Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
H Y <yuuhei.hayashi@gmail.com> Fri, 18 February 2022 03:51 UTC
Return-Path: <yuuhei.hayashi@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBCD73A0100; Thu, 17 Feb 2022 19:51:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xT0bxOgziVpu; Thu, 17 Feb 2022 19:51:39 -0800 (PST)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C83053A010A; Thu, 17 Feb 2022 19:51:38 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id x5so13152610edd.11; Thu, 17 Feb 2022 19:51:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Yq0C8y48GGCON20Aulf+beDD+2XOqmAYeUaKjceDdnk=; b=bOsOC00hWsmoJyDSfLaLnScpwmspxXkylFQ2qH67kR0NLQ9GhVudP7D2wGSuNM06eu bHGW4IVLHoC4xSgc3SeGa9+YW/lFLciad95d2yNw34oZv3lt02pMp7NX6QLiXxaZAUDJ IbH2POjyHORiJioh1D75XnRmv82NTZc/qmyDM/nkIA+HWQsNrNIcKUsXWdhq+g11gMtb YrskwMt9zR3TkhK55Fn8RUMb73IW0KKPRnv6lduivzC8898obLeuYlAaGHvfumzH9tz0 DTtNsiWwuyQQtsLl6zzA2FXscA48+eFVypRc+oYENy5sX9wWMiGKbUAHmbh5HcUgEjNg HVyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Yq0C8y48GGCON20Aulf+beDD+2XOqmAYeUaKjceDdnk=; b=mhGTx7e/AbDACvsMe6lJNJM0Bj+jJGg9WEjoXGCa/5JDEvuCIwD6Bf0yIRq5qbRs83 qgE3fANe2Lp5F+JBWBZFfjgKKNTixWK7ibLEqfrqIcyY5m/0EY3eu51MJo+Fx/7xVNnW 0fJYbt7zE8uktH4zmxpiw19EPSZwdhni00gp3KDWXaSJOdDvZWrtFZmssI3DfvES9r+F EnFdoHoiR8qrOSry1zAw5wJFsW9N91AgSrXiO3aGiiPbLtktP0mJjDwedwzevwu/jlee b4iRq8rtalakEY5I4uYhkxnlzS6UVL8r1CrryOmfWd7yM3SJ8L/kjLOZjSdsbni948HC Eutw==
X-Gm-Message-State: AOAM531okpidoJILARliOcCXFnbeTJf8PStGsQh2QH7YFq2oPrBg01KN zEW/xoCs1IrVK9QtxlvqANGQwqSDkTAbMCpZfWmBwI7c
X-Google-Smtp-Source: ABdhPJxMt5n24kj53TZJ9nFePR0438LCLopSiu06fsrZnZGlXTU48pwiHpHKmoIBu2hbyGN7o0WEKlhZXC6NqkXOXcc=
X-Received: by 2002:aa7:c0d0:0:b0:410:d576:8808 with SMTP id j16-20020aa7c0d0000000b00410d5768808mr6119420edp.340.1645156296279; Thu, 17 Feb 2022 19:51:36 -0800 (PST)
MIME-Version: 1.0
References: <181601d81da8$0cee3a80$26caaf80$@smyslov.net> <23921_1644415165_6203C8BD_23921_233_1_787AE7BB302AE849A7480A190F8B93303548ECDA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAA8pjUPRUXSOwf-1EBA4BsDb7aYw792n59FUJFvzPYCKqNTcUg@mail.gmail.com> <CAA8pjUOrYQnJrzwcAhzmp5FMBDm__u4UomCYFDLDD7G09zNPnA@mail.gmail.com> <17353_1644562189_6206070D_17353_218_1_787AE7BB302AE849A7480A190F8B93303549155E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAA8pjUMeu0apgO6BZ0h2gq7x+KsOg0GOSH_SnznkRh1hNNuGgQ@mail.gmail.com> <CAA8pjUOV=KLgmFxqeSA5dASrT2msWyu4T9Mvi3tzqruR-uEFvQ@mail.gmail.com> <202202151526305133704@chinamobile.com> <28467_1644930140_620BA45B_28467_168_17_787AE7BB302AE849A7480A190F8B933035494261@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <202202161723559475581@chinamobile.com>
In-Reply-To: <202202161723559475581@chinamobile.com>
From: H Y <yuuhei.hayashi@gmail.com>
Date: Fri, 18 Feb 2022 12:51:26 +0900
Message-ID: <CAA8pjUPq-tGOkZ4-SttuRWQOD7pbEVfAtdKad8fgM8yQEGX7Pg@mail.gmail.com>
To: "mohamed.boucadair" <mohamed.boucadair@orange.com>, dots <dots@ietf.org>
Cc: dots-chairs <dots-chairs@ietf.org>, Valery Smyslov <valery@smyslov.net>, "draft-ietf-dots-telemetry-use-cases@ietf.org" <draft-ietf-dots-telemetry-use-cases@ietf.org>, Meiling Chen <chenmeiling@chinamobile.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/lErFZAvlPD304b-5uwSBR35jbaQ>
Subject: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Feb 2022 03:51:45 -0000
Hi Med, All I submitted the latest version 08. I think all Med's comments were addressed. Comments are welcome. Thanks, Yuhei 2022年2月16日(水) 18:24 Meiling Chen <chenmeiling@chinamobile.com>: > > Hi Med, > Thank you, the remaining yuuhei will be updated on Friday. > > Best, > Meiling > > > From: mohamed.boucadair@orange.com > Date: 2022-02-15 21:02 > To: Meiling Chen; H Y; dots > CC: dots-chairs; Valery Smyslov; draft-ietf-dots-telemetry-use-cases@ietf.org > Subject: RE: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04 > > Hi Meiling, all, > > > > Thank you for these updates. > > > > It seems that the same “start-time” is used in many example. Please check that to see if more realistic examples (with distinct time starts) can be considered. > > > > The draft has some notes, e.g., “[Note: An example of total ..”