Re: [Dots] Opsdir last call review of draft-ietf-dots-requirements-16
"Scott O. Bradner" <sob@sobco.com> Mon, 26 November 2018 12:07 UTC
Return-Path: <sob@sobco.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF62130DC4; Mon, 26 Nov 2018 04:07:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level:
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mx6whFcS-DtC; Mon, 26 Nov 2018 04:07:08 -0800 (PST)
Received: from sobco.sobco.com (unknown [136.248.127.164]) by ietfa.amsl.com (Postfix) with ESMTP id ADB55124BAA; Mon, 26 Nov 2018 04:07:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by sobco.sobco.com (Postfix) with ESMTP id AFAE41CAB9B; Mon, 26 Nov 2018 07:07:07 -0500 (EST)
X-Virus-Scanned: amavisd-new at sobco.com
Received: from sobco.sobco.com ([127.0.0.1]) by localhost (sobco.sobco.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fIH6hv0n-h8I; Mon, 26 Nov 2018 07:07:03 -0500 (EST)
Received: from golem.sobco.com (golem.sobco.com [136.248.127.162]) by sobco.sobco.com (Postfix) with ESMTPSA id 551A61CAB6F; Mon, 26 Nov 2018 07:07:03 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: "Scott O. Bradner" <sob@sobco.com>
In-Reply-To: <BN6PR16MB1425F8CDE752A19B8B4AD7F8EAD70@BN6PR16MB1425.namprd16.prod.outlook.com>
Date: Mon, 26 Nov 2018 07:07:02 -0500
Cc: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>, "draft-ietf-dots-requirements.all@ietf.org" <draft-ietf-dots-requirements.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <93A37792-FE94-409A-8E20-562971E4CBAF@sobco.com>
References: <154309157569.4300.10419245253211850237@ietfa.amsl.com> <BN6PR16MB1425E843797A597B75D14A38EAD70@BN6PR16MB1425.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302E04D374@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <BN6PR16MB1425F8CDE752A19B8B4AD7F8EAD70@BN6PR16MB1425.namprd16.prod.outlook.com>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/jeC6ar7HDBvb80B1SJpLdKByUEc>
Subject: Re: [Dots] Opsdir last call review of draft-ietf-dots-requirements-16
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 12:07:11 -0000
and for me Scott > On Nov 26, 2018, at 5:11 AM, Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com> wrote: > >> -----Original Message----- >> From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com> >> Sent: Monday, November 26, 2018 1:02 PM >> To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>; >> Scott Bradner <sob@sobco.com>; ops-dir@ietf.org >> Cc: draft-ietf-dots-requirements.all@ietf.org; ietf@ietf.org; dots@ietf.org >> Subject: RE: Opsdir last call review of draft-ietf-dots-requirements-16 >> >> This email originated from outside of the organization. Do not click links or >> open attachments unless you recognize the sender and know the content is safe. >> >> Hi Tiru, all, >> >> Please see inline. >> >> Cheers, >> Med >> >>> -----Message d'origine----- >>> De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda, >>> Tirumaleswar Reddy Envoyé : lundi 26 novembre 2018 06:16 À : Scott >>> Bradner; ops-dir@ietf.org Cc : >>> draft-ietf-dots-requirements.all@ietf.org; ietf@ietf.org; >>> dots@ietf.org Objet : Re: [Dots] Opsdir last call review of >>> draft-ietf-dots-requirements-16 >>> >>> Hi Scott, >>> >>> Thanks for the review, Please see inline >>> >>>> -----Original Message----- >>>> From: Scott Bradner <sob@sobco.com> >>>> Sent: Sunday, November 25, 2018 2:03 AM >>>> To: ops-dir@ietf.org >>>> Cc: draft-ietf-dots-requirements.all@ietf.org; ietf@ietf.org; >>>> dots@ietf.org >>>> Subject: Opsdir last call review of draft-ietf-dots-requirements-16 >>>> >>>> This email originated from outside of the organization. Do not click >>>> links >>> or >>>> open attachments unless you recognize the sender and know the >>>> content is >>> safe. >>>> >>>> Reviewer: Scott Bradner >>>> Review result: Has Nits >>>> >>>> This is an OPS-DIR review of Distributed Denial of Service (DDoS) >>>> Open >>> Threat >>>> Signaling