IETF Logo Mail Archive

Re: [Dots] another option://答复: Can DOTS protocol support IP whitelist for DOTS client's AA?

"Roland Dobbins" <rdobbins@arbor.net> Fri, 29 September 2017 06:05 UTC

Return-Path: <rdobbins@arbor.net>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E1181344F3 for <dots@ietfa.amsl.com>; Thu, 28 Sep 2017 23:05:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level:
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YfsZQeBokqdx for <dots@ietfa.amsl.com>; Thu, 28 Sep 2017 23:05:04 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0105.outbound.protection.outlook.com [104.47.40.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4959713219E for <Dots@ietf.org>; Thu, 28 Sep 2017 23:05:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=TPMnTUpjsaFUXftuRE4MyMh27jnrfFtphPUT3K1L0fQ=; b=hfA5qhnGdbEk+4H7AmtFVTTWU3ohyZQvxNDNq426vp3mnL1NhjHwtpO9ZBu+enGEgyc8ApI8jExwk4x0s3zYs95hEhQAyapkCtjp3pn2YrqOMnfUIEPENa5uSWseKb/odYGo7qwctjHHJlnVhpnOrAxJpT4KdsI3MpvmpDFlCo4=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=rdobbins@arbor.net;
Received: from [172.19.254.101] (184.82.231.92) by BY1PR0101MB1029.prod.exchangelabs.com (2a01:111:e400:5005::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Fri, 29 Sep 2017 06:05:01 +0000
From: Roland Dobbins <rdobbins@arbor.net>
To: Xialiang <frank.xialiang@huawei.com>
Cc: "Dots@ietf.org" <Dots@ietf.org>
Date: Fri, 29 Sep 2017 13:04:47 +0700
Message-ID: <993069A8-B670-4FA8-98E6-7A960654A8FA@arbor.net>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12BB2D19B@DGGEML502-MBX.china.huawei.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12BB2D185@DGGEML502-MBX.china.huawei.com> <C02846B1344F344EB4FAA6FA7AF481F12BB2D19B@DGGEML502-MBX.china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.7r5419)
X-Originating-IP: [184.82.231.92]
X-ClientProxiedBy: SG2PR06CA0108.apcprd06.prod.outlook.com (2603:1096:3:14::34) To BY1PR0101MB1029.prod.exchangelabs.com (2a01:111:e400:5005::26)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: fe8a16be-8de4-42d9-a2cf-08d507000626
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:BY1PR0101MB1029;
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 3:kLEQuITTIevCIyvkkQggsm3XhnKmmwxrrsZIrgzHDzAZ3V4OTdcUDuKcuJ0ErV3uGFVXABVLjbeBc+kVb+h0veE6wf402OlJiSQJrDnl6Q/2769JYRv1pQ4gl1led1hmK4KVZHe5P7myJ0AqDVjX56YN5y7AoMw336xlmv/AgTKuQNfLFsMZ8u0ecSdTx/dfBvg9aCSwDA3JCBE1Oy4JzenDKweGSzXrBm2dCNgVVSBtF5Kv4v7nSmyzEfK54PV/; 25:ira41+MJzL2XXGfLSdfwxHvuGfGJ1/2Ry4xrd9/zP5S6fRUpGlZu78bwGSitzy/sVSbgNZk9fqM6QfCFpKtYrtbxEPpujvsZZlh1NGmFsmbk+Cz4bKWJcXFkn5Oiow/AgqCjEtZecrPywILYWGTmhej36wZTh18Tuasaj01Px5B7Rq5jf6eaLNZIqVWdw3XBRkqSZXqrQbJo8IU3XiPmkWxHr0COd5abzSlzYDCh33ISsk3Dk/qipRUzORN1b503i8EbFY2OcaeJbqxP4PkZjGkys1Y7KNOodJ4b65rwIEDlUj8yqBB1afUbBoXICpTpov42haVROg1l4VLwgNWAIw==; 31:Jh8dge/4FT+E/dYXPOLtraw1BqOE5SIrlVKHSQLEl5UWxUwrHAmYN8LMtVZdQvsNQe4VOjzCzcsYTETbgWd1mm4AMCHl7NwlU/r9SY3gs6TlxXs/zjLVIedg9oMDsvWiMTRKAIuhVqrlcT3L7R/F+lbMF5Qcs/woXf7qA+peDVUIL9u1Bef1hFzrxOU2FYgLR5gdpirxLeTuh5cgqHvs6JK5HM9BErU3+u5nzuaKrtE=
