Re: [Dots] AD Review of draft-ietf-dots-architecture-14
<mohamed.boucadair@orange.com> Fri, 10 January 2020 09:49 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B42E120814 for <dots@ietfa.amsl.com>; Fri, 10 Jan 2020 01:49:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yibCHRIl5J7a for <dots@ietfa.amsl.com>; Fri, 10 Jan 2020 01:49:10 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1CE01201DE for <dots@ietf.org>; Fri, 10 Jan 2020 01:49:09 -0800 (PST)
Received: from opfedar04.francetelecom.fr (unknown [xx.xx.xx.6]) by opfedar20.francetelecom.fr (ESMTP service) with ESMTP id 47vJ8z6C3Rz8t7h; Fri, 10 Jan 2020 10:49:07 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.70]) by opfedar04.francetelecom.fr (ESMTP service) with ESMTP id 47vJ8z507Qz1xpF; Fri, 10 Jan 2020 10:49:07 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM33.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0468.000; Fri, 10 Jan 2020 10:49:07 +0100
From: mohamed.boucadair@orange.com
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, Roman Danyliw <rdd@cert.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: AD Review of draft-ietf-dots-architecture-14
Thread-Index: AdXHMmoiRx3D3KUrRUiecOSiRVyATgAQ2HbAAAi9PtA=
Date: Fri, 10 Jan 2020 09:49:07 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330314072F3@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <359EC4B99E040048A7131E0F4E113AFC01E7100170@marchand> <DM5PR1601MB1259400B085262756BF3C125EA380@DM5PR1601MB1259.namprd16.prod.outlook.com>
In-Reply-To: <DM5PR1601MB1259400B085262756BF3C125EA380@DM5PR1601MB1259.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Moep7KxMib24ANMiVIlS3QnmSAs>
Subject: Re: [Dots] AD Review of draft-ietf-dots-architecture-14
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 09:49:11 -0000
Hi Tiru, all, Two minor comments inline. Cheers, Med > -----Message d'origine----- > De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda, > Tirumaleswar Reddy > Envoyé : vendredi 10 janvier 2020 10:05 > À : Roman Danyliw; dots@ietf.org > Objet : Re: [Dots] AD Review of draft-ietf-dots-architecture-14 > > Hi Roman, > > Thanks for the review. Please see inline > > > -----Original Message----- > > From: Dots <dots-bounces@ietf.org> On Behalf Of Roman Danyliw > > Sent: Friday, January 10, 2020 3:00 AM > > To: dots@ietf.org > > Subject: [Dots] AD Review of draft-ietf-dots-architecture-14 > > > > CAUTION: External email. Do not click links or open attachments unless > you > > recognize the sender and know the content is safe. > > > > Hello! > > > > The following is my AD review of draft-ietf-dots-architecture-14: ... > > > > ** Section 2.1 Per "It is not until this point that the mitigation > service is > > available for use.", this closing point about a mitigation service > follows from > > the previous description. However, I wanted to point out, the notion > of a > > "mitigation service" being available after a fully configured DOTS > client is not > > a construct previously used in the document or the terminology. It's > likely > > worth relating it to the previously defined terms like mitigator. > > "mitigation service" is already used in Sections 2 and 1.2 [Med] Given that only "mitigation" and "mitigator" are defined in the terminology inherited from RFC8612, I suggest to make this simple change: OLD: A simple example instantiation of the DOTS architecture could be an enterprise as the attack target for a volumetric DDoS attack, and an upstream DDoS mitigation service as the mitigator. NEW: A simple example instantiation of the DOTS architecture could be an enterprise as the attack target for a volumetric DDoS attack, and an upstream DDoS mitigator. The service provided by the mitigator is called: DDoS mitigation service. > > > > > ** Section 2.1. To avoid confusion on terms (i.e., from HTTP), > perhaps > > replace s/basic authorization/authorization/. > > Okay, replaced. > > > > > ** Section 2.2.2. Per "For a given DOTS client (administrative) > domain, the > > DOTS server needs to be able to determine whether a given target > resource > > is in that domain.", what is a "target resource" isn't clear. I think > it is meant to > > be the resource that is the target of the attack (that the DOTS client > is > > signaling about). > > Yes. > > > Also, the idea that DOTS clients have "domains" is a new > > concept here that needs clarification. > > I have simplified the text as follows: > For a given DOTS client (administrative) domain, the DOTS server needs > to be > able to determine whether a given resource is in that domain. For > example, this could take the form of associating a set of IP addresses > and/or > prefixes per DOTS client domain. [Med] Please make sure that the same wording is consistently used in the document. Typically, please make these changes in many places of the document: s/DOTS client's domain/DOTS client domain s/DOTS server's domain/DOTS server domain This is also to be aligned with the signal channel document. Thanks.
- [Dots] AD Review of draft-ietf-dots-architecture-… Roman Danyliw
- Re: [Dots] AD Review of draft-ietf-dots-architect… Roman Danyliw
- Re: [Dots] AD Review of draft-ietf-dots-architect… Konda, Tirumaleswar Reddy
- Re: [Dots] AD Review of draft-ietf-dots-architect… mohamed.boucadair
- Re: [Dots] AD Review of draft-ietf-dots-architect… Konda, Tirumaleswar Reddy