Re: [Dots] New Version Notification for draft-fu-dots-ipfix-extension-00.txt
"Roland Dobbins" <rdobbins@arbor.net> Sat, 24 October 2015 04:54 UTC
Return-Path: <rdobbins@arbor.net>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 894EF1ACD74 for <dots@ietfa.amsl.com>; Fri, 23 Oct 2015 21:54:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NfPW4vtytia for <dots@ietfa.amsl.com>; Fri, 23 Oct 2015 21:54:57 -0700 (PDT)
Received: from mail-pa0-x235.google.com (mail-pa0-x235.google.com [IPv6:2607:f8b0:400e:c03::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C91941ACD6C for <dots@ietf.org>; Fri, 23 Oct 2015 21:54:57 -0700 (PDT)
Received: by pasz6 with SMTP id z6so135318646pas.2 for <dots@ietf.org>; Fri, 23 Oct 2015 21:54:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arbor.net; s=m0; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type; bh=Spw+TTAERVYfbeOzO/aQvBhcovRbryXudxZiTmpjOu0=; b=Z/FjwtqAASXkF8BafGRP5GyCQUV4RKvBJ9n+AGmOpeKMfRJ0/5slHcrsblkZxb6ys3 KtI+1k5/Fo65Qr7588CT/1Dgt/BP+1IyqRv2wa2kXzRNVRgJrELj1ISMtpW1ctfXLVQq o6z7CGqIMXyEtypeU75lj3fyHhsmkPLCpWnz4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=Spw+TTAERVYfbeOzO/aQvBhcovRbryXudxZiTmpjOu0=; b=apn/dZ9ucDBnhNSFWNvpw6jPArbrE8gxtsUx30jWZgbLUzirWAx1lbTFniA2abD3L2 YX9WR6bZPRrfq68KTV/xlK06OD9I/dyTtw5ghdCyes9PhSvGv3WhQggmFIVlBWcAvW/D fy6ifwlvyoCQne6ilaC69Pzol+fztfG7E9nD3FWhoRimfwXs5gI+S2cT1459kPaZAStt jcAhnIlGgzBRHUqzHB+ug3s7j8ROfTg62KnpCa8/iRID8U6s68vKfgWbAGtq7X9JBu59 Wgrv87Ek0CKt9PYUrPFf5pbVVI5ybWuiWbeZma3nmZ/RecBZGaQLVCbZ5XWP6k6XU420 DfNA==
X-Gm-Message-State: ALoCoQnv+zwb9Vww71Wu2RtxI0AsL6XX8KEwjBH+llOhHZc79KHkYCkCWQVZR7q4bYA3f6MXLcYv
X-Received: by 10.66.141.42 with SMTP id rl10mr28269040pab.18.1445662497326; Fri, 23 Oct 2015 21:54:57 -0700 (PDT)
Received: from [172.19.254.135] (202-176-81-112.static.asianet.co.th. [202.176.81.112]) by smtp.gmail.com with ESMTPSA id t9sm21829316pbs.17.2015.10.23.21.54.55 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 23 Oct 2015 21:54:56 -0700 (PDT)
From: Roland Dobbins <rdobbins@arbor.net>
To: dots <dots@ietf.org>
Date: Sat, 24 Oct 2015 11:54:52 +0700
Message-ID: <98F23B2C-7398-4449-99DF-66FA05D99FD2@arbor.net>
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFCD9534B3B@marathon>
References: <C02846B1344F344EB4FAA6FA7AF481F12AE8DDF2@SZXEMA502-MBS.china.huawei.com> <9DDE9CA9-1147-4CE0-8494-E4683B77333F@arbor.net> <C02846B1344F344EB4FAA6FA7AF481F12AE8DE38@SZXEMA502-MBS.china.huawei.com> <534A150D-7A41-40B5-A637-D1870BFB1926@arbor.net> <359EC4B99E040048A7131E0F4E113AFCD9534B3B@marathon>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.2r5141)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dots/caFdWsatuwdx20oehv4b44vhyj0>
Cc: "Roman D. Danyliw" <rdd@cert.org>
Subject: Re: [Dots] New Version Notification for draft-fu-dots-ipfix-extension-00.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Oct 2015 04:54:59 -0000
On 24 Oct 2015, at 2:15, Roman D. Danyliw wrote:
> If there are any questions or concerns, please let us know and we will
> be happy to help.