X-MS-TrafficTypeDiagnostic: BY1PR0101MB1029:
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 20:Ig8evUpCfxfqdVIu/NpVpMg971ZlWUS6Dfhn/qJJcBvsMfY2uhBJvAM7hjymAsBKPut4Qzrd/Mdm8mY6+y74taDmZEJRBS3rU0PEiR2d1zpuuH83GH2Pix5DOMR6pTuWo2Fma0fAgWBUmxLVYx6tFWD6iWeNYBROrBvUCs05hBJbHyDcoWRDaAWWhKYK6nEYZMyTbwmcDnVsXMXpDgbGxNIxFjqactrTuFvmakfPw9sx9Li35/si5M+1OwDRGPNAVjzZrtF9/RShSuzhkYedu1hqxvQI/MeyrIijuDzlOXVF49R83nhgMBWXUmTjd74Ieus6lcPLzRZ6kZzW1mMwAW7+f9Ht0wDJHHOl8yj47weW4U8MTQ/NWVsoptNVq3o0wiECZ9plPLsuxynGphCyZnGWH7skuFeLV/Bj6iO1MYHsy01ibyt4h0FPo0YmQLLnPWYHoX0mbCj6XfAanlw/eynS4cS98jvE5u8YRAxj3H0jGEHul7BR+vriW8Jm1p7J; 4:sQm5A6B/qsk5dcNlU6kzij1QborQ20qB9jzc5tDeAgUGp0ssJ6rc62EeMSDigNvLBSn+0qHlzN4Z2TWyQzQh04pdMEu6t+9oH3z5paWj/IEDxeIATgZ08GFHR1q5JJpep0knVdPNs16WVRv/+crsTYuBYkkVIYayKE8osBCtVOTi9ZlGRlpsD0744aXoo+roMXAHIlZ1g0PUg9lOLA7rL7uFajntXOKxFPYycsH6fyBOqBTVSSQZLq5DAEaBJmOy
X-Exchange-Antispam-Report-Test: UriScan:;
X-Microsoft-Antispam-PRVS: <BY1PR0101MB102934C0B68302495C39234ACA7E0@BY1PR0101MB1029.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123562025)(20161123564025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BY1PR0101MB1029; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY1PR0101MB1029;
X-Forefront-PRVS: 0445A82F82
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6049001)(6009001)(376002)(39830400002)(346002)(24454002)(199003)(189002)(316002)(224303003)(50986999)(86362001)(33656002)(6486002)(82746002)(478600001)(16576012)(16586007)(105586002)(77096006)(47776003)(66066001)(6666003)(5660300001)(558084003)(7736002)(305945005)(189998001)(53936002)(106356001)(101416001)(5003940100001)(6246003)(53546010)(2950100002)(4326008)(83716003)(6916009)(68736007)(2906002)(50466002)(6116002)(97736004)(229853002)(3846002)(76176999)(50226002)(25786009)(8936002)(16526017)(36756003)(81166006)(81156014); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0101MB1029; H:[172.19.254.101]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: arbor.