IETF Logo Mail Archive

Re: [Dots] Last Call: <draft-ietf-dots-telemetry-19.txt> (Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry) to Proposed Standard

mohamed.boucadair@orange.com Mon, 17 January 2022 09:35 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A27093A14FA; Mon, 17 Jan 2022 01:35:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07jD42faucV5; Mon, 17 Jan 2022 01:35:23 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 932083A14F9; Mon, 17 Jan 2022 01:35:22 -0800 (PST)
Received: from opfednr05.francetelecom.fr (unknown [xx.xx.xx.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr24.francetelecom.fr (ESMTP service) with ESMTPS id 4JcmwS5cJ4z1xxq; Mon, 17 Jan 2022 10:35:20 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1642412120; bh=J8imZs5+aKZTTL9MqGFUJJs+3rldGVgV9NT3Ll7gle0=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=qvMbGMCB0DdT8JN0omO937oXnCylZXL6veHbRslQAVYzEYbsRAN3NOcuZs029iv8d MakzqzEngAG4ZcreJT/V/gHrIMXfkbPIqGczJFKGbh7DtT6PBSOlD1vzbmUHM793Np qjJciAOVfbFZ7oiudGwVGpIP4cHOo061j+tDpPJI2cmAyPuydJBRk5K+Yb6vSxPwoE oeTsTjU2bAqanPgkOrQFtay4u9PdrEHYolN0CraYDyjn5zrPU007wl2V0koFiGf0w7 KgeiTAwcguMF26qHX3lZwgaJ5Cl9Tvfd8TJ8hT7qMJc/gCFlDGMsIoAfHTHfeVdaID pL22cAWmhG2SA==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfednr05.francetelecom.fr (ESMTP service) with ESMTPS id 4JcmwS45D2zyQS; Mon, 17 Jan 2022 10:35:20 +0100 (CET)
From: mohamed.boucadair@orange.com
To: tom petch <daedulus@btconnect.com>, "last-call@ietf.org" <last-call@ietf.org>
CC: "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "valery@smyslov.net" <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>, "draft-ietf-dots-telemetry@ietf.org" <draft-ietf-dots-telemetry@ietf.org>
Thread-Topic: Last Call: <draft-ietf-dots-telemetry-19.txt> (Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry) to Proposed Standard
Thread-Index: AQHYCULSD7/Svs/tXk+Y7jeLTmHZCKxm6W8w
Content-Class:
Date: Mon, 17 Jan 2022 09:35:20 +0000
Message-ID: <29779_1642412120_61E53858_29779_198_1_787AE7BB302AE849A7480A190F8B933035473D6C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <164182513674.28016.284174261896096787@ietfa.amsl.com> <61E16D53.7050003@btconnect.com>
In-Reply-To: <61E16D53.7050003@btconnect.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-01-17T09:32:33Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=7bba7e4d-2732-448e-a61a-65581ca2c161; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/WquqK2qJwot3P4bPR0B38-FBhE4>
Subject: Re: [Dots] Last Call: <draft-ietf-dots-telemetry-19.txt> (Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry) to Proposed Standard
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jan 2022 09:35:28 -0000

Hi Tom, 

Thank you for the review. Much appreciated. 

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : tom petch <daedulus@btconnect.com>
> Envoyé : vendredi 14 janvier 2022 13:32
> À : last-call@ietf.org
> Cc : dots-chairs@ietf.org; valery@smyslov.net; dots@ietf.org; draft-
> ietf-dots-telemetry@ietf.org
> Objet : Re: Last Call: <draft-ietf-dots-telemetry-19.txt> (Distributed
> Denial-of-Service Open Threat Signaling (DOTS) Telemetry) to Proposed
> Standard
> 
> Some stray thoughts
> 
> I wonder if there is a recognised terminology for attacks, threats and
> such-like.  I have been looking at I2NSF I-D recently and they are,
> well, different.  I note too that secdir reviews thereof queried some of
> the I2NSF terminology but what is right and what is wrong?.  I am
> reminded of the efforts to produce a second version of the Security
> Glossary some time ago.

[Med] You may look at RFC4949, but that document requires a refresh. For the particular DoS case, RFC4732 is still a good reading reference. 

> 
> I find the use of -g and -ps alien.  I worked out what they mean but
> cannot help feeling that there is a clearer way to express this, such as
> pps, bps, Bps (YANG does not like capitalisation but does allow it where
> it is widely recognised, which, for me, Bps is).

[Med] *-g is used to identify nodes of gauge type while *-ps identifies nodes that are expressed as a value "per second". We don't include the reasoning of the naming convention as what matters is the description of the attributes, not their names. We can add a note if you think this is helpful. 

> 
> URI for IANA are inconsistent, http: and https: - since IANA allows
> http: (hurrah) I am easy with either but do like consistency

[Med] Fixed this one https://www.iana.org/assignments/enterprise-numbers.html. Thanks. 

