IETF Logo Mail Archive

Re: [Dots] clarification questions from the hackathon

<mohamed.boucadair@orange.com> Mon, 01 April 2019 11:13 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C81031200E3 for <dots@ietfa.amsl.com>; Mon, 1 Apr 2019 04:13:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPFXdsBPD02n for <dots@ietfa.amsl.com>; Mon, 1 Apr 2019 04:13:10 -0700 (PDT)
Received: from orange.com (mta240.mail.business.static.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AD3712002F for <dots@ietf.org>; Mon, 1 Apr 2019 04:13:10 -0700 (PDT)
Received: from opfedar00.francetelecom.fr (unknown [xx.xx.xx.11]) by opfedar20.francetelecom.fr (ESMTP service) with ESMTP id 44XqT06Bcdz8t04; Mon, 1 Apr 2019 13:13:08 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.70]) by opfedar00.francetelecom.fr (ESMTP service) with ESMTP id 44XqT057pMzCqkc; Mon, 1 Apr 2019 13:13:08 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM33.corporate.adroot.infra.ftgroup ([fe80::c911:d24e:cc19:afa7%21]) with mapi id 14.03.0439.000; Mon, 1 Apr 2019 13:13:08 +0200
From: mohamed.boucadair@orange.com
To: Jon Shallow <supjps-ietf@jpshallow.com>, kaname nishizuka <kaname@nttv6.jp>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] clarification questions from the hackathon
Thread-Index: AdTliGx+CfVXhciSq0+ZqKxGOtsoYgAE0UngALTyooA=
Date: Mon, 01 Apr 2019 11:13:07 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA50720@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <108a01d4e588$72f886b0$58e99410$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93302EA4F27E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA4F27E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/WiL-7BLQpcAoT5JGyu2V-W3l8Ow>
Subject: Re: [Dots] clarification questions from the hackathon
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2019 11:13:13 -0000

Jon, Kaname, all, 

FWIW, a proposal to integrate the interop comments is available at: 
https://github.com/boucadair/filter-control/blob/master/wdiff%20draft-nishizuka-dots-signal-control-filtering-05.txt%20draft-nishizuka-dots-signal-control-filtering-06.pdf 

Cheers,
Med

> > >
> > > > -----Message d'origine-----
> > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de kaname nishizuka
> > > > Envoyé : jeudi 28 mars 2019 11:38
> > > > À : dots@ietf.org
> > > > Objet : [Dots] clarification questions from the hackathon
> > > >
> > > > Hi,
> > > >
> > > > I'd like to continue discussion of these topics in the ML.
> > > >
> > > > #1: Questions about signal-control-filtering
> > > >   1. Should a mitigation request create a mitigation before doing a PUT
> +
> > > > acl-list [{acl-name, activation-type}] against the active mitigation,
> or
> > is a
> > > > ‘PUT + acl-list [{acl-name, activation-type}]’ allowed to create a new
> > > > mitigation?
> > >
> > > [Med] Both are currently allowed in the draft. I don't still a valid
> reason
> > to
> > > restrict this.
> >
> > [Jon] As per draft
> >    A DOTS client MUST NOT use the filtering control over DOTS signal
> >    channel if no attack (mitigation) is active;
> >
> 
> [Med] What is meant actually is:
> 
>    A DOTS client MUST NOT use the filtering control over DOTS signal
>    channel in 'idle' time;
> 
> Will update the text.
> 
> > [Jon] then needs to be reworded as there is no active mitigation until the
> > PUT is done...
> > I believe that both cases should be supported.
> > >
> > > >   2. Should the response to a GET (or Observed GET) include the acl-
> list
> > > > [{acl-name, activation-type}] if the PUT included it?
> > >
> > > [Med] The current spec says "no". That's said, what would be the value in
> > > returning it? Then, why not allowing to return the references to all ACLs
> > that
> > > are enabled during the mitigation time?
> > >
> > [Jon] When observing the mitigation request, if the activation-type is
> > changed externally, the client will then know about the change. Assuming
> the
> > response got back to the client, this is effectively an ACK to the fact
> that
> > the ACL change got through.
> 
> [Med] The observe case makes sense, indeed.
> 
> >
> > Interesting concept about knowing about all the relevant ACLs as returned
> > over the signal channel.  More work for the server to do in determining
> which
> > ACLs are valid for, say, a specific IP address that is being mitigated.
> Not
> > entirely convinced of the benefit of this as this generally is available
> over
> > the data channel.
> >
> 
> [Med] I'm not convinced, either.
>

v2.23.0 | Report a Bug | By Email