IETF Logo Mail Archive

Re: [Dots] Reminder -- WGLC on draft-ietf-dots-data-channel-18

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 28 August 2018 06:26 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F2A0130E45 for <dots@ietfa.amsl.com>; Mon, 27 Aug 2018 23:26:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.309
X-Spam-Level:
X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yqt2LaXEqoMG for <dots@ietfa.amsl.com>; Mon, 27 Aug 2018 23:26:44 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A87D130DE9 for <dots@ietf.org>; Mon, 27 Aug 2018 23:26:44 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1535437603; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-exchange-antispam-report-test: x-ms-exchange-senderadcheck:x-exchange-antispam-report-cfa-test: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=9 hrBHv0NV9wb+guZrtc3ikyVndHZxvks91S1WwbhO9 8=; b=bWQUH2FDViWtbO0JHf1gnMq4ftKTJobhhZocPcae0ivP mFC8D9wg6R1I9VELaxvEnGNIc4CA0eb8AV6h8oR7kbRuZnkVgE 47f1Rt4gx1+MCv3q+87Mt8K3Xc95aQrd4VLdXtUYsf6uhU4e1z omyeX7JkQeHZz2zozWquXSkjkS8=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 312a_19e9_0cf1ea92_0f3b_488e_afd9_26eb64419c76; Tue, 28 Aug 2018 01:26:42 -0500
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 28 Aug 2018 00:24:36 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Tue, 28 Aug 2018 00:24:36 -0600
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 28 Aug 2018 00:24:36 -0600
Received: from BN6PR16MB1425.namprd16.prod.outlook.com (10.172.207.19) by BN6PR16MB1553.namprd16.prod.outlook.com (10.172.208.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1080.17; Tue, 28 Aug 2018 06:24:35 +0000
Received: from BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::70b9:d1c3:ceda:596]) by BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::70b9:d1c3:ceda:596%4]) with mapi id 15.20.1080.015; Tue, 28 Aug 2018 06:24:34 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
CC: Roman Danyliw <rdd@cert.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Reminder -- WGLC on draft-ietf-dots-data-channel-18
Thread-Index: AdQ5lRo9JkRrbdnIS/SAUzNM1s+KCwCTwVmAACdJ1FAAZB1pAAAhcpZw
Date: Tue, 28 Aug 2018 06:24:34 +0000
Message-ID: <BN6PR16MB14255321692C2C84629BCFCCEA0A0@BN6PR16MB1425.namprd16.prod.outlook.com>
References: <359EC4B99E040048A7131E0F4E113AFC014C432C00@marathon> <CAHbuEH5adS93RHFUvEJCBcwo+vpvgqqUR9pps++JDYN8t+OEmA@mail.gmail.com> <BN6PR16MB14258E41348EA828F980B8F6EA350@BN6PR16MB1425.namprd16.prod.outlook.com> <38FC9483-F5FF-45F6-BA30-5E75C2681031@gmail.com>
In-Reply-To: <38FC9483-F5FF-45F6-BA30-5E75C2681031@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.500.52
