Re: [Dots] New Version Notification for draft-fu-dots-ipfix-extension-00.txt
"Roland Dobbins" <rdobbins@arbor.net> Sat, 24 October 2015 04:54 UTC
Return-Path: <rdobbins@arbor.net>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 894EF1ACD74 for <dots@ietfa.amsl.com>; Fri, 23 Oct 2015 21:54:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NfPW4vtytia for <dots@ietfa.amsl.com>; Fri, 23 Oct 2015 21:54:57 -0700 (PDT)
Received: from mail-pa0-x235.google.com (mail-pa0-x235.google.com [IPv6:2607:f8b0:400e:c03::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C91941ACD6C for <dots@ietf.org>; Fri, 23 Oct 2015 21:54:57 -0700 (PDT)
Received: by pasz6 with SMTP id z6so135318646pas.2 for <dots@ietf.org>; Fri, 23 Oct 2015 21:54:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arbor.net; s=m0; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type; bh=Spw+TTAERVYfbeOzO/aQvBhcovRbryXudxZiTmpjOu0=; b=Z/FjwtqAASXkF8BafGRP5GyCQUV4RKvBJ9n+AGmOpeKMfRJ0/5slHcrsblkZxb6ys3 KtI+1k5/Fo65Qr7588CT/1Dgt/BP+1IyqRv2wa2kXzRNVRgJrELj1ISMtpW1ctfXLVQq o6z7CGqIMXyEtypeU75lj3fyHhsmkPLCpWnz4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=Spw+TTAERVYfbeOzO/aQvBhcovRbryXudxZiTmpjOu0=; b=apn/dZ9ucDBnhNSFWNvpw6jPArbrE8gxtsUx30jWZgbLUzirWAx1lbTFniA2abD3L2 YX9WR6bZPRrfq68KTV/xlK06OD9I/dyTtw5ghdCyes9PhSvGv3WhQggmFIVlBWcAvW/D fy6ifwlvyoCQne6ilaC69Pzol+fztfG7E9nD3FWhoRimfwXs5gI+S2cT1459kPaZAStt jcAhnIlGgzBRHUqzHB+ug3s7j8ROfTg62KnpCa8/iRID8U6s68vKfgWbAGtq7X9JBu59 Wgrv87Ek0CKt9PYUrPFf5pbVVI5ybWuiWbeZma3nmZ/RecBZGaQLVCbZ5XWP6k6XU420 DfNA==
X-Gm-Message-State: ALoCoQnv+zwb9Vww71Wu2RtxI0AsL6XX8KEwjBH+llOhHZc79KHkYCkCWQVZR7q4bYA3f6MXLcYv
X-Received: by 10.66.141.42 with SMTP id rl10mr28269040pab.18.1445662497326; Fri, 23 Oct 2015 21:54:57 -0700 (PDT)
Received: from [172.19.254.135] (202-176-81-112.static.asianet.co.th. [202.176.81.112]) by smtp.gmail.com with ESMTPSA id t9sm21829316pbs.17.2015.10.23.21.54.55 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 23 Oct 2015 21:54:56 -0700 (PDT)
From: Roland Dobbins <rdobbins@arbor.net>
To: dots <dots@ietf.org>
Date: Sat, 24 Oct 2015 11:54:52 +0700
Message-ID: <98F23B2C-7398-4449-99DF-66FA05D99FD2@arbor.net>
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFCD9534B3B@marathon>
References: <C02846B1344F344EB4FAA6FA7AF481F12AE8DDF2@SZXEMA502-MBS.china.huawei.com> <9DDE9CA9-1147-4CE0-8494-E4683B77333F@arbor.net> <C02846B1344F344EB4FAA6FA7AF481F12AE8DE38@SZXEMA502-MBS.china.huawei.com> <534A150D-7A41-40B5-A637-D1870BFB1926@arbor.net> <359EC4B99E040048A7131E0F4E113AFCD9534B3B@marathon>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.2r5141)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dots/caFdWsatuwdx20oehv4b44vhyj0>
Cc: "Roman D. Danyliw" <rdd@cert.org>
Subject: Re: [Dots] New Version Notification for draft-fu-dots-ipfix-extension-00.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Oct 2015 04:54:59 -0000
On 24 Oct 2015, at 2:15, Roman D. Danyliw wrote: > If there are any questions or concerns, please let us know and we will > be happy to help. The intent of the language in the charter discussing existing telemetry standards was to ensure that the DOTS WG had the option of utilizing and/or exploring the extension of said standards within the realm of using them for threat signaling and request handling purposes; this was the spirit in which it was contributed: <http://www.ietf.org/mail-archive/web/dots/current/msg00131.html> The concern