Re: [Dots] WGLC for draft-dots-use-cases-19

Töma Gavrichenkov <> Tue, 06 August 2019 13:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7320D120183 for <>; Tue, 6 Aug 2019 06:05:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U1Uq_tSi2sa4 for <>; Tue, 6 Aug 2019 06:05:50 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::c34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EB586120170 for <>; Tue, 6 Aug 2019 06:05:49 -0700 (PDT)
Received: by with SMTP id q128so30795262ywc.1 for <>; Tue, 06 Aug 2019 06:05:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=AeDvMPSYSjepFhJYOJ54/0oBZuO4LdqXVRdGVwqE7kY=; b=qioMHTlaKNYGMPFUBoWEMnQx6KSMv4Gj9rMzoPYtOC4zAwMB50HHJheq5jOa7tDz0m FI6y9ThpyiZvIpUgmrEiNxYwP2VMNl9kz5+2DuzpQfTZnwqiRu8OHRWV4pdRoabUxZaf 8+yFN1edsTGW0QMdXIYXdcJRmr006cYwwy5NQaoq4e0jluynAJeaBMhHnlajAvKLp6jU dz9IKEO+dMdMl/2CfphUxPEuCLYPT8VObmH6CtgtBZl8YT4xZlbFdoZiAcz2JdiOqW5k iH+iXiDD3QTvO632tDnbhjGkLzEXGVeNzykSL3sz1jrw+sFgfqlS8NMl9L3/fNw8GTbt YgCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=AeDvMPSYSjepFhJYOJ54/0oBZuO4LdqXVRdGVwqE7kY=; b=ZvL0VDUW0YctkbkpuPS1E1hUN9G+t1R+1qvFTGeHFfTvBzjRImKnj7dkhQFmSjKVJN B8chqS0uAmmN+sbYmaAneQzMKgun1kBtt6yMEUicdtVIxHOZu1q0Rc0lrBmNSWVAKNV4 LTI8kI+j5ewYiVwcfnms7qMz6SK9MEKPx4Wgrqvybc/1ZHqDqVS0mVmObkYxaNIiQ8V5 IkMj2YFU1VqKWS4vNKfGyBpo6g0cN8FiaevRbpsn0J0V/fBfZ9teXQxoFFjjSH0B9+rE 0mmYOVZy6EVAnyMo4hLvsWqyQf4fe6Jhn0+rEzDv9i0ZJ3A8yZTczyBU7csjoDDfPqFL iBKQ==
X-Gm-Message-State: APjAAAX5rb0aWCXkKmM+IRsU/toPybaMGs3/dJvgSDh3MtFH2MZ19i5S vG6zzEKnRED3R5XkziWOgz2jx+PQ2wLl2mLn3B0=
X-Google-Smtp-Source: APXvYqzPuXG3zusZf2UdQQ3tawPOhaMzO+CtBnMGUkg8DP5gDG67Un/E41qr1it/B+OhYkiShIT+PYjpjYJ9sFBQ76c=
X-Received: by 2002:a81:301:: with SMTP id 1mr2236606ywd.102.1565096748859; Tue, 06 Aug 2019 06:05:48 -0700 (PDT)
MIME-Version: 1.0
References: <00b001d54c1f$d57799e0$8066cda0$> <> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B9330312FDBC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B9330312FDC6C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <> <> <>
In-Reply-To: <>
From: =?UTF-8?Q?T=C3=B6ma_Gavrichenkov?= <>
Date: Tue, 6 Aug 2019 16:05:24 +0300
Message-ID: <>
To: "Konda, Tirumaleswar Reddy" <>
Cc: "" <>, Valery Smyslov <>, "" <>, "Xialiang (Frank, Network Standard & Patent Dept)" <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 06 Aug 2019 13:05:52 -0000

On Tue, Aug 6, 2019 at 3:52 PM Konda, Tirumaleswar Reddy
<> wrote:
>> I must say I don't understand what is the reason
>> behind collecting spoofed IP addresses.
> I am referring to reflection attacks
> (e.g. DNS amplification attack).

Especially under those attacks you must not drop traffic based on
source IP addresses in it.  Otherwise you will fall directly into a
lovely crafted trap when the attacker starts to generate traffic with
source IP addresses of your potential users.

But anyway, DOTS is not about attack mitigation techniques, it's just
a signalling channel.  How exactly the mitigation is being carried out
by either side of the channel is out of scope of the WG.

> The other attack could be where the surveillance
> IP camera's IP address is spoofed, traffic from this
> IP address is black-listed and it no longer can send
> feeds to its server

Yes, this is in particular why you must not take into account any data
you haven't verified, including (but not limited to) a source IP
address before a handshake is completed successfully.