IETF Logo Mail Archive

Re: [Dots] Mirja Kühlewind's Discuss on draft-ietf-dots-requirements-18: (with DISCUSS and COMMENT)

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 21 February 2019 13:04 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 978A9129284; Thu, 21 Feb 2019 05:04:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.801
X-Spam-Level:
X-Spam-Status: No, score=-2.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sib5WBJk_wLA; Thu, 21 Feb 2019 05:04:20 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E0BC130FA5; Thu, 21 Feb 2019 05:04:18 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1550754123; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-exchange-diagnostics:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=2DRUn4UGtYcJkNs0FZ0JtfwiacK/aePiD5IJw5 eesUM=; b=Wy8tp9fOYgRMVpQYXohqxsaoDwFo5wZTbAKlmiSF 0+ayzZf1h7V+lEzxHWm2/0ZffqCxyVAM7cWQHqc+yjLUCnCcni mOfLKb8ySNIlOV98TTRH8da4EZ2QLc91Y4ci9gygj9D7u02xYP ycvlS1EX5ClmsQnTu3cqz90FEcv4dxI=
Received: from DNVEXAPP1N06.corpzone.internalzone.com (unknown [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 5b68_87f0_23bc126b_c4e8_4c5e_a941_d3f6bc1e0bee; Thu, 21 Feb 2019 06:02:03 -0700
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 21 Feb 2019 06:04:00 -0700
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Thu, 21 Feb 2019 06:03:59 -0700
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (10.44.176.243) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 21 Feb 2019 06:03:58 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2517.namprd16.prod.outlook.com (20.177.224.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.18; Thu, 21 Feb 2019 13:03:58 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39%2]) with mapi id 15.20.1622.020; Thu, 21 Feb 2019 13:03:58 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>, "Teague, Nik" <nteague@Verisign.com>
CC: "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "frank.xialiang@huawei.com" <frank.xialiang@huawei.com>, "dots@ietf.org" <dots@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-dots-requirements@ietf.org" <draft-ietf-dots-requirements@ietf.org>
Thread-Topic: Re: [Dots] Mirja Kühlewind's Discuss on draft-ietf-dots-requirements-18: (with DISCUSS and COMMENT)
Thread-Index: AQHUydp28lwXZ6Env0yGO8HD26apx6XqLTUAgAAKZMA=
Date: Thu, 21 Feb 2019 13:03:58 +0000
Message-ID: <BYAPR16MB2790CD35599D350A706FCD62EA7E0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155068522853.31498.10686203344983870104.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA23122@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <66BB8E3D-DEB6-43AC-AAEB-B6EB1A248865@kuehlewind.net> <5CE85A1F-16DC-485C-BA5F-278E0E8CFF3C@Verisign.com> <3089053C-CF9B-491A-ACB0-0BC053C50E88@kuehlewind.net> <787AE7BB302AE849A7480A190F8B93302EA232C1@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA232C1@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [122.171.76.178]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ae11c9a0-a1c4-4a37-e4b8-08d697fd0acc
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2517;
x-ms-traffictypediagnostic: BYAPR16MB2517:
x-microsoft-exchange-diagnostics: 1;BYAPR16MB2517;23:FQ30N7ZtZyA/6UaXpbXXrje2zdSi9H3EUhzElUsx3tAvAhgsN0X1cwWoGiqPxGEv87qaRYcfETwYlC7bu7+L8idQNFGseHPt01nEMjhScyNP6W+ZTK3p9JL7GHi4ReNs3nmeCWK3LeEdL9r0ICmP7w1rAmVQsklXYHdkP/x/wrj5nhkid82nTQRmYTl0rqiNDoFuArXeV3Sp/Evup5N8bkej+VDMcZ2pH4o9bd4DD1POsg+hadac3XFzZ6V3xjWdfXtz7KZ2ybj6LG4PP3gQtLhCTGSC4R0yqKgLHYfEsseYm9iOwccqAJrfWjZz3B2KBoxgVrpP3Pcg0TXtw+YiqpDBQIXsp4Gwr3W374oWgi6yI5B+PCLBGsjaGLZioCXfmp6xAEG2r93MfHfSxeK42cTC8RNRmuEHkpTplg3RZUWiYkfzG0OMb1q9W/yr3OkiFZp2375jMKK+gbC6sVUfd3SaSmW41EBn+gpXEMFGv/Q9Kpd15MVVK0Pt61rH8W5WKCdbKR2UkQ6XpMYZwZ/IH5mToFem80bMJa1qcXX8XXwEz4nVnRaVau+JlMvLzRsWhX9zfw+dateHysf3KLe2h+egazVsOTT92A5X6UBVZrRc9WtRNQRPjK+c5NZDN2pc9P3/x0O/iggJyqO+BhfEjyBPaXj6F6hjwE/55LiOJTmEFpLqeDJcYSwxzhWHvlpRBQ9fSwKmzJIlEfNLuYuHyhRwLEdgZU4KM9TiVV1SdB3cLtEF04W99tfpJkibSAVE6k0/sgldf2Q00qyGGBdfc6QTnYGzIwrh/5vEDIXq345kDV6ZGjMWdoDV1sS5ZlCVRxIzZZmR+SllJ950HPT2Wr5IScTbMFC42Uzww6ME/TB4JE2y0JguHCfZM1PVWqmTkM9/mkYFOcjGCKLtYTBQaPzs4CCQreedWDV1ynQVG3bR1ZBz8dJcw9PG3LKZJe9qDEecXOyGts+ugfIFPyYjBfgebCEChLzmeRGXtzJgwNf8J8gLh1kApnWpBnmrOirfCBfhjxjVofLafKluKaWRZhUhaPjDkwMwBZL6xDzUmGIjjZj0EL6h1WUNf4IDTyBBwiWUwTR8/CMz5vYfLrYYs8PtvQxRUiFgvSpegnnjK/FeoihWcpFvMGaeJSqrq8X9w1jMH3AXDfBRMtDi9C9uSYOFo5u2+oewQaJXtewu579iRFPg5rd8Dc8cfu/VSqUFgcEEry8i0GNXThIyk9OjKojtrTP2CxGQLWO7AL6nrBtHCM40tH07j3yZWCmgpme8en+JwTVbPN3R9IC5lI7RmOFPFC/MW/SsKDBP6DzhAnG16UxFNH2IDSRLqK9SUHf74fQufC+3enXjuV5bP/my75m5CdL2DoJ+VUqsiIrXmz3qMJtB9cN9H6oIJZOBdh9OhU6gj5PSV38tGWzxNk3/xBzNp2X8WW/5aiKMmjwR1Sbek5NMiRNS11WMU6YbVGD9
x-microsoft-antispam-prvs: <BYAPR16MB2517D9A20FFED24A04AF171CEA7E0@BYAPR16MB2517.namprd16.prod.outlook.com>
x-forefront-prvs: 09555FB1AD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(396003)(39860400002)(136003)(366004)(55784004)(199004)(13464003)(32952001)(189003)(7736002)(7696005)(2906002)(81156014)(76176011)(93886005)(53936002)(66574012)(68736007)(78486014)(4326008)(9686003)(224303003)(25786009)(80792005)(5660300002)(81166006)(305945005)(71200400001)(229853002)(71190400001)(8936002)(97736004)(86362001)(74316002)(6436002)(6506007)(186003)(72206003)(26005)(66066001)(6116002)(55016002)(53546011)(106356001)(105586002)(110136005)(486006)(33656002)(11346002)(14454004)(476003)(478600001)(446003)(6246003)(102836004)(99286004)(54906003)(256004)(14444005)(5024004)(316002)(2501003)(3846002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2517; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: JNLWNXZbv0kQsYuqxucE3IspHELOum2os86YaWqbCMvkoR40T/tcUn7wq774/YE4f50qVW3lexe4VS6NmrGMnzJ3B+YLYZUJ2G7zBiKak9WJP6JUMdnWO0i2VcBgzCbvAxHxeBxpnRxoGrM3dJvfMkrS8RthZWxPzY+tg3JRhBnWWLsAZeJ1nflPYp86KJJB0wMBi4Kj3rBbex/DKYPY5HulQCEnzHlYVbSpKQAfqArRLB+L2z8wasqBGJPoVispj8Z4fAi3l/2+IbJKipF1rT6rUEkUfaKJlPH2WHWsY/7RSVjsIdbKVXY9He/Z0MTmbxdh8Of5I+DxfGAIa+tNryZd6OF7Fy2TgoK1+JBoBOtdfwZHqfm77jT3i0kVSYxz+UDpwO4TgvVHuBBqS5nm2Zwp7gXbjY+yc0bBdUz2AdM=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ae11c9a0-a1c4-4a37-e4b8-08d697fd0acc
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2019 13:03:58.1712 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2517
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.4
X-NAI-Spam-Version: 2.3.0.9418 : core <6488> : inlines <7019> : streams <1813680> : uri <2799928>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/U14cC5pLDXST_KzGH1XewR_Lr90>
Subject: Re: [Dots] Mirja Kühlewind's Discuss on draft-ietf-dots-requirements-18: (with DISCUSS and COMMENT)
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 13:04:27 -0000

