[Dots] Roman Danyliw's No Objection on draft-ietf-dots-telemetry-22: (with COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Thu, 03 February 2022 15:06 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dots@ietf.org
Delivered-To: dots@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 092023A061B; Thu, 3 Feb 2022 07:06:40 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dots-telemetry@ietf.org, dots-chairs@ietf.org, dots@ietf.org, valery@smyslov.net, valery@smyslov.net
X-Test-IDTracker: no
X-IETF-IDTracker: 7.44.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <164390079929.32214.214410101429877553@ietfa.amsl.com>
Date: Thu, 03 Feb 2022 07:06:40 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/NrEvcCpinoOWzM0QiV2OzFa-1D0>
Subject: [Dots] Roman Danyliw's No Objection on draft-ietf-dots-telemetry-22: (with COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Feb 2022 15:06:40 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-dots-telemetry-22: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dots-telemetry/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Authors: thank you for the clarifying language in Section 4.4 explaining how the design of mapping YANG into CBOR Thank you for addressing my DISCUSS and select COMMENTs ** Section 8.1.6. An attack type appears to be characterized by a vendor-id, vendor-name, last-updated, attack-id and attack-description. Would an additional field of attack-id-revision (or attack-id-version) be beneficial too? I’m imagining a workflow where a vendor’s definition of an attack (and the associated detection rule/logic) changes overtime and it might be useful to version that – akin to the snort/suricata’s “rev:” field. A vendor could of course assign a new attack-id but this might impact down-stream analysis.
- [Dots] Roman Danyliw's No Objection on draft-ietf… Roman Danyliw via Datatracker