Return-Path: X-Original-To: dots@ietfa.amsl.com Delivered-To: dots@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E69D1201DA for ; Wed, 8 May 2019 20:28:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.59 X-Spam-Level: X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QBJfiZD0HP5K for ; Wed, 8 May 2019 20:28:02 -0700 (PDT) Received: from cmccmta3.chinamobile.com (cmccmta3.chinamobile.com [221.176.66.81]) by ietfa.amsl.com (Postfix) with ESMTP id F0D9212022A for ; Wed, 8 May 2019 20:28:00 -0700 (PDT) Received: from spf.mail.chinamobile.com (unknown[172.16.121.17]) by rmmx-syy-dmz-app10-12010 (RichMail) with SMTP id 2eea5cd39e3ebc3-30763; Thu, 09 May 2019 11:27:58 +0800 (CST) X-RM-TRANSID: 2eea5cd39e3ebc3-30763 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from cmcc-PC (unknown[10.2.51.72]) by rmsmtp-syy-appsvr09-12009 (RichMail) with SMTP id 2ee95cd39e3dd19-38a53; Thu, 09 May 2019 11:27:58 +0800 (CST) X-RM-TRANSID: 2ee95cd39e3dd19-38a53 Date: Thu, 9 May 2019 11:28:00 +0800 From: "MeiLing Chen" To: =?UTF-8?B?VMO2bWEgR2F2cmljaGVua292?= Cc: dots References: <2afa5c9df0626fd-00007.Richmail.00004070460264152429@chinamobile.com>, , <2019050616564984104217@chinamobile.com>, , <2019050618104036747536@chinamobile.com>, X-Priority: 3 X-Has-Attach: no X-Mailer: Foxmail 7.2.9.115[cn] Mime-Version: 1.0 Message-ID: <2019050911280002771811@chinamobile.com> Content-Type: multipart/alternative; boundary="----=_001_NextPart624311866641_=----" Archived-At: Subject: Re: [Dots] Target-Attack-type expansion: more discussion X-BeenThere: dots@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 May 2019 03:28:05 -0000 This is a multi-part message in MIME format. ------=_001_NextPart624311866641_=---- Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 SGksIFTDtm1hDQpwbGVhc2Ugc2VlIGlubGluZTsNCg0KPk9uIE1vbiwgTWF5IDYsIDIwMTkgYXQg MToxMCBQTSBNZWlMaW5nIENoZW4gPGNoZW5tZWlsaW5nQGNoaW5hbW9iaWxlLmNvbT4gd3JvdGU6 DQo+PiBBY3R1YWxseSwgSXQgaXMgbW9yZSBpbmNsaW5lZCB0byB1c2UgVENQL0lQIGZvdXItbGF5 ZXIgcHJvdG9jb2wuDQogDQo+V2hpY2ggbGF5ZXIgaXMgUVVJQyB0aGVuPw0KIA0KPlRoZSBJbnRl cm5ldCBwcm90b2NvbCBzdWl0ZSBpcyBub3QgcmVhbGx5IGxheWVyZWQuICBPU0kgbW9kZWwgaXMs IGJ1dA0KPnRoZSBJRVRGIGFzIGEgd2hvbGUgdGVuZHMgdG8gc2xpcCBhd2F5IGZyb20gdGhlIGxh eWVyZWQgbW9kZWwuICBUbw0KPnF1b3RlIENocmlzdGlhbiBIdWl0ZW1hOg0KIA0KPiJUaGVyZSBp cyBhbHNvIGJlYXV0eSBpbiAqbm90KiBoYXZpbmcgYSBsYXllcmVkIGFyY2hpdGVjdHVyZSBbLi5d LiBJdA0KPmlzIGdyZWF0IHRvIHNlZSB0cmFuc3BvcnQgZnVuY3Rpb25zIGxpa2UgYWNrbm93bGVk Z2VtZW50IG9yIGZsb3cNCj5jb250cm9sIGZ1bGx5IGNvbnRhaW5lZCBpbiB0aGUgUXVpYyB0cmFu c3BvcnQuIFF1aWMgaXMgYWJvdXQgdHJhbnNwb3J0DQo+aW5ub3ZhdGlvbiwgYW5kIHRoYXQgcHJl dHR5IG11Y2ggcmVxdWlyZXMgZGlyZWN0IGFjY2VzcyB0byB0aGUgbmV0d29yaw0KPkFQSS4gSW4g cHJhY3RpY2UsIGxheWVyZWQgaW1wbGVtZW50YXRpb24gaGlkZSB0aGF0IEFQSSwgc28gdGhlDQo+ dHJhbnNwb3J0IGRldmVsb3BlcnMgaGF2ZSB0byBjb25zdGFudGx5IG5lZ290aWF0ZSB3aXRoIHRo ZQ0KPmludGVybWVkaWF0ZSBsYXllciBkZXZlbG9wZXJzLiINCiANCj5JIHdvdWxkIHN0cm9uZ2x5 IG9wcG9zZSBhIGNsYXNzaWZpY2F0aW9uIGJhc2VkIG9uICJleHBsb2l0ZWQgcHJvdG9jb2wNCj5s YXllcnMiLiAgQXMgYXR0cmFjdGl2ZSBhcyBpdCBpcyBhY2FkZW1pY2FsbHksIGl0IG1ha2VzIG9w ZXJhdGlvbmFsDQo+aXNzdWVzIG1vcmUgb3BhcXVlLg0KIA0KW01laUxpbmddV2hhdCB3ZSBwYXkg bW9yZSBhdHRlbnRpb24gdG8gaGVyZSBpcyB0aGUgbWV0aG9kIG9mIGF0dGFjazsicHJvdG9jb2wg bGF5ZXIiIGlzIGEgZmllbGQgdGhhdCB3ZSBkZXNpZ24gZm9yIGNsYXNzaWZpY2F0aW9uIGFuZCBk ZWZpbml0aW9uOyBCZWNhdXNlIGZvciBkaWZmZXJlbnQgbGF5ZXJzIG9mIHByb3RvY29sLCB0aGUg cmVxdWlyZWQgcGFyc2luZyBwb3dlciBhbmQgdGltZXMgYXJlIG5vdCB0aGUgc2FtZS4NCkZvciBl eGFtcGxlLCB0aGUgRE5TIHByb3RvY29sIGNhbiBiZSByZXNvbHZlZCB0byB0aGUgVURQIGxheWVy IG9yIHRvIHRoZSBhcHBsaWNhdGlvbiAoRE5TKSBsYXllci4gVGhlIHNhbWUgcHJvYmxlbSBhcHBs aWVzIHRvIFRDUCBhbmQgSFRUUDsgSW4gb3JkZXIgdG8gYmV0dGVyIGFuYWx5emUgYXR0YWNrcyBh bmQgZGVmZW5kIGFnYWluc3QgYXR0YWNrcywgd2UgdGhpbmsgaXQgaXMgbW9yZSBleHBsaWNpdCBh bmQgaGVscGZ1bCB3aXRoIHRoZSBpbmRpY2F0aW9uIG9mICB0aGUgbGF5ZXIgYW5kIHR5cGUgb2Yg cHJvdG9jb2wuDQogICAgICAgDQogDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXw0KRG90cyBtYWlsaW5nIGxpc3QNCkRvdHNAaWV0Zi5vcmcNCmh0dHBzOi8v d3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vZG90cw0K ------=_001_NextPart624311866641_=---- Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =0A

