Re: [Dots] Feedback on draft-nishizuka-dots-inter-domain-mechanism-01
"Roman D. Danyliw" <rdd@cert.org> Wed, 20 July 2016 17:19 UTC
Return-Path: <rdd@cert.org>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33BDC12D894 for <dots@ietfa.amsl.com>; Wed, 20 Jul 2016 10:19:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5X0bpXeKRttu for <dots@ietfa.amsl.com>; Wed, 20 Jul 2016 10:18:58 -0700 (PDT)
Received: from plainfield.sei.cmu.edu (plainfield.sei.cmu.edu [192.58.107.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A522712D137 for <dots@ietf.org>; Wed, 20 Jul 2016 10:18:51 -0700 (PDT)
Received: from timber.sei.cmu.edu (timber.sei.cmu.edu [10.64.21.23]) by plainfield.sei.cmu.edu (8.14.4/8.14.4/1543) with ESMTP id u6KHIdf6005259; Wed, 20 Jul 2016 13:18:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1469035119; bh=XHf4gI+XTvB+r7G21tB96Ggip5mAAzuE6GpuqjS+2x8=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version:Sender: Reply-To; b=BeZ6g/ZlsoR/fy/roXhLJ9vcVK38M1ccLOWocRKVRYd5YmwLIMM2toY8KdQIi17Zq 6dRPAlV93b108DrWRjAUlL0tqp6Z9c8F7/qh6o7W1lg6Z+eKOV5MLjFn+NX1Ch0uNY PUtyS2GPj5fiFx7RF4ZsnL3lqwn4mwjMgasQmdMU=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by timber.sei.cmu.edu (8.14.4/8.14.4/1543) with ESMTP id u6KHIUPq008718; Wed, 20 Jul 2016 13:18:30 -0400
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0279.002; Wed, 20 Jul 2016 13:18:29 -0400
From: "Roman D. Danyliw" <rdd@cert.org>
To: "Xialiang (Frank)" <frank.xialiang@huawei.com>
Thread-Topic: [Dots] Feedback on draft-nishizuka-dots-inter-domain-mechanism-01
Thread-Index: AQHR4lkcRnccxXgH60KeGr8DmiUlf6AhRwWQ
Date: Wed, 20 Jul 2016 17:18:29 +0000
Message-ID: <359EC4B99E040048A7131E0F4E113AFC0104E1D14B@marathon>
References: <359EC4B99E040048A7131E0F4E113AFC0104E1A3AD@marathon> <C02846B1344F344EB4FAA6FA7AF481F12AF949E3@SZXEMA502-MBS.china.huawei.com>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12AF949E3@SZXEMA502-MBS.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.22.6]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/eWXTSKmhw--iXVwOJKCC_vN4ziQ>
Cc: "dots@ietf.org" <dots@ietf.org>
Subject: Re: [Dots] Feedback on draft-nishizuka-dots-inter-domain-mechanism-01
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 17:19:01 -0000
Hi Frank! Thanks for the response. My comments are inline. Where I removed a item, you answered my question (thanks). > -----Original Message----- > From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of Xialiang (Frank) > Sent: Wednesday, July 20, 2016 3:34 AM > To: Roman D. Danyliw <rdd@cert.org> > Cc: dots@ietf.org > Subject: Re: [Dots] Feedback on draft-nishizuka-dots-inter-domain- > mechanism-01 > > Hi Roman, > Thanks for the detailed comments. > My response is inline: > > B.R. > Frank > > -----邮件原件----- > 发件人: Dots [mailto:dots-bounces@ietf.org] 代表 Roman D. Danyliw > 发送时间: 2016年7月18日 21:03 > 收件人: dots@ietf.org > 主题: [Dots] Feedback on draft-nishizuka-dots-inter-domain-mechanism-01 > > Hello WG! > > WG chair hat off ... > > In reading through draft-nishizuka-dots-inter-domain-mechanism-01 I have > the following feedback: [snip] > (4) Section 5, Provisioning stage, "A DOTS client should register itself to the > DOTS server, as well as enable capacity building in advance." In the context > of DOTS, what protocol support is expected to "enable capacity building in > advance"? > [Frank]: In section 5.1.2, we have the details: "The customers (DOTS client) > registers to the operator controller with the configuration and capability > building including protection methods, process capacity, protected zone, > security profile, white/black-list, etc". Does it make sense? It does but then I have a nit related to the use of the phrase "capacity building". It doesn't seem to fit here for me. > (5) Section 5.1.1, customer_name, How should this name be generated? > [Frank]: it's generated by DOTS client itself, but the custom_id is the unique > value generated by the DOTS server If it's a free form value, I'd recommend stating that for clarify in the draft. > (6) Section 5.1.1, ip_version, To what traffic does this version number refer? > [Frank]: the version of the DOTS client's all traffic I still need a little help understanding. This field tells the DOTS server that the DOTS client traffic will be IPv6 or v4? If so, which traffic? What happens if there is v4 and v6 traffic? The one noted in the protected_zone, on the white/blacklist? What happens if ip_version = "v4" and a ipv6_address is set in protected_zone. [snip] > (9) Section 5.1.1, protected_ports, To clarify, is this the subset of ports > possible to enumerate in future mitigation requests? > [Frank]: Yes, I think so. I tend to think there should be some restriction here, > which means dots server only protect those ports that have been registered. I'd recommend explicitly documenting this relationship between protected_ports and future mitigation requests. > (10) Section 5.1.1, whitelist and blacklist, I would recommend being explicit > on what the DOTS server is supposed to do with this list. > [Frank]: In registration response message, it can indicate whether DOTS > server can support it. Do you mean more information than this? Based on the definition in the text of whitelist, it appeared that the client could send a characterization of particular traffic. I was recommending that the text be explicit is saying something like (not precise language) -- "The DOTS server should ensure that traffic described in the 'whitelist' field set during registration time is not impacted in future mitigation requests by the DOTS client." Some equivalent for blacklist. > (12) When is the Heartbeat message sent > [Frank]: It's periodically sent to the peer DOTS agents right after the DOTS > registration process is finished, and till the DOTS client cancels its registration > to the DOTS server. Understood. I didn't see that in the text. How often is periodically? > (14) Section 5.2.1, DST_IP is used in the definition of multiple fields but is not > defined. Is this field the same as dst_ip from packet_header? > [Frank]: it should be the same. I recommend using a consistent case. > (17) Section 5.2.1, current_throughputs, What does it mean to have multiple > CSV separated values in this field? > [Frank]: good question. The reason we use multiple CSV is to send a set of > attack information in one DOTS mitigation request message, for increasing > the efficiency. Would there be timestamps with these rates? Assuming this was a legal syntax, "3.5, 58.3, 48.3", how would that be interpreted? [snip] > (20) Section 5.2.1, hash, Is this hash calculated on the complete payload or > the truncated value per the offset field? > [Frank]: the truncated part. I recommend explicitly stating the target of the hash as you clarified here. Roman
- [Dots] 答复: Feedback on draft-nishizuka-dots-inter… Xialiang (Frank)
- Re: [Dots] Feedback on draft-nishizuka-dots-inter… Roman D. Danyliw
- Re: [Dots] Feedback on draft-nishizuka-dots-inter… Xialiang (Frank)
- [Dots] Feedback on draft-nishizuka-dots-inter-dom… Roman D. Danyliw