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR16MB1553; 6:ioaRz/QBfdywPgm/YdoPLIPgz30CKtUL259H5TWdnfanugnhZK/qaqhlnEELtSeDpC2fwDXcgV8uwgxZQKThxagS2wGVp92scW/xFYf7hkQDjMRzuoIHRPLsGUlpGISgpluyZUfZTHokUL5vgsDFQPDejd8o7tbHRKqmxJdOt/F2XDdmCei1ELHfO0rTnRIIf17FHlaoHUrtNN8hjcuXuB62LfsKHuebtRhCE1mxckppP+lJLYVZvpHsPPKdTs/Ze78y8PCgZnSdkQ8PtU/yKgRn3emy/8kt1ePGCDfALQfHGQMxkcRhAK3Zp2JV5CbFAii7h/58tFqlnqhcFU3w5JdTJhC3T4Oxub5FHwuJNMKQEeWp8j2YpEvTFor1z6ztY/okkUJwAQDE9tFT93hPHBrn+OyAjp2iCqSJuu4RK7ulkBmLQREbLKTSvveCUCuV6+TMSq5IZEFp0EDREowynw==; 5:CF65pb+yeKtSdhzFY4a2t1+AkggstuJLbgEHVbLjN8xUive8zmB1f8543ZtbU+abNvfu2W6ivBLnrinaLetsZadwW2RLBq8VyEcu6L9mqtJx7aVmHudKJdCbzOGBDY5S0zmyRpdwvObXXSh18s45hK53Ovr2qOsTqKvgzpV+E4Y=; 7:LONitjBCZi4T3IQeEXDMwmNyC2e9ghfoEavtiUd9/gIM/MRRoulkwaX3HGmGyOCbPIBJ4ET2DQlMPLkjQX/18U0d8esfVURP/Dg4Yma4WsUio74F8okPoz9pNSzZCcJQ7h8QUDYCGSKwkce6sryHg+akZa7WgJRCVA+eBs35FhpxS8AEwoc62ukfgcfgfjlGMrr1cWeVHar7/9xHi1Ir8g2du5ZOGxw5NykYamrNCcU4QrdknPQBK9qtKZzyPtKN
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 1d7e366d-e283-4a2b-e41e-08d60caeec63
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:BN6PR16MB1553;
x-ms-traffictypediagnostic: BN6PR16MB1553:
x-microsoft-antispam-prvs: <BN6PR16MB15532D271CF513112C1FA7D6EA0A0@BN6PR16MB1553.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(192374486261705)(85827821059158)(21748063052155)(123452027830198);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231311)(944501410)(52105095)(149027)(150027)(6041310)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(201708071742011)(7699016); SRVR:BN6PR16MB1553; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB1553;
x-forefront-prvs: 077884B8B5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(366004)(396003)(346002)(376002)(13464003)(12213003)(189003)(32952001)(199004)(606006)(33656002)(3846002)(86362001)(790700001)(6116002)(19609705001)(106356001)(105586002)(8936002)(26005)(186003)(7736002)(14454004)(54906003)(345774005)(72206003)(316002)(229853002)(2906002)(966005)(6246003)(102836004)(478600001)(93886005)(7696005)(99286004)(76176011)(6506007)(53546011)(74316002)(6436002)(4326008)(39060400002)(5660300001)(5250100002)(80792005)(256004)(14444005)(5024004)(6916009)(68736007)(66066001)(446003)(236005)(81156014)(81166006)(6306002)(97736004)(54896002)(55016002)(486006)(53936002)(11346002)(25786009)(8676002)(9686003)(2900100001)(476003)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB1553; H:BN6PR16MB1425.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 5cvuVXr47soCU3d9xB8mLQZwWx3Aka8uOQY3svvb442oOkgCUTEcBekSv6YSWIS6e+Gfv7SvKbAsPi88U6LRWi2LMTW7hme6uHJMhmIdKLg3TRBAwpkHuqWZRjUTuESxhm4+z0ERyY0h3ZWEX1UnW1P+J45gAAuLN5WUJnauiaPqLaj0uYOF0v04w3nVy2pOfxdmHOGqW7rZMZxc05C/tLOiHzkga29bUvTN9uBVrN3rAJER9tiJoQQ8UFeo8eIZ3kmzoAOlT8wwDt1tksKh3JqRJsf+cizRvQT2qboc4DEH1C2hiu7w25S3UVf6ivXKT570Yu6iG28FJuCSinxartGVi2SEFgdseUGF/k4BU+s=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN6PR16MB14255321692C2C84629BCFCCEA0A0BN6PR16MB1425namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d7e366d-e283-4a2b-e41e-08d60caeec63
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2018 06:24:34.8534 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB1553
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6360> : inlines <6831> : streams <1796779> : uri <2697656>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/gOcacq85Z8FyIl_vbp_Ykaj0dIo>
Subject: Re: [Dots] Reminder -- WGLC on draft-ietf-dots-data-channel-18
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2018 06:26:48 -0000

Got it, will update draft.

