IETF Logo Mail Archive

Re: [Dots] Comments on dots-signal-control-filtering-01

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 18 January 2019 07:14 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E2BB131139 for <dots@ietfa.amsl.com>; Thu, 17 Jan 2019 23:14:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.853
X-Spam-Level:
X-Spam-Status: No, score=-8.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TmmpVoYQyC34 for <dots@ietfa.amsl.com>; Thu, 17 Jan 2019 23:14:16 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57075130D7A for <dots@ietf.org>; Thu, 17 Jan 2019 23:14:16 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1547795634; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-office365-filtering-correlation-id:x-microsoft-antispam: x-ms-traffictypediagnostic:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=s5rPlZl9djbUjxAaJHRGUlci9X6rCTelx+rJ8P byBaM=; b=VkNjgC4j6RZEoGa1yXDkVVjFXYp06nOTOTzmScu3 nX6LVBQcPfwNy8tBmG1vws+AUpJX/Q5vMxwdEIASE4GtsPA+RT UFYipVQ151yu2cQ0d5n7zONI0LGmGv9IYsCHrTOzKsIukW19Cq EinIAdEXt4Q7jzPLA2nnfIP4VEyj9C0=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 2a18_d738_f15dc8f3_a070_4a58_afe1_8a607a1b1aab; Fri, 18 Jan 2019 01:13:54 -0600
Received: from DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 18 Jan 2019 00:14:00 -0700
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Fri, 18 Jan 2019 00:14:00 -0700
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 18 Jan 2019 00:13:59 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2775.namprd16.prod.outlook.com (20.178.233.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.24; Fri, 18 Jan 2019 07:13:58 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::202f:5967:73ad:130f]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::202f:5967:73ad:130f%5]) with mapi id 15.20.1537.018; Fri, 18 Jan 2019 07:13:58 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Takahiko Nagata <nagata@lepidum.co.jp>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Comments on dots-signal-control-filtering-01
Thread-Index: AQHUrjQ7qebvBkLi4EG6xztFHqgLVaW0nHgAgAAAoHA=
Date: Fri, 18 Jan 2019 07:13:58 +0000
Message-ID: <BYAPR16MB2790ED34736AB959C030CD94EA9C0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <e508fc49-fe2f-8160-8f0b-cba1868be738@lepidum.co.jp> <787AE7BB302AE849A7480A190F8B93302EA09E84@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA09E84@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.100.18
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR16MB2775; 6:5o7aSiNRfOHBqWGNXtNRfDVkiS17s/6+0pTS4jCXqBHa2VS+EgfRMCvP6xxNvTfQvz3L17IB6E1gf/OXoHg4NUj2pspWjFZ+2IZXlaGTgFEhrYAJuCBBGtdx2XkzQu8XKP7RM9q36DwxvoOBQUOfLNAeeLhmOH3ZRxRYVMYjjQ+wleHL/9oWeY0HdiVgVyEKpTjKQ0orA/xff4A0vFqHt3vG6ikoCxQPsBetr9Z1JiLVrYj/uJHcUHAf5jiNWkQeapfwPf2Txd4k7Ct/xxXdWBRBfChzNhHL/Z1zhdgVq+M6D+Q8FShTu7DVAlvZCHH0GcwyiG8wiArFp/8XhbTZ5HQbA22dyEPLWP0W6eJn6FVrgT/zA6VJy5tMV4QCWKdXFjxEqK6/j3Z2sV6N1VVFZgSpKR7IaPnNACGubdEiZT2lTkx4TQ1PCPeKt0a95BxPIqcYQiMlDt1wFTWaIxD9dA==; 5:c10L2DmARLqplFFvXwTIgyTlRfikyV34FDcEC0pUVvYFHnluXpUCep8enA9gBOpdexKr/cPElu53IgPUeY7ELe3tbcb7SvM02tecdBR9/Lfmfgw8Jom6TJgjZmsPaJ7vbAY5GkKOwp48KspBVWyMg+Ne97hqZH9EizGoAHc0UkiXlK06VPWTMuAPw9jdyr7UgzG1IR72Bk2CWrFL2cSXlA==; 7:2xqm/wjNKP7gqx+vbUpmaCp+OZb6SObMILql6GhkV+ceKbJBsOtb3hd64UPEnBPy3cBGQ/MR+ITkZhsAJIDwC8E++BvisoK5dphYtZYXi4s/AoI0hhcVS10W8TXbDOQMN5N/i0MsPfww5todgGoFcQ==
x-ms-office365-filtering-correlation-id: aef6a390-c5c0-491a-e2c4-08d67d1483f7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2775;
x-ms-traffictypediagnostic: BYAPR16MB2775:
x-microsoft-antispam-prvs: <BYAPR16MB27751F9A5B4882AE63B95001EA9C0@BYAPR16MB2775.namprd16.prod.outlook.com>
x-forefront-prvs: 0921D55E4F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(366004)(346002)(376002)(136003)(396003)(32952001)(55784004)(13464003)(189003)(199004)(33656002)(3846002)(5660300001)(6116002)(105586002)(229853002)(186003)(14454004)(80792005)(486006)(305945005)(68736007)(106356001)(7736002)(26005)(478600001)(99286004)(97736004)(102836004)(72206003)(55016002)(6246003)(74316002)(2501003)(6436002)(966005)(25786009)(7696005)(76176011)(6306002)(9686003)(71190400001)(71200400001)(81166006)(53546011)(8676002)(316002)(81156014)(53936002)(345774005)(6506007)(8936002)(11346002)(2906002)(256004)(5024004)(476003)(14444005)(446003)(66066001)(86362001)(110136005)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2775; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Kzh35p7Dd5qAOjmEjuqueCqCc729Ipi4P0A2HX9oBWrrvsr37bYdsBJ4F8R1C09J4m+Qhm6jUAS0HWRa99kMZ24HX8Bh7ikt1y+zODYgf0jN0k7PlpP7h9r+MkPuQBfYhDmFdrbuKSMB2zQqyJbvbcXYkCDF4LPXRfs0cfvdkyOeiOOiGUbsmux1jO0LCk0+xdGxe4fVG5A72yGy9+2iYMBwGOHL7jojspksWcOYgx52GOdEb32KquSGKrVp+yKlxOiVVY41nXVGr2vHbR7rZ9Cs6/WbFZ5xcelYgtYxs9H1yTXtSfuLMxt5RTf0TiZcoRxcXhnakfn5faZa9c1M3NiwQr/MBRoqmwFWngpDGoPnHQO2+DpsZ/eqUEwc+ZmU3RavtcP7CDWs+1UWdhK/cQHZBTeQZ8/bO64Qb+8rZJk=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: aef6a390-c5c0-491a-e2c4-08d67d1483f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jan 2019 07:13:58.5161 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2775
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6463> : inlines <6997> : streams <1810416> : uri <2781704>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/fWdTc_bZj_QTCbwbyBDkm9LJatQ>
Subject: Re: [Dots] Comments on dots-signal-control-filtering-01
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2019 07:14:19 -0000