> 
> "The DOTS telemetry module (Section 10.1) uses "enumerations" rather
>     than "identities" to define units, samples, and intervals because
>     otherwise the namespace identifier "ietf-dots-telemetry" must be
>     included when a telemetry attribute is included "
> Well yes but that is saying the ietf-dots-telemetry is a bad choice of
> prefix - the 'ietf' is redundant and the 'telemetry' is prolix

[Med] We could shorten the prefix but the issue is still there:  have to include a prefix.  

> 
>        TBA: Overlapping pipe scope (see Section 12).
> could do with an explanatory note, perhaps one for the RFC Editor
> 

[Med] Sure. Added a note to Section 12.2. 

> 
>     vendor-id:  Vendor ID is a security vendor's Enterprise Number as
>        registered with IANA [Enterprise-Numbers].  It is a four-byte
>        integer value.
> No, it is an integer which in this model is uint32 which can be
> represented in a number of ways

[Med] Fixed. 

> 
> The user has to understand that [Enterprise-Numbers] is the same as
> Private Enterprise Numbers", which may not be apparent; consistent
> terminology is good.

[Med] Not sure a (which) change is needed. The current text says:  

   vendor-id:  Vendor ID is a security vendor's Enterprise Number as
      registered with IANA [Enterprise-Numbers].

with:

   [Enterprise-Numbers]
              "Private Enterprise Numbers", 4 May 2020,
              <http://www.iana.org/assignments/enterprise-numbers.html>.

> 
> YANG TLD is out of date and URI lacks https:

[Med] OK

> 
> Authors vary between the frontispiece,

[Med] That is not an issue. 

 the YANG modules and Authors'
> Addresses

[Med] Fixed Tiru's address. Thanks. 

> 
> Two references in the YANG modules I do not see in the I-D References
>        <https://www.iana.org/assignments/protocol-numbers/>.
>        "Section 4.4.2 of RFC UUUU.";
> The latter is not an RFC I am familiar with (but then that is true of
> most RFC:-(
> 

[Med] :-) Changed to "RFC 9132". Thanks. 

>      reference
>        "IANA: Private Enterprise Numbers"; would be clearer with a URI,
> whereever it occurs which is in more than one place
> 

[Med] Will leave this one for the RFC editor. 

> Security COnsiderations uses part of the YANG Guidelines template but
> not all

[Med] That is on purpose:
* we don't use it in 13.1 because this YANG module is not used for management purposes:

   The DOTS telemetry module (Section 10.1) is not intended to be used
   via NETCONF/RESTCONF for DOTS server management purposes.  It serves
   only to provide a data model and encoding following [RFC8791].

* as we are pointing to rfc8783#section-10, only new considerations are included here. 

; TLS is notable for its absence.
> 

[Med] That's covered in the 9132 and 8738. We don't repeat these aspects here. 

> Tom Petch
> 
> 
> 
> 
> 
> On 10/01/2022 14:32, The IESG wrote:
> >
> > The IESG has received a request from the DDoS Open Threat Signaling WG
> > (dots) to consider the following document: - 'Distributed
> > Denial-of-Service Open Threat Signaling (DOTS) Telemetry'
> >    <draft-ietf-dots-telemetry-19.txt> as Proposed Standard
> >
> > The IESG plans to make a decision in the next few weeks, and solicits
> > final comments on this action. Please send substantive comments to the
> > last-call@ietf.org mailing lists by 2022-01-24. Exceptionally,
> > comments may be sent to iesg@ietf.org instead. In either case, please
> > retain the beginning of the Subject line to allow automated sorting.
> >
> > Abstract
> >
> >
> >     This document aims to enrich the DOTS signal channel protocol with
> >     various telemetry attributes, allowing for optimal Distributed
> >     Denial-of-Service (DDoS) attack mitigation.  It specifies the
> normal
> >     traffic baseline and attack traffic telemetry attributes a DOTS
> >     client can convey to its DOTS server in the mitigation request,
> the
> >     mitigation status telemetry attributes a DOTS server can
> communicate
> >     to a DOTS client, and the mitigation efficacy telemetry attributes
> a
> >     DOTS client can communicate to a DOTS server.  The telemetry
> >     attributes can assist the mitigator to choose the DDoS mitigation
> >     techniques and perform optimal DDoS attack mitigation.
> >
> >
> >
> >
> > The file can be obtained via
> > https://datatracker.ietf.org/doc/draft-ietf-dots-telemetry/
> >
> >
> >
> > No IPR declarations have been submitted directly on this I-D.
> >
> >
> >
> >
> >
> > _______________________________________________
> > IETF-Announce mailing list
> > IETF-Announce@ietf.org
> > https://www.ietf.org/mailman/listinfo/ietf-announce
> > .
> >

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email