Re: [Dots] Erik Kline's No Objection on draft-ietf-dots-signal-filter-control-06: (with COMMENT)
mohamed.boucadair@orange.com Wed, 24 June 2020 05:59 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCEAD3A0B93; Tue, 23 Jun 2020 22:59:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfUjAjFdF7jk; Tue, 23 Jun 2020 22:59:40 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 595CE3A0B91; Tue, 23 Jun 2020 22:59:40 -0700 (PDT)
Received: from opfednr02.francetelecom.fr (unknown [xx.xx.xx.66]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id 49sCCZ6QL4z5vZ0; Wed, 24 Jun 2020 07:59:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1592978378; bh=svgoZtvkKXYaBuYRX+lNI91H6OCwGWSc0FlDtz3fq5g=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=lonVCCWH85trL9WoB++1mI5xv+2pSC/7buB7OcCsU9LlOvrTINhlhqDRBpJvplmjY 1Cl6blic8YjhwUA2xdq1laVALuEi4VpiNEF8G7My589Sdrn8aKMdgEOruCA/MK+/i/ hwW34xpyxnkDpI4AXFRmldkRSmbHiwZJYrlCfL+d1AsL7lUnF8+Z39tRRd1S/pctQB N1kPEug16hfA0SReURzqLw5DqcrAJL1IAJew7sxHdMWoHGIAM2ElC8sPhBpcPuJ9hA UlnnIFGdS9Z3tfdlm7PrzLJvEyl3rgW4690oBiz1yGJquwCR9eb8kxK5ccZBlfXnDX piUfBe4dup3/A==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.89]) by opfednr02.francetelecom.fr (ESMTP service) with ESMTP id 49sCCZ4tCTz8sY5; Wed, 24 Jun 2020 07:59:38 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Erik Kline <ek.ietf@gmail.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-dots-signal-filter-control@ietf.org" <draft-ietf-dots-signal-filter-control@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "dots@ietf.org" <dots@ietf.org>, Valery Smyslov <valery@smyslov.net>, Liang Xia <frank.xialiang@huawei.com>
Thread-Topic: Erik Kline's No Objection on draft-ietf-dots-signal-filter-control-06: (with COMMENT)
Thread-Index: AQHWSd66CD5XTTDI9EG2iimHNPE8AqjnNUsw
Date: Wed, 24 Jun 2020 05:59:38 +0000
Message-ID: <13273_1592978378_5EF2EBCA_13273_290_1_787AE7BB302AE849A7480A190F8B9330314E6257@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <159297239691.21127.4978875975256793804@ietfa.amsl.com>
In-Reply-To: <159297239691.21127.4978875975256793804@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/N6kOgkd9JoWzbpGv-mcQtnAZP-A>
Subject: Re: [Dots] Erik Kline's No Objection on draft-ietf-dots-signal-filter-control-06: (with COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2020 05:59:43 -0000
Hi Erik, Thanks for the comments. Please see inline. Cheers, Med > -----Message d'origine----- > De : Erik Kline via Datatracker [mailto:noreply@ietf.org] > Envoyé : mercredi 24 juin 2020 06:20 > À : The IESG > Cc : draft-ietf-dots-signal-filter-control@ietf.org; dots-chairs@ietf.org; > dots@ietf.org; Valery Smyslov; Liang Xia; frank.xialiang@huawei.com > Objet : Erik Kline's No Objection on draft-ietf-dots-signal-filter-control- > 06: (with COMMENT) > > Erik Kline has entered the following ballot position for > draft-ietf-dots-signal-filter-control-06: No Objection > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > [[ questions ]] > > [ section 3.2.1 ] > > * "If not, the polling mechanism ... has to be followed". Should this use > some > actual 2119 language? [Med] We have already discussed in the wg "s/has to/MUST". The reason why we are not using the normative language here is that it is fine for a dots client to use any alternative method (including future ones) to get the status as a backup if the recommended behavior is not followed. > > * Is the specified client behaviour in the event of a 5.03 really MUST? > That > would definitely seem like recommended behaviour to me, but does it > perhaps > risk being over-specified to say retries without parameters MUST be > attempted? I.e., should it be a SHOULD? [Med] Please note that "MUST" applies for "initial mitigation or a mitigation with adjusted scope". If the DOTS client receives a 5.03 (Service Unavailable) with a ^^ diagnostic payload indicating a failed ACL update as a response to an initial mitigation or a mitigation with adjusted scope, the DOTS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ client MUST immediately send a new request which repeats all the parameters as sent in the failed mitigation request but without including the ACL attributes. This behavior is meant to place the mitigation request without ACLs so that attack mitigation starts immediately. > > > [[ nits ]] > > [ section 6 ] > > * "entitled to access only to resources" -> > "entitled to access only the resources" > [Med] Fixed. Thanks. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [Dots] Erik Kline's No Objection on draft-ietf-do… Erik Kline via Datatracker
- Re: [Dots] Erik Kline's No Objection on draft-iet… mohamed.boucadair