> -----Original Message-----
> From: Dots <dots-bounces@ietf.org> On Behalf Of
> mohamed.boucadair@orange.com
> Sent: Friday, January 18, 2019 12:37 PM
> To: Takahiko Nagata <nagata@lepidum.co.jp>; dots@ietf.org
> Subject: Re: [Dots] Comments on dots-signal-control-filtering-01
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is safe.
> 
> Hi Takahiko,
> 
> Thank you for sharing the comments.
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Dots [mailto:dots-bounces@ietf.org] De la part de Takahiko Nagata
> > Envoyé : jeudi 17 janvier 2019 08:13 À : dots@ietf.org Objet : [Dots]
> > Comments on dots-signal-control-filtering-01
> >
> > Hi Kaname,
> >
> > I would like to 2 comments on dots-signal-control-filtering-01.
> >
> > (Comment1) Minimal attributes for control-filtering. ("lifetime" behavior)
> >   Minimal attributes of SignalChannel MitigationRequest
> >   for control-filtering is only the followings, I think.
> >   - acl-list(acl-name, activation-type)
> >   - lifetime
> >
> >   So, We can send acl-list via SignalChannel without
> >   other Mitigation request parameters.
> 
> [Med] When the same mid is used, the request is considered as a refresh. As
> such the attributes that were included in the first request must be included.
> 
> >
> >   In this case, we need to decide behavior of "lifetime".
> >   I think "lifetime" is ignored in this case.
> 
> [Med] No. This is a particular case of this text from the signal channel spec:
> 
>    For a mitigation request to continue beyond the initial negotiated
>    lifetime, the DOTS client has to refresh the current mitigation
>    request by sending a new PUT request.  This PUT request MUST use the
>    same 'mid' value, and MUST repeat all the other parameters as sent in
>    the original mitigation request apart from a possible change to the
>    lifetime parameter value.
> 
> >   Because acl-list(acl-name, activation-type) should be
> >   managed only DataChannel side for specification simply.
> >
> >
> > (Comment2) Should be specified behavior.
> > (a) Not be affected by "trigger-mitigation"
> >   acl-list(acl-name, activation-type) is soon be applied
> >   even if "trigger-mitigation" is false.
> 
> [Med] The procedure applies independently of the value of "trigger-mitigation".
> We can say this explicitly on the draft.

A Mitigation request with "trigger-mitigation" set to false must only be sent in the peace time and not during the attack time. During the peace time, I don't see the need to activate/de-activate 
ACLs using DOTS signal channel protocol.

Cheers,
-Tiru

> 
> >
> > (b) Do not affect to "Efficacy Update"
> >   acl-list(acl-name, activation-type) would be ignored
> >   at "Efficacy Update" success or reject.
> 
> [Med] Agree. We are not updating that part of the signal channel spec. acl-list
> clauses won't be included in the efficacy update.
> 
> >
> > (c) GET response of Mitigation Request
> >   acl-list(acl-name, activation-type) would not be included
> >   on respose of GET Mitigation Request.
> 
> [Med] Yes. Will be make this clear in the draft.
> 
> >
> > (d) In DELETE, no behavior(ex: rollback) for acl-list.
> 
> [Med] Yes.
> 
> >
> >
> > Best Regards,
> > Takahiko Nagata
> >
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots

v2.45.0 | Report a Bug | By Email | System Status