Re: [Dots] clarification questions from the hackathon
<mohamed.boucadair@orange.com> Mon, 01 April 2019 07:04 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA8CE120046 for <dots@ietfa.amsl.com>; Mon, 1 Apr 2019 00:04:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HvlnI92LC7x3 for <dots@ietfa.amsl.com>; Mon, 1 Apr 2019 00:04:27 -0700 (PDT)
Received: from orange.com (mta134.mail.business.static.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E908E12003F for <dots@ietf.org>; Mon, 1 Apr 2019 00:04:26 -0700 (PDT)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr24.francetelecom.fr (ESMTP service) with ESMTP id 44Xjy108Cyz1y3y; Mon, 1 Apr 2019 09:04:25 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.60]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 44Xjy06JqSzDq7R; Mon, 1 Apr 2019 09:04:24 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM5D.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0439.000; Mon, 1 Apr 2019 09:04:24 +0200
From: mohamed.boucadair@orange.com
To: kaname nishizuka <kaname@nttv6.jp>, Jon Shallow <supjps-ietf@jpshallow.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] clarification questions from the hackathon
Thread-Index: AQHU5g4BCfVXhciSq0+ZqKxGOtsoYqYm5Qkg
Date: Mon, 01 Apr 2019 07:04:24 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA5055F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <108a01d4e588$72f886b0$58e99410$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93302EA4F27E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <1519e976-9b67-ca8e-d3d4-eb22727f0ddd@nttv6.jp>
In-Reply-To: <1519e976-9b67-ca8e-d3d4-eb22727f0ddd@nttv6.jp>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/ihzB0a_ZbRmt3WDc5A5bh_qxTNA>
Subject: Re: [Dots] clarification questions from the hackathon
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2019 07:04:29 -0000
Hi Kaname, Please see inline. Cheers, Med > -----Message d'origine----- > De : kaname nishizuka [mailto:kaname@nttv6.jp] > Envoyé : vendredi 29 mars 2019 10:02 > À : BOUCADAIR Mohamed TGI/OLN; Jon Shallow; dots@ietf.org > Objet : Re: [Dots] clarification questions from the hackathon > > Hi, > > please see inline. > > regards, > Kaname > > On 2019/03/29 4:28, mohamed.boucadair@orange.com wrote: > > Re-, > > > > Please see inline. > > > > Cheers, > > Med > > > >> -----Message d'origine----- > >> De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] > >> Envoyé : jeudi 28 mars 2019 18:05 > >> À : BOUCADAIR Mohamed TGI/OLN; kaname nishizuka; dots@ietf.org > >> Objet : RE: [Dots] clarification questions from the hackathon > >> > >> Hi All, > >> > >> See inline > >> > >> Regards > >> > >> Jon > >> > >>> -----Original Message----- > >>> From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of ietf- > >>> supjps-mohamed.boucadair@orange.com > >>> Sent: 28 March 2019 13:39 > >>> To: kaname nishizuka; dots@ietf.org > >>> Subject: Re: [Dots] clarification questions from the hackathon > >>> > >>> Re-, > >>> > >>> Please see inline. > >>> > >>> Cheers, > >>> Med > >>> > >>>> -----Message d'origine----- > >>>> De : Dots [mailto:dots-bounces@ietf.org] De la part de kaname nishizuka > >>>> Envoyé : jeudi 28 mars 2019 11:38 > >>>> À : dots@ietf.org > >>>> Objet : [Dots] clarification questions from the hackathon > >>>> > >>>> Hi, > >>>> > >>>> I'd like to continue discussion of these topics in the ML. > >>>> > >>>> #1: Questions about signal-control-filtering > >>>> 1. Should a mitigation request create a mitigation before doing a PUT > + > >>>> acl-list [{acl-name, activation-type}] against the active mitigation, or > >> is a > >>>> ‘PUT + acl-list [{acl-name, activation-type}]’ allowed to create a new > >>>> mitigation? > >>> [Med] Both are currently allowed in the draft. I don't still a valid > reason > >> to > >>> restrict this. > >> [Jon] As per draft > >> A DOTS client MUST NOT use the filtering control over DOTS signal > >> channel if no attack (mitigation) is active; > >> > > [Med] What is meant actually is: > > > > A DOTS client MUST NOT use the filtering control over DOTS signal > > channel in 'idle' time; > > > > Will update the text. > > > [kaname] > in order to make what I and Jon raised clearer, > > A DOTS client MUST NOT use the filtering control over DOTS signal > channel in 'idle' time. > If a mitigation request which includes both valid mitigation scope and > acl-* > for the first time in idle time, it should be treated as it's already in > attack time. > > Or, simply I'm wondering if it is possible to drop the sentence because acl-* > is always accompany with a mitigation scope so there is no way to enable it > by itself in idle time? > [Med] I prefer to leave the sentence because it was added to address a comment from Franck. He was concerned with the use of the feature when no attack is ongoing. That text does make that clear. I updated it as follows: A DOTS client MUST NOT use the filtering control over DOTS signal channel in 'idle' time; such requests MUST be discarded by the DOTS server with 4.00 (Bad Request). By default, ACL-related operations are achieved using the DOTS data channel [I-D.ietf-dots-data-channel] when no attack is ongoing.
- [Dots] clarification questions from the hackathon kaname nishizuka
- Re: [Dots] clarification questions from the hacka… Olli Vanhoja
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… Jon Shallow
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… Jon Shallow
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… kaname nishizuka
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… Jon Shallow
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair