Re: [Dots] Feedback on draft-nishizuka-dots-inter-domain-mechanism-01
"Xialiang (Frank)" <frank.xialiang@huawei.com> Wed, 20 July 2016 07:33 UTC
Return-Path: <frank.xialiang@huawei.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2230D12D0DE for <dots@ietfa.amsl.com>; Wed, 20 Jul 2016 00:33:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.508
X-Spam-Level:
X-Spam-Status: No, score=-5.508 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QdmaWL1YC68V for <dots@ietfa.amsl.com>; Wed, 20 Jul 2016 00:33:56 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66CAB12B02A for <dots@ietf.org>; Wed, 20 Jul 2016 00:33:55 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml701-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CSW68669; Wed, 20 Jul 2016 07:33:53 +0000 (GMT)
Received: from SZXEMA416-HUB.china.huawei.com (10.82.72.35) by lhreml701-cah.china.huawei.com (10.201.5.93) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 20 Jul 2016 08:33:53 +0100
Received: from SZXEMA502-MBS.china.huawei.com ([169.254.4.6]) by SZXEMA416-HUB.china.huawei.com ([10.82.72.35]) with mapi id 14.03.0235.001; Wed, 20 Jul 2016 15:33:46 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: "Roman D. Danyliw" <rdd@cert.org>
Thread-Topic: Feedback on draft-nishizuka-dots-inter-domain-mechanism-01
Thread-Index: AdHg3G2I7+sIKn4uRmu+1UP1dFri1gBdVsoQ
Date: Wed, 20 Jul 2016 07:33:45 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12AF949E3@SZXEMA502-MBS.china.huawei.com>
References: <359EC4B99E040048A7131E0F4E113AFC0104E1A3AD@marathon>
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC0104E1A3AD@marathon>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.200.217.219]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090204.578F2962.0008, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.6, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 65058a813727c959aa284fe15d2a856b
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/MQoRGqzz36uhMSaHvTbxMx-wsSQ>
Cc: "dots@ietf.org" <dots@ietf.org>
Subject: Re: [Dots] Feedback on draft-nishizuka-dots-inter-domain-mechanism-01
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 07:33:58 -0000
Hi Roman, Thanks for the detailed comments. My response is inline: B.R. Frank -----邮件原件----- 发件人: Dots [mailto:dots-bounces@ietf.org] 代表 Roman D. Danyliw 发送时间: 2016年7月18日 21:03 收件人: dots@ietf.org 主题: [Dots] Feedback on draft-nishizuka-dots-inter-domain-mechanism-01 Hello WG! WG chair hat off ... In reading through draft-nishizuka-dots-inter-domain-mechanism-01 I have the following feedback: (1) When an updated use case document is released, I'd recommend removing Section 3 and 4 and focus this document on describing only the protocol [Frank]: good point, that's what we are considering now. They should be in use cases or architecture drafts. (2) I recommend including language somewhere in the draft describing which set of use cases in the WG UC draft are satisfied. Currently Section 3-4 describe candidate use cases, but what about the other uses cases currently in the WG UC document? [Frank]: ok, we will. (3) Section 5, I recommend citing the references to HTTPS and TLS [Frank]: will do. (4) Section 5, Provisioning stage, "A DOTS client should register itself to the DOTS server, as well as enable capacity building in advance." In the context of DOTS, what protocol support is expected to "enable capacity building in advance"? [Frank]: In section 5.1.2, we have the details: "The customers (DOTS client) registers to the operator controller with the configuration and capability building including protection methods, process capacity, protected zone, security profile, white/black-list, etc". Does it make sense? (5) Section 5.1.1, customer_name, How should this name be generated? [Frank]: it's generated by DOTS client itself, but the custom_id is the unique value generated by the DOTS server (6) Section 5.1.1, ip_version, To what traffic does this version number refer? [Frank]: the version of the DOTS client's all traffic (7) Section 5.1.1, BGP_route, countermeasures, tunnel_information, next_hop, What is the format of this field? [Frank]: we will describe them with details in next version, thanks for reminds. (8) Section 5.1.1., SIP_URI and E164_number, I would recommend citing the reference. [Frank]: ok. (9) Section 5.1.1, protected_ports, To clarify, is this the subset of ports possible to enumerate in future mitigation requests? [Frank]: Yes, I think so. I tend to think there should be some restriction here, which means dots server only protect those ports that have been registered. (10) Section 5.1.1, whitelist and blacklist, I would recommend being explicit on what the DOTS server is supposed to do with this list. [Frank]: In registration response message, it can indicate whether DOTS server can support it. Do you mean more information than this? (11) Section 5.1.1, How is a registration request rejection signaled? [Frank]: we have the details in the last bullet of section 5.1.2. Are they good enough? (12) When is the Heartbeat message sent [Frank]: It's periodically sent to the peer DOTS agents right after the DOTS registration process is finished, and till the DOTS client cancels its registration to the DOTS server. (13) I recommend adding the version field used in the messages in 5.2.1 to the provisioning messages in 5.1.1. [Frank]: point taken. (14) Section 5.2.1, DST_IP is used in the definition of multiple fields but is not defined. Is this field the same as dst_ip from packet_header? [Frank]: it should be the same. (15) Section 5.2.1, max_bandwidth, What is meant by the "max bandwidth the DOTS client can undertake"? Could you please clarify the semantics of this field. [Frank]: The DOTS client tell its maximum bandwidth capability to the DOTS server for its better decision. Does it make sense? (16) Section 5.2.1, packet_header, This field is defined a "IP packet header contents used for a report". What report is this definition referencing? [Frank]: I think it just simply means the mitigation request message~~ We need some improvement of the text. (17) Section 5.2.1, current_throughputs, What does it mean to have multiple CSV separated values in this field? [Frank]: good question. The reason we use multiple CSV is to send a set of attack information in one DOTS mitigation request message, for increasing the efficiency. (18) Section 5.2.1, health, Is there a standardized way to calculate this value? Is it pre-negotiated, out-of-band, between client/server? [Frank]: yes we need it. We will specify it in next version. Any good suggestion? (19) Section 5.2.1, payload, Should this be in the signal channel or the data channel? [Frank]: this payload is the sampled content of the attack traffic, which is sent during that attack time. So, the signaling channel is more suitable. (20) Section 5.2.1, hash, Is this hash calculated on the complete payload or the truncated value per the offset field? [Frank]: the truncated part. Roman _______________________________________________ Dots mailing list Dots@ietf.org https://www.ietf.org/mailman/listinfo/dots
- [Dots] 答复: Feedback on draft-nishizuka-dots-inter… Xialiang (Frank)
- Re: [Dots] Feedback on draft-nishizuka-dots-inter… Roman D. Danyliw
- Re: [Dots] Feedback on draft-nishizuka-dots-inter… Xialiang (Frank)
- [Dots] Feedback on draft-nishizuka-dots-inter-dom… Roman D. Danyliw