ3PIKf5KifJ2oXysi7TM4StRpnP3lBy6IDdvfyIg/pIFVjs2rTJyP7K9rvifVBxWKk7Y7eQKQTnxakS4uWTTIfcl6n/8Uf86Yi71v6lXZLu9Hsbvr1qkv3l0+Utdlen0ICdMfRQhJLR4O2JINfNGFi716pFwx67FOBVHQSNQhOYk3A+Xvf6DEe5nBzeQk1bQRbapmJMlRna+kMOdsn1mVY9GwOoZAwQiGWg==
x-ms-exchange-antispam-messagedata: paCCBCm+xGTO4ApskpQuN24absswp6iDfee7kd/ZYsXCR14Ldaa/jqfmMxneJm1rbLdC1xbdEQd9pyea4MUfdUW3rTguPPSD2ngm3wFtYjJacuXE2Ugwm9JT0aRfQ3lQWC2R670C2h0LgTp+9LeUkA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DF09511EC7054E9A8A794B6E40BA774Aciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c91058b0-d4b0-45cd-d90c-08d7a93f93d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Feb 2020 06:58:02.3229 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dOLXxFqJPeHqJrq0TUPIJ1KQ2Vj+d5Z0RJZ0I+uWvhYGZ4lnhlm6xMHdWx7uApFBsc5mH57IyLnWY9/po45WrA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1481
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.20, xch-rcd-010.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/LZDROZ4Nz7mis1h7jfLEc5Ttfwg>
Subject: Re: [Dots] Éric Vyncke's No Objection on draft-ietf-dots-architecture-16: (with COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2020 06:58:23 -0000
Tiru, Thank you for the prompt reply. My comments/questions were not blocking but I appreciate your reply. Regards -éric From: iesg <iesg-bounces@ietf.org> on behalf of tirumal reddy <kondtir@gmail.com> Date: Tuesday, 4 February 2020 at 04:13 To: Eric Vyncke <evyncke@cisco.com> Cc: Roman Danyliw <rdd@cert.org>, Valery Smyslov <valery@smyslov.net>, "draft-ietf-dots-architecture@ietf.org" <draft-ietf-dots-architecture@ietf.org>, "dots@ietf.org" <dots@ietf.org>, The IESG <iesg@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org> Subject: Re: Éric Vyncke's No Objection on draft-ietf-dots-architecture-16: (with COMMENT) Hi Eric, Thanks for the review. Please see inline On Mon, 3 Feb 2020 at 15:48, Éric Vyncke via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: Éric Vyncke has entered the following ballot position for draft-ietf-dots-architecture-16: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dots-architecture/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Dear authors, Thank you for the work put into this document. As a side note, I really liked the section about the manual/over-the-phone part of it. Until now, I have read only this document (dots-architecture) from the dots WG, so, please accept my ignorance for details. But, I have a couple of non-blocking questions where your reply will be welcome and appreciated: Q1) is the monetary cost part of the DOTS signaling ? (I.e., the mitigator telling the target that it will cost so many EUR per hour) No, monetary cost is not part of the DOTS signaling. Q2) Using DOTS in an under-attack network, did you consider recommending dual-stack signaling to cope with the rare case where IPv4 is disrupted while IPv6 still works (of course if the DoS is plain flooding this won't help a lot probably; and the dual proposition exists). Yes, Happy Eyeballs for DOTS signal channel is discussed in https://tools.ietf.org/html/draft-ietf-dots-signal-channel-41#section-4.3 Q3) While I appreciate the value of Anycast DOTS server, hence UDP is mostly required for signaling transport, I wonder whether the choice of UDP (often used AFAIK as volumetric attack as it is easier to spoof) is a good choice compared to TCP or DSCP or ... Both DTLS over UDP and TLS over TCP is used by the DOTS signal channel (UDP is given higher precedence than TCP). DTLS is capable of defending against DoS attack by using the stateless cookie mechanism (see https://tools.ietf.org/html/rfc6347#section-4.2.1) Q4) When having multiple DOTS servers, I assume that the case of a dual-stack DOTS server is also covered. Therefore, a word on whether Happy Eyeball (RFC 8305) should probably be useful **IF** applicable Happy Eyeball is discussed in detail in the DOTS signal channel protocol specification. Cheers, -Tiru Regards -éric Regards, -éric
- [Dots] Éric Vyncke's No Objection on draft-ietf-d… Éric Vyncke via Datatracker
- Re: [Dots] Éric Vyncke's No Objection on draft-ie… tirumal reddy
- Re: [Dots] Éric Vyncke's No Objection on draft-ie… Eric Vyncke (evyncke)