Re: [Dots] WGLC for draft-dots-use-cases-19

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 06 August 2019 09:19 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A20B812014F for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 02:19:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REot3T7pnUw8 for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 02:19:37 -0700 (PDT)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [63.128.21.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0EE012006F for <dots@ietf.org>; Tue, 6 Aug 2019 02:19:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1565083175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=3Eqqgcs8MhdgKwAtkq76NgOPxH4rHCgJ3Npv4ObCvHw=; b=Jspl5R0gWonYOKYUPwPXbUB6QIECeK8n4xXYG7kkq4SVZt2FuGHH3y+L4uKWXl69k9dAiq yVUisxaffVb56jUsEglWBY77hUdEFrAidS5NMxO554GAjEm67i04r6Z1TZyhNp8vR+EeLc lb1hMjPTp/TgC1j9mSSNYzMoXdkvOGk=
Received: from MIVWSMAILOUT1.mcafee.com (mivwsmailout1.mcafee.com [161.69.47.167]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-244-X2hu8pMQPlGBx3mh_NwFKA-1; Tue, 06 Aug 2019 05:19:34 -0400
Received: from DNVEXAPP1N05.corpzone.internalzone.com (DNVEXAPP1N05.corpzone.internalzone.com [10.44.48.89]) by MIVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 6985_5c04_b4487551_9534_422c_ba77_2e72416601ff; Tue, 06 Aug 2019 05:20:14 -0400
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 6 Aug 2019 03:19:04 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Tue, 6 Aug 2019 03:19:03 -0600
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 6 Aug 2019 03:19:01 -0600
Received: from DM5PR16MB1705.namprd16.prod.outlook.com (10.172.44.147) by DM5PR16MB2405.namprd16.prod.outlook.com (52.132.143.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.16; Tue, 6 Aug 2019 09:19:02 +0000
Received: from DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::532:f001:84e1:55ba]) by DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::532:f001:84e1:55ba%10]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 09:19:02 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: =?utf-8?B?VMO2bWEgR2F2cmljaGVua292?= <ximaera@gmail.com>
CC: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>, Valery Smyslov <valery@smyslov.net>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] WGLC for draft-dots-use-cases-19
Thread-Index: AdVMHvzhmt/V33ByRr+d368GCi1ExgABDh/gAAA/2oAAAmsFAAAAdSuAAAHqLNA=
Date: Tue, 6 Aug 2019 09:19:02 +0000
Message-ID: <DM5PR16MB17053A16312AF511B57F2F75EAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <CALZ3u+Y46p9NBUZAb36S21z3ZD6fkM73ufRa7iQWJ7r5QL99Pw@mail.gmail.com>
In-Reply-To: <CALZ3u+Y46p9NBUZAb36S21z3ZD6fkM73ufRa7iQWJ7r5QL99Pw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.3.0.17
dlp-reaction: no-action
x-originating-ip: [49.37.202.60]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ed8830ae-f378-4163-0678-08d71a4f1f25
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR16MB2405;
x-ms-traffictypediagnostic: DM5PR16MB2405:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <DM5PR16MB24057952FAA612D42819D9B2EAD50@DM5PR16MB2405.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4941;
x-forefront-prvs: 0121F24F22
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(366004)(396003)(376002)(346002)(199004)(189003)(32952001)(236005)(7736002)(446003)(11346002)(66574012)(66556008)(66446008)(66066001)(26005)(478600001)(52536014)(14454004)(9686003)(6306002)(55016002)(54896002)(64756008)(66946007)(76116006)(66476007)(6916009)(5660300002)(4326008)(80792005)(25786009)(33656002)(6246003)(68736007)(81166006)(76176011)(86362001)(81156014)(8676002)(99286004)(3846002)(6116002)(229853002)(2906002)(54906003)(6436002)(53936002)(5024004)(8936002)(316002)(14444005)(71190400001)(71200400001)(74316002)(7696005)(486006)(790700001)(256004)(1411001)(53546011)(6506007)(186003)(476003)(102836004)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB2405; H:DM5PR16MB1705.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 3G4mg6vvLzMS9q/MksrnPi7YSBnYQ5jIkdEO59Rjr9AXnJr1133O1vYXAG8jz7QXoGqGjWS+fReJ1wYj4MoPkoUWx2S65DTdFclvSoswsZ8pVp/YovdfZn6tjPsSpV0IZ7tgMEiKtKCZsRGFhipJLZerniely7fOPzJ3REJPhURziZVMUEOtcD3nUFp5Cyjd73jeDUXfYdQKq1m8jDmwG8ck6S5Vov8OLUsp1q5UCUR/Me2X3PJKT4M8iFAhdYiNmQPkLf0e6cn2Bk1N7Hj4MKXwctgguNcUtrlcaCdT8DA36UjFxM67wpKsPUM/6qaO7feOKWKNHUU4S/sZM0isdAl17H/6CZFeqBZeGtW4YrEw77VbyGnjcqPEaHJiwkKJghYRGME7VhCpcmOjFyK109FoqvEAU1wmV432LfYh9sA=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ed8830ae-f378-4163-0678-08d71a4f1f25
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 09:19:02.1584 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TirumaleswarReddy_Konda@McAfee.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB2405
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6605> : inlines <7131> : streams <1829512> : uri <2879065>
X-MC-Unique: X2hu8pMQPlGBx3mh_NwFKA-1
X-Mimecast-Spam-Score: 0
Content-Type: multipart/alternative; boundary="_000_DM5PR16MB17053A16312AF511B57F2F75EAD50DM5PR16MB1705namp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/SEyChPFT7IPY7B5LWK5dZ-EqTkg>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 09:19:41 -0000

From: Dots <dots-bounces@ietf.org>; On Behalf Of Töma Gavrichenkov
Sent: Tuesday, August 6, 2019 1:50 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>;
Cc: Xialiang (Frank, Network Standard & Patent Dept) <frank.xialiang@huawei.com>;; Valery Smyslov <valery@smyslov.net>;; mohamed.boucadair@orange.com; dots@ietf.org
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

________________________________
On Tue, Aug 6, 2019, 11:15 AM Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@mcafee.com<mailto:TirumaleswarReddy_Konda@mcafee.com>> wrote:
The adverse impact is legitimate users whose IP addresses were spoofed
cannot access the services of the target server.

This must never never happen in production systems.  You do not block an IP address if you haven't verified that it's not spoofed.  DOTS has nothing to do with this.

[TR] My point is DOTS can be used to convey the spoofed IP addresses, and the attack information can either be used to delegate the mitigation to a separate domain or filter traffic (e.g. using ACLs). For the latter case, the new paragraph should clarify the attack information of spoofed IP addresses will not be used by the orchestrator to filter traffic.

-Tiru

--
Töma