Hi, T=C3=B6ma

please see= inline;


<= blockquote style=3D"margin-Top: 0px; margin-Bottom: 0px; margin-Left: 0.5e= m">
>On Mon, May 6, 2019 at 1:10 PM MeiLing Chen <chenmeiling@ch= inamobile.com> wrote:
=0A
>> Actually, It is more inclin= ed to use TCP/IP four-layer protocol.
=0A
 
=0A
>= ;Which layer is QUIC then?
=0A
 
=0A
>The Intern= et protocol suite is not really layered.  OSI model is, but
=0A<= div>>the IETF as a whole tends to slip away from the layered model.&nbs= p; To=0A
>quote Christian Huitema:
=0A
 
= =0A
>"There is also beauty in *not* having a layered architecture [= ..]. It
=0A
>is great to see transport functions like acknowle= dgement or flow
=0A
>control fully contained in the Quic trans= port. Quic is about transport
=0A
>innovation, and that pretty= much requires direct access to the network
=0A
>API. In pract= ice, layered implementation hide that API, so the
=0A
>transpo= rt developers have to constantly negotiate with the
=0A
>inter= mediate layer developers."
=0A
 
=0A
>I would st= rongly oppose a classification based on "exploited protocol
=0A
&= gt;layers".  As attractive as it is academically, it makes operationa= l
=0A
>issues more opaque.
=0A
 
=0A
[M= eiLing]= What we pay more attention to here is the method of attack;"protocol layer" = is a field that we design for classification and definition; <= span data-group=3D"0-2" class=3D"transSent" style=3D"color: rgb(51, 51, 51= ); font-family: Arial, 'Microsoft YaHei', '\\5FAE=E8=BD=AF=E9=9B=85=E9=BB= =91', '\\5B8B=E4=BD=93', 'Malgun Gothic', Meiryo, sans-serif; line-height:= 26px; widows: auto; font-size: 10.5pt; box-sizing: border-box;">Because f= or different layers of protocol, the required parsing power and times are = not the same.
For example, the DNS protocol can be resolved to the= UDP layer or to the application (DNS) layer. The same problem applies = to TCP and HTTP; In order to better analyze attacks and defend against = attacks, we think it is more explicit and helpful with the indication of &= nbsp;the layer and type of protocol.

 &= nbsp;     

=0A
 
=0A
= _______________________________________________
=0A
Dots mailing = list
=0A
Dots@ietf.org
=0A
https://www.ietf.org/mailman/= listinfo/dots
=0A ------=_001_NextPart624311866641_=------