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 23:L+UqR0HvIvoM3dBOQPtQ8AuFwa1wB6InMhK4bYWioUHmvqd0ATBtPb2yoqlPEyVJw9lTtx4d4zWmFP+uS2lUIEMRvJx04Y6IHRriVkfHFTW8dA8ZoDYWH1Pi81o31NMuimSwznd4eE/xcqSvNaq6kU0uys+JM8gsdaoHDCPRIkFIo9V7QiEg+434W5auQw9Ni/iB0x+EnHvG3C3zFnqLSRy/7mxC6Aowrs9dupxk0TUfwWMJ3wNLwHclLAdGhn13lC+DEif0UGIiXrXsux1lA+9EQdt+XO5C59BfZsoHL0z2HFvseKrr/c6u0IeaqnnNi9VeZIcmNM0nduXAy4NF52/kLaiz417H7ep1tcfAEVlZV19oDMfF1/p+a0vvHw6yTr72lxLRgM/sR/q99EAJPfyOK9fK8KTqbpsX0vJ91MsmPTwWp8xPN4FtstKkHnTofis87n1uLM/ZOvhbA1isXMmiOJIBEEi18b8Y+nqTCCLzC3bnh2/JjCalMwz/5Qvgr4NdlJDpINdsyXryxAA08YsJpBlWDNz9iH5n1labx6fw1IXy+VKja/mevUJAmMkkpO6YFZ1FPcsKPxnfDym8j0U/4wAYIJSp2+5nbsEnaWqINhUvttqZVjEVgAm+FkDkke885qafyAVcBWKX4OrOOLf0eLRBa1W0Fg9pBMISiTVMpxO2zBQoILVCIWFayxaXuU2ToDvhEK33+wgpM6dpmB6NRrJwkJ3BU4Nez0Cl2Snxo0JUXCcETXLX92OsFzcCE8AoErivLtjOqenZunb9XKt4stQ+vl9150Juv1X3ox71KPDo+7DaDsiT1WVmVR+mflB+KZx+VMC+4ZMaXVDrJJhSnbIoq7xZRjWHHeY67W4O5MFnf9HnYBvTv0zqE0ss9EDBb7WUkT/dmsZbWoF32LvCY4C12V0998IgmktELz3J1kQu0TTqr+JRzTBTi9kzUUJKjZ1AyMr+K/yysQtT+sFAH6JYDbuIndvJAvVZt6D1KfQFaIWjqPQ4oJBr0xvIQkegkK6hTSoIRM4Do3h96V11WF3oZE9wrnjHNoQhL8tzDekWi9JFd77l581zt78ODDPCSWR8qQiJ328iMJTmXBZo8dLxG1yrUTFbok/grinWBmG+Vbl2H4CLwa93mXP2sv1EQpq8EIlwl67NYkyc9sd5zbWCme6ehJJ8zcSwwAYdPPIOdyTp6ETRG8IgZc85e881Lo0d26D9yh/6gjAF4MThmLaHC7KG4zkzFKu01s0=
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 6:w2C2a6zbWbCWLXXxp60aL/kRhgY7peIU0xWN9WBmzrL014o1BbG4PcwLYjRNsAWQ0oFWeCSJjDP/zlFLFAeT4U1iDpBDmliumGbdai0AZWT7FtWipedXd2/sjV+wUru0W25HNqX3YpQA3PPYwEfC1PrlSM2EBU6xjMz8QNpM5tEAb5T1q12WhFwwBRAfr/BypEoxD2McOx1ij5ZQm5DBbOB3pQFj9S0bdW9beQI0k2jxAZiE/PuSNcVLeU6iwKuuO082aNS0xLnVzDIXsYhJ/xRDl98eujraEdyIpUcgpowHCNJ7x0EWct+pkcRblunWiGRttYxHOix9oeAbMWoXPA==; 5:Ku8PVqFQi0QGh6CLDBiySqFMt6ito5IzrKsLwADAcMdbUJA/LeaQ0SfxCoA6/38cCi7s6xm6wK8K+1f2jbtvTC0GPqsjz+nGtb/vSbzNBPvxDx7BlElXnbSrhGwkFzDUl46ZQX6Ml/dgStoD9XYkCg==; 24:y94+fRq6YUa6BkyV+IURU7vAniEzl2y/jXIbhPfe9GD0OKA2m6CtNT/A/v1W72wdA9V85bjP3dE3doz2RyFuKY6TJmTlTcQMTvF4Mi4h0ZI=; 7:m5SgOBMI7KydGN30PE++N4Mv6ozHuULz8ViRFtL6DMzkd78mj3Vw05yQ5TLjeFILq2XyZQo1qyGnsGTkjgeEbeLDisCAWfHshUafV7MskmNCOFNAx4SDdpngITJfgeaHPzrmV6TqhDU7piMJpP9Wy3BD6I8zG/zsVnN1QKvMHuR4CHhrxwbKWLO6vtmAMaiTA/TWerIUNvZ9+JluoxPT/jZZw47pNlGRkjV4/6D8SCY=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2017 06:05:01.8164 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 54f11205-d4aa-4809-bd36-0b542199c5b2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0101MB1029
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/cEYnesrViD0DdvJdZQnlZC4bQEI>
Subject: Re: [Dots] another option://答复: Can DOTS protocol support IP whitelist for DOTS client's AA?
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Sep 2017 06:05:06 -0000

On 7 Aug 2017, at 7:55, Xialiang (Frank) wrote:

> In addition to IP whitelist and certificate, pre-share key can also be 
> an option.

Yes, it should be.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>

v2.23.0 | Report a Bug | By Email