IETF Logo Mail Archive

Re: [Dots] WGLC on draft-ietf-dots-architecture-08

"Panwei (William)" <william.panwei@huawei.com> Wed, 28 November 2018 01:50 UTC

Return-Path: <william.panwei@huawei.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3463130E86 for <dots@ietfa.amsl.com>; Tue, 27 Nov 2018 17:50:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6aM2plTJELm4 for <dots@ietfa.amsl.com>; Tue, 27 Nov 2018 17:50:44 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74729130E84 for <dots@ietf.org>; Tue, 27 Nov 2018 17:50:44 -0800 (PST)
Received: from lhreml708-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 90F99248AF55E for <dots@ietf.org>; Wed, 28 Nov 2018 01:50:41 +0000 (GMT)
Received: from NKGEML413-HUB.china.huawei.com (10.98.56.74) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 28 Nov 2018 01:50:42 +0000
Received: from NKGEML513-MBS.china.huawei.com ([169.254.2.69]) by NKGEML413-HUB.china.huawei.com ([10.98.56.74]) with mapi id 14.03.0415.000; Wed, 28 Nov 2018 09:50:28 +0800
From: "Panwei (William)" <william.panwei@huawei.com>
To: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: WGLC on draft-ietf-dots-architecture-08
Thread-Index: AdSGu1uXNlv5hE2HSDKM5a5yFZi0Yw==
Date: Wed, 28 Nov 2018 01:50:27 +0000
Message-ID: <30E95A901DB42F44BA42D69DB20DFA6A608E340F@nkgeml513-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.111.41]
Content-Type: multipart/alternative; boundary="_000_30E95A901DB42F44BA42D69DB20DFA6A608E340Fnkgeml513mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Vo4_zTrUytlLPdX7I7o49bjdFIo>
Subject: Re: [Dots] WGLC on draft-ietf-dots-architecture-08
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2018 01:50:48 -0000

Hi,

While "drop-list" and "accept-list" are used in other drafts, I find that "black-list" and "white-list" are still used in the architecture draft. Should the "black-list" and "white-list" be changed to "drop-list" and "accept-list"?

In Section 2:
o Black-list management, which enables a DOTS client to inform the
DOTS server about sources to suppress.

o White-list management, which enables a DOTS client to inform the
DOTS server about sources from which traffic is always accepted.

In Section 3.1.2:
Once the DOTS client begins receiving DOTS server signals, the DOTS
session is active. At any time during the DOTS session, the DOTS
client may use the data channel to manage aliases, manage black- and
white-listed prefixes or addresses, leverage vendor-specific
extensions, and so on. Note that unlike the signal channel, there is
no requirement that the data channel remains operational in attack
conditions (See Data Channel Requirements,
[I-D.ietf-dots-requirements]).

In Section 4 :
Any attacker with the ability to impersonate a legitimate DOTS client
or server or, indeed, inject false messages into the stream may
potentially trigger/withdraw traffic redirection, trigger/cancel
mitigation activities or subvert black/whitelists.

Best Regards
Wei Pan


> -----邮件原件-----

> 发件人: Dots [mailto:dots-bounces@ietf.org] 代表 Roman Danyliw

> 发送时间: 2018年11月28日 6:15

> 收件人: dots@ietf.org

> 主题: [Dots] WGLC on draft-ietf-dots-architecture-08

>

> Hello!

>

> Consistent with our discussion at the Bangkok meeting, we are starting a

> working group last call (WGLC) for the DOTS architecture draft:

>

> DOTS Architecture

> draft-ietf-dots-architecture-08

> https://tools.ietf.org/html/draft-ietf-dots-architecture-08

>

> Please send comments to the DOTS mailing list -- feedback on remaining issues

> or needed changes; as well as endorsements that this draft is ready.

>

> This WGLC will end on December 12, 2018.

>

> Thanks,

> Roman and Frank

>

> _______________________________________________

> Dots mailing list

> Dots@ietf.org<mailto:Dots@ietf.org>

> https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email