Re: [Dots] Secdir last call review of draft-ietf-dots-signal-channel-30
<mohamed.boucadair@orange.com> Fri, 15 March 2019 10:45 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59301127887; Fri, 15 Mar 2019 03:45:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gihtNhkiCtWD; Fri, 15 Mar 2019 03:45:16 -0700 (PDT)
Received: from orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45A7312423B; Fri, 15 Mar 2019 03:45:16 -0700 (PDT)
Received: from opfednr00.francetelecom.fr (unknown [xx.xx.xx.64]) by opfednr22.francetelecom.fr (ESMTP service) with ESMTP id 44LMfd6VSJzym8; Fri, 15 Mar 2019 11:45:13 +0100 (CET)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.45]) by opfednr00.francetelecom.fr (ESMTP service) with ESMTP id 44LMfd5jwkzDq7T; Fri, 15 Mar 2019 11:45:13 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM42.corporate.adroot.infra.ftgroup ([fe80::1c8e:403e:fbea:5835%21]) with mapi id 14.03.0439.000; Fri, 15 Mar 2019 11:45:13 +0100
From: mohamed.boucadair@orange.com
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-dots-signal-channel.all@ietf.org" <draft-ietf-dots-signal-channel.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-dots-signal-channel-30
Thread-Index: AQHU2xicRsTGH2X350i3IMDpwuRCCqYMe/AA
Date: Fri, 15 Mar 2019 10:45:12 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA3E6E1@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <155257761487.2625.10003476313108979036@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA3DFC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <72f7b85c-74fb-0f79-8211-50043c2b4b47@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B93302EA3E475@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <f15534d0-4c4e-171e-a092-5947eada76ca@cs.tcd.ie>
In-Reply-To: <f15534d0-4c4e-171e-a092-5947eada76ca@cs.tcd.ie>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/OcSkDxbmWOUndjCHZEACih7PyZk>
Subject: Re: [Dots] Secdir last call review of draft-ietf-dots-signal-channel-30
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2019 10:45:18 -0000
Re-, Please see inline. Cheers, Med > -----Message d'origine----- > De : Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > Envoyé : vendredi 15 mars 2019 11:20 > À : BOUCADAIR Mohamed TGI/OLN; secdir@ietf.org > Cc : draft-ietf-dots-signal-channel.all@ietf.org; ietf@ietf.org; > dots@ietf.org > Objet : Re: Secdir last call review of draft-ietf-dots-signal-channel-30 > > > Hiya, > > On 15/03/2019 06:47, mohamed.boucadair@orange.com wrote: > >> ISTM that all clients can get information > >> about how an attack is being seen at other clients, isn't that > >> right? > > [Med] No. A client can only get information that is bound to it. > Where does the spec say that? I don't recall the term "bound" > used that way but may have missed it. > [Med] The specification says: If a DOTS client is entitled to solicit the DOTS service, the DOTS server enables mitigation on behalf of the DOTS client by communicating the DOTS client's request to a mitigator (which may be colocated with the DOTS server) and relaying the feedback of the thus-selected mitigator to the requesting DOTS client. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ And 'cuid' is a mandatory Uri-Path parameter for GET requests. > And it still seems a bit hard to enforce. If two clients (one > ok, one zombied) ask the same server/network how many packets > targetted at 10.0.0/24 were dropped won't they get the same > answer? (Assuming both clients are within that /24.) [Med] Attack status information is bound to a DOTS client as shown in the YANG tree module: +--:(mitigation-scope) | +--rw scope* [cuid mid] | +--rw cdid? string | +--rw cuid string | +--rw mid uint32 ... | +--ro status? iana-signal:status ... | +--ro bytes-dropped? yang:zero-based-counter64 | +--ro bps-dropped? yang:zero-based-counter64 | +--ro pkts-dropped? yang:zero-based-counter64 | +--ro pps-dropped? yang:zero-based-counter64 | +--rw attack-status? iana-signal:attack-status * If client 1 asked for mitigation for 10.0.0/24, then only that client can access to attack status information. * If another client 2 asks for mitigation for the same prefix, the server applies a conflict handling procedure and decides which request to maintain as active. Only one mitigation for a given scope can be maintained. Only that selected client can access to the attack status information.
- [Dots] Secdir last call review of draft-ietf-dots… Stephen Farrell via Datatracker
- Re: [Dots] Secdir last call review of draft-ietf-… mohamed.boucadair
- Re: [Dots] Secdir last call review of draft-ietf-… Stephen Farrell
- Re: [Dots] Secdir last call review of draft-ietf-… Konda, Tirumaleswar Reddy
- Re: [Dots] Secdir last call review of draft-ietf-… mohamed.boucadair
- Re: [Dots] Secdir last call review of draft-ietf-… mohamed.boucadair
- Re: [Dots] Secdir last call review of draft-ietf-… Konda, Tirumaleswar Reddy
- Re: [Dots] Secdir last call review of draft-ietf-… Stephen Farrell
- Re: [Dots] Secdir last call review of draft-ietf-… mohamed.boucadair
- Re: [Dots] Secdir last call review of draft-ietf-… Konda, Tirumaleswar Reddy
- Re: [Dots] Secdir last call review of draft-ietf-… mohamed.boucadair
- Re: [Dots] Secdir last call review of draft-ietf-… Michael Richardson
- Re: [Dots] Secdir last call review of draft-ietf-… Konda, Tirumaleswar Reddy
- Re: [Dots] Secdir last call review of draft-ietf-… mohamed.boucadair