Requirements (draft-ietf-dots-requirements) >>>> >>>> This document lists requirements for a protocol to used between >>>> providers >>> of >>>> DDOS mitigation services and users of such services, as such there >>>> can be >>> no >>>> direct operational issues with the document. I also did not find >>>> any >>> indirect >>>> operational issues. >>>> >>>> I think the document would benefit from the addition of a section >>>> before >>> the >>>> requirements section that specifically describes the setup assumed >>>> by the document. The descriptions before there hint at a presumed >>>> setup but a new section that clearly states the setup would be >>>> helpful. (the setup appears >>> to be >>>> one where all network traffic to and from a protected entity flows >>>> through >>> a >>>> DDoS mitigation service provider. The provider includes one or more >>>> DOTS servers. The protected entity includes one or more DOTS >>>> clients that communicate with the DOTS servers) >>> >>> The requirements drafts refers to the DOTS architecture draft that >>> discusses the architectural relationships, components and concepts >>> used in a DOTS deployment. >>> >>>> >>>> Requirement SIG-005 addresses channel redirection – maybe there >>>> needs to be a way that clients can move to a new server on their own >>>> if they lose >>> hearbeat >>>> from the server they were using – that might include a way for a >>>> server to provide a list of alternative servers to the clients >>> >>> We can update SIG-004 requirement to say the following: >>> >>> The DOTS client may be provided with a list of DOTS servers. >> >> [Med] IMHO given that the requirements I-D points to the architecture I-D, we >> don't need to be redundant: >> >> The DOTS client may be provided with a list of DOTS servers, each >> associated with one or more IP addresses. These addresses may or may >> not be of the same address family. The DOTS client establishes one >> or more sessions by connecting to the provided DOTS server addresses. >> >> But, of course it is not harmful to restate it if it helps the reader. >> >> If the DOTS >>> client considers the signal channel is defunct due to the extended >>> absence of DOTS server heartbeat, the DOTS client can establish a new >>> DOTS signal channel with the other DOTS servers in the list. >>> >> >> [Med] Some comments here: >> * I would not mix server selection/server migration with server redirection. >> That is, the proposed text is to be placed somewhere else in the I-D, not under >> SIG-004. >> * I would not describe the behavior (e.g., if xxx, establish a new session) in the >> Requirements I-D, but focus on the expected functionality if we really need to >> say something. >> * A DOTS client provisioned with multiple dots server may already have other >> sessions established. How those sessions are established is policy-based. >> * Establishing a new session should be carefully considered to avoid, e.g., >> leaking information among servers not belonging to the same domain or >> oscillate between servers. >> >> We can include a generic text such as the following: >> >> "Additional means to enhance the resilience of DOTS protocols, including >> when multiple DOTS servers are provisioned to the DOTS clients, SHOULD be >> considered." > > Works for me. > > -Tiru > >> >> >>> -Tiru >>> >>>> >>> >>> _______________________________________________ >>> Dots mailing list >>> Dots@ietf.org >>> https://www.ietf.org/mailman/listinfo/dots
- [Dots] Opsdir last call review of draft-ietf-dots… Scott Bradner
- Re: [Dots] Opsdir last call review of draft-ietf-… Benjamin Kaduk
- Re: [Dots] Opsdir last call review of draft-ietf-… Konda, Tirumaleswar Reddy
- Re: [Dots] Opsdir last call review of draft-ietf-… mohamed.boucadair
- Re: [Dots] Opsdir last call review of draft-ietf-… Konda, Tirumaleswar Reddy
- Re: [Dots] Opsdir last call review of draft-ietf-… Scott O. Bradner