Cheers,
-Tiru

From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Sent: Monday, August 27, 2018 7:55 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
Cc: Roman Danyliw <rdd@cert.org>; dots@ietf.org
Subject: Re: [Dots] Reminder -- WGLC on draft-ietf-dots-data-channel-18


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi Tirumaleswar,
Sent from my mobile device

On Aug 25, 2018, at 10:56 AM, Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>> wrote:
Hi Kathleen,

Security vendors already provide feeds of malicious domain names and IP addresses to black-list traffic (e.g. block botnets) and provide reputation scores for white-listing and grey-listing for content inspection. I don’t think sharing the attacker details with the DOTS server over a secure communication channel to black-list traffic has any privacy implications.


Yes, as I had said in my review, the controls cover the consideration.  What I was suggesting is that the consideration is mentioned in terms of privacy.  This matters more in some regions (Germany) than others.  I suspect if it’s not added now, it’s likely to be requested when the draft goes through IESG review.  I’m just trying to save you time later.

Best regards,
Kathleen


Cheers,
-Tiru

From: Dots <dots-bounces@ietf.org<mailto:dots-bounces@ietf.org>> On Behalf Of Kathleen Moriarty
Sent: Saturday, August 25, 2018 1:23 AM
To: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>
Cc: dots@ietf.org<mailto:dots@ietf.org>
Subject: Re: [Dots] Reminder -- WGLC on draft-ietf-dots-data-channel-18


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
I did a quick read, sorry I didn't have time for a closer review and noticed the following:

Section 3.5:

   This

   behavior is required for topology hiding purposes but also to

   minimizing potential conflicts that may arise if overlapping

   information is used in distinct DOTS domains (e.g., private IPv4

   addresses, non globally unique aliases).
s/minimizing/minimize/

Then in the Security Considerations (Privacy)...

I don't see any explicit privacy considerations and am thinking IP address/host information of attackers could be sensitive as they often indicate compromised systems.  The compromise may extend further than the use of the system in a DDoS attack and there could also be reputation considerations.

The controls already listed are the most that can be applied considering the protocols, so thank you for that.

Best regards,
Kathleen

On Tue, Aug 21, 2018 at 6:03 PM, Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>> wrote:
Hello!

The WGLC on draft-ietf-dots-data-channel ends Tuesday, August 27.  Please provide input on the mailing list by this deadline.

Roman

> -----Original Message-----
> From: Dots [mailto:dots-bounces@ietf.org<mailto:dots-bounces@ietf.org>] On Behalf Of Roman Danyliw
> Sent: Friday, August 10, 2018 4:30 PM
> To: dots@ietf.org<mailto:dots@ietf.org>
> Subject: [Dots] WGLC on draft-ietf-dots-data-channel-18
>
> Hello!
>
> Consistent with our discussion at the Montreal meeting, we are starting a
> working group last call (WGLC) for the DOTS Data Channel draft:
>
> DOTS Data Channel Specification
> draft-ietf-dots-data-channel-18
> https://tools.ietf.org/html/draft-ietf-dots-data-channel-18
>
> Please send comments to the DOTS mailing list -- feedback on remaining
> issues or needed changes; as well as endorsements that this draft is ready.
>
> This WGLC will end on August 27, 2018.
>
> Thanks,
> Roman
>
> _______________________________________________
> Dots mailing list
> Dots@ietf.org<mailto:Dots@ietf.org>
> https://www.ietf.org/mailman/listinfo/dots

_______________________________________________
Dots mailing list
Dots@ietf.org<mailto:Dots@ietf.org>
https://www.ietf.org/mailman/listinfo/dots



--

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email