> -----Original Message-----
> From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
> Sent: Thursday, February 21, 2019 5:55 PM
> To: Mirja Kuehlewind (IETF) <ietf@kuehlewind.net>; Teague, Nik
> <nteague@Verisign.com>
> Cc: dots-chairs@ietf.org; frank.xialiang@huawei.com; dots@ietf.org; The IESG
> <iesg@ietf.org>; draft-ietf-dots-requirements@ietf.org
> Subject: RE: Re: [Dots] Mirja Kühlewind's Discuss on draft-ietf-dots-
> requirements-18: (with DISCUSS and COMMENT)
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is safe.
> 
> Re-,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Mirja Kuehlewind (IETF) [mailto:ietf@kuehlewind.net] Envoyé :
> > jeudi 21 février 2019 12:42 À : Teague, Nik Cc : BOUCADAIR Mohamed
> > TGI/OLN; dots-chairs@ietf.org; frank.xialiang@huawei.com;
> > dots@ietf.org; The IESG; draft-ietf-dots- requirements@ietf.org Objet
> > : Re: Re: [Dots] Mirja Kühlewind's Discuss on draft-ietf-dots-
> > requirements-18: (with DISCUSS and COMMENT)
> >
> > Hi,
> >
> > please see below.
> >
> > > Am 21.02.2019 um 12:18 schrieb Teague, Nik <nteague@Verisign.com>:
> > >
> > > Hi,
> > >
> > >
> > > On 21 Feb 2019, at 10:58, Mirja Kuehlewind (IETF)
> > > <ietf@kuehlewind.net>
> > wrote:
> > >
> > >>>> 3) In SIG-006 you say:
> > >>>> "      Due to the higher likelihood of packet loss during a DDoS attack,
> > >>>>    DOTS servers MUST regularly send mitigation status to authorized
> > >>>>    DOTS clients which have requested and been granted mitigation,
> > >>>>    regardless of client requests for mitigation status."
> > >>>>
> > >>>> Please note that this is only true if a not-reliable transport is used.
> > If a
> > >>>> reliable transport is used, data is received at the application
> > >>>> level
> > without
> > >>>> loss (but maybe some delay) or the connection is terminated (if
> > >>>> loss is
> > too
> > >>>> high to retransmit successfully).
> > >>>>
> > >>>
> > >>> [Med] The requirement as worded is OK.
> > >>
> > >> I disagree, because as I said if a reliable transport is used this
> > >> is not
> > true. Maybe you can adapt this sentence slightly to clarify that you
> > probably had a scenario in mind where an unreliable transport is used
> > >
> > > The key part here is ‘packet’ vs ‘data’ - packets will be lost on
> > > congested
> > links regardless of data integrity.  This may degrade connection re-
> > establishment with tcp and cause data loss in an unreliable transport.
> >
> > Yes, packet loss also occurs also with reliable transports and might
> > lead to connection failure. However, I don’t this how this requirement
> > is derived from that effect. If I use a reliable transport and my
> > connection does not fail, I can be sure that the mitigation status
> > information have been received correctly, so why do I need to re-send
> frequently then?
> 
> [Med] The text you quoted is not about "frequent retransmission" but about
> sending updates related to the status of a mitigation in progress. The server has
> to send regular notifications to update the client about the status of a
> mitigation.

I have modified the text as follows to address the comment:

DOTS server MUST regularly send mitigation status updates to authorized DOTS clients which have requested and been granted mitigation. If unreliable transport is used for the signal channel protocol, due to the higher likelihood of packet loss during a DDoS attack, DOTS server MUST regularly retransmit mitigation status.

-Tiru

> 
> >
> > Mirja
> >
> >
> >

v2.23.0 | Report a Bug | By Email