is that by getting into details of telemetry format definition which are unrelated to threat signaling, we are inadvertently embracing the much larger task of general telemetry format redefinition, which has implications far beyond the threat signaling arena and is a much larger, more involved, and more complex task than defining a threat signaling standard. draft-fu-dots-ipfix-extension-00 is not related to threat signaling. It is related to the underlying generation and export of network traffic statistics and characteristics. From draft-fu-dots-ipfix-extension-00: This document presents the IPFIX IEs which are available for the network attacks detection, some of them are the new defined IPFIX IEs and their formats are specified. The wise utilization of these IEs will improve the network security and will support the offline analysis of data from different operators in the future with minimal resource consumption. There is nothing in draft-fu-dots-ipfix-extension-00 which relates to threat signaling. Nowhere in draft-fu-dots-ipfix-extension-00 is the topic of threat signaling mentioned, even in passing. I apparently missed an email message from the chairs to the list on this topic on 5Oct2015; apologies for this oversight. The concerns expressed above are not based upon any company perspective, as was implied in that message, but are the concerns of an individual contributor to the WG that we are at risk of inadvertently taking on tasks which are outside the realm of threat signaling, thereby making it more difficult to accomplish our primary goal of developing a standardized mechanism for DDoS threat signaling. These concerns relate to the risk of inadvertent WG scope-creep, nothing more. From the DOTS charter: ----- Any modification of or extension to existing protocols must be in close coordination with the working groups responsible for the protocol being modified, and may be done in this working group after agreement with all the relevant WGs and responsible Area Directors. ----- Has this coordination with regards to draft-fu-dots-ipfix-extension-00 taken place, and has the agreement of the Operations and Management Area AD and the IPFIX chairs to this proposed modification to IPFIX been secured? Many thanks! ----------------------------------- Roland Dobbins <rdobbins@arbor.net>
- [Dots] 转发: New Version Notification for draft-fu-… Xialiang (Frank)
- [Dots] 转发: New Version Notification for draft-fu-… Xialiang (Frank)
- Re: [Dots] New Version Notification for draft-fu-… Roland Dobbins
- [Dots] 答复: New Version Notification for draft-fu-… Xialiang (Frank)
- Re: [Dots] New Version Notification for draft-fu-… Robert Moskowitz
- Re: [Dots] New Version Notification for draft-fu-… Andrew Mortensen
- Re: [Dots] New Version Notification for draft-fu-… Roland Dobbins
- Re: [Dots] New Version Notification for draft-fu-… Roland Dobbins
- Re: [Dots] New Version Notification for draft-fu-… Roman D. Danyliw
- Re: [Dots] New Version Notification for draft-fu-… Roland Dobbins
- Re: [Dots] New Version Notification for draft-fu-… Teague, Nik
- Re: [Dots] 答复: New Version Notification for draft… Tobias Gondrom
- [Dots] 答复: New Version Notification for draft-fu-… Xialiang (Frank)
- [Dots] 答复: 答复: New Version Notification for draft… Xialiang (Frank)
- Re: [Dots] 答复: New Version Notification for draft… Andrew Mortensen
- Re: [Dots] 答复: New Version Notification for draft… Tobias Gondrom