The intent of the language in the charter discussing existing telemetry
standards was to ensure that the DOTS WG had the option of utilizing
and/or exploring the extension of said standards within the realm of
using them for threat signaling and request handling purposes; this was
the spirit in which it was contributed:
<http://www.ietf.org/mail-archive/web/dots/current/msg00131.html>
The concern is that by getting into details of telemetry format
definition which are unrelated to threat signaling, we are inadvertently
embracing the much larger task of general telemetry format redefinition,
which has implications far beyond the threat signaling arena and is a
much larger, more involved, and more complex task than defining a threat
signaling standard.
draft-fu-dots-ipfix-extension-00 is not related to threat signaling. It
is related to the underlying generation and export of network traffic
statistics and characteristics. From draft-fu-dots-ipfix-extension-00:
This document presents the IPFIX IEs which are available for the
network attacks detection, some of them are the new defined IPFIX
IEs and their formats are specified. The wise utilization of these
IEs will improve the network security and will support the offline
analysis of data from different operators in the future with minimal
resource consumption.
There is nothing in draft-fu-dots-ipfix-extension-00 which relates to
threat signaling. Nowhere in draft-fu-dots-ipfix-extension-00 is the
topic of threat signaling mentioned, even in passing.
I apparently missed an email message from the chairs to the list on this
topic on 5Oct2015; apologies for this oversight. The concerns expressed
above are not based upon any company perspective, as was implied in that
message, but are the concerns of an individual contributor to the WG
that we are at risk of inadvertently taking on tasks which are outside
the realm of threat signaling, thereby making it more difficult to
accomplish our primary goal of developing a standardized mechanism for
DDoS threat signaling.
These concerns relate to the risk of inadvertent WG scope-creep, nothing
more.
From the DOTS charter:
-----
Any modification of or extension to existing protocols must be in close
coordination with the working
groups responsible for the protocol being modified, and may be done in
this working group after agreement with all the relevant WGs and
responsible Area Directors.
-----
Has this coordination with regards to draft-fu-dots-ipfix-extension-00
taken place, and has the agreement of the Operations and Management Area
AD and the IPFIX chairs to this proposed modification to IPFIX been
secured?
Many thanks!
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
- [Dots] 转发: New Version Notification for draft-fu-… Xialiang (Frank)
- [Dots] 转发: New Version Notification for draft-fu-… Xialiang (Frank)
- Re: [Dots] New Version Notification for draft-fu-… Roland Dobbins
- [Dots] 答复: New Version Notification for draft-fu-… Xialiang (Frank)
- Re: [Dots] New Version Notification for draft-fu-… Robert Moskowitz
- Re: [Dots] New Version Notification for draft-fu-… Andrew Mortensen
- Re: [Dots] New Version Notification for draft-fu-… Roland Dobbins
- Re: [Dots] New Version Notification for draft-fu-… Roland Dobbins
- Re: [Dots] New Version Notification for draft-fu-… Roman D. Danyliw
- Re: [Dots] New Version Notification for draft-fu-… Roland Dobbins
- Re: [Dots] New Version Notification for draft-fu-… Teague, Nik
- Re: [Dots] 答复: New Version Notification for draft… Tobias Gondrom
- [Dots] 答复: New Version Notification for draft-fu-… Xialiang (Frank)
- [Dots] 答复: 答复: New Version Notification for draft… Xialiang (Frank)
- Re: [Dots] 答复: New Version Notification for draft… Andrew Mortensen
- Re: [Dots] 答复: New Version Notification for draft… Tobias Gondrom