. I understand that some examples are under preparation. > > > > The latest version removed some attributes such as “src_ip”, but I still see “dst-ip”. You can clarify the meaning/type of this attribute. > > > > Thank you. > > > > Cheers, > > Med > > > > De : Meiling Chen <chenmeiling@chinamobile.com> > Envoyé : mardi 15 février 2022 08:27 > À : H Y <yuuhei.hayashi@gmail.com>; BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; dots <dots@ietf.org> > Cc : dots-chairs <dots-chairs@ietf.org>; Valery Smyslov <valery@smyslov.net>; draft-ietf-dots-telemetry-use-cases@ietf.org > Objet : Re: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04 > > > > Hi all, > > Thank you for Med's comments, I have updated the draft to 07. > > > > Name: draft-ietf-dots-telemetry-use-cases > > Revision: 07 > > Title: Use Cases for DDoS Open Threat Signaling (DOTS) Telemetry > > Document date: 2022-02-15 > > Group: dots > > Pages: 27 > > URL: https://www.ietf.org/archive/id/draft-ietf-dots-telemetry-use-cases-07.txt > > Status: https://datatracker.ietf.org/doc/draft-ietf-dots-telemetry-use-cases/ > > Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-dots-telemetry-use-cases > > Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-dots-telemetry-use-cases-07 > > > > From: H Y > > Date: 2022-02-11 16:00 > > To: Mohamed Boucadair; dots@ietf.org > > CC: dots-chairs@ietf.org; Valery Smyslov; draft-ietf-dots-telemetry-use-cases@ietf.org > > Subject: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04 > > Hi Med, All, > > > > I updated the draft and submitted it as 06. > > > > >You may consider removing them but add some text to recall the attack mapping over the data channel. > > I removed the "attack-description" in signal channel but add some > > mapping in data channel. > > > > Thanks, > > Yuhei > > > > 2022年2月11日(金) 16:40 H Y <yuuhei.hayashi@gmail.com>: > > > > > > Hi Med, > > > > > > I got it. I misunderstood the way to use "attack-description". > > > > > > >You may consider removing them but add some text to recall the attack mapping over the data channel. > > > I will remove the "attack-description". > > > > > > Thanks, > > > Yuhei > > > > > > 2022年2月11日(金) 15:49 <mohamed.boucadair@orange.com>: > > > > > > > > Hi Yuhei, > > > > > > > > One quick comment about: > > > > > > > > == > > > > "attack-description": "DNS amplification Attack: This attack is a type of reflection attack in which attackers spoofes a target's IP address. The attackers abuses vulnerbilities in DNS servers to turn small queries into larger payloads." > > > > == > > > > > > > > and > > > > > > > > == > > > > "attack-description":"NTP amplification Attack: This attack is a type of reflection attack in which attackers spoofes a target's IP address. The attackers abuses vulnerbilities in NTP servers to turn small queries into larger payloads." > > > > == > > > > > > > > Please note that the telemetry spec says the following: > > > > > > > > When conveying attack details in DOTS telemetry messages (Sections > > > > 8.2, 8.3, and 9), DOTS agents MUST NOT include the 'attack- > > > > description' attribute unless the corresponding attack mapping > > > > details were not previously shared with the peer DOTS agent. > > > > > > > > So, the text should explain why "attack-description" attributes are present in the example. > > > > > > > > You may consider removing them but add some text to recall the attack mapping over the data channel. > > > > > > > > Thank you. > > > > > > > > Cheers, > > > > Med > > > > > > > > > -----Message d'origine----- > > > > > De : Dots <dots-bounces@ietf.org> De la part de H Y > > > > > Envoyé : vendredi 11 février 2022 05:16 > > > > > À : dots@ietf.org > > > > > Cc : dots-chairs@ietf.org; Valery Smyslov <valery@smyslov.net>; > > > > > BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; draft-ietf- > > > > > dots-telemetry-use-cases@ietf.org > > > > > Objet : Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04 > > > > > > > > > > Hi all, > > > > > > > > > > We modified some nits and upload as 05. We will add some description to > > > > > clarify our use cases. > > > > > > > > > > Comments are welcome. > > > > > > > > > > Thanks, > > > > > Yuhei > > > > > > > > > > 2022年2月9日(水) 23:34 H Y <yuuhei.hayashi@gmail.com>: > > > > > > > > > > > > Hi Med, > > > > > > > > > > > > Thank you for your comments and suggestions. > > > > > > > > > > > > I will revise the draft in a few days. > > > > > > > > > > > > Thanks, > > > > > > Yuhei > > > > > > > > > > > > 2022年2月9日(水) 22:59 <mohamed.boucadair@orange.com>: > > > > > > > > > > > > > > Hi Valery, all, > > > > > > > > > > > > > > I support advancing this document, but I think a revised version is > > > > > needed. > > > > > > > > > > > > > > FWIW, some comments and suggestions can be found at: > > > > > > > * pdf: > > > > > > > https://raw.githubusercontent.com/boucadair/IETF-Drafts-Reviews/mast > > > > > > > er/draft-ietf-dots-telemetry-use-cases-04-rev%20Med.pdf > > > > > > > * doc: > > > > > > > https://github.com/boucadair/IETF-Drafts-Reviews/raw/master/draft-ie > > > > > > > tf-dots-telemetry-use-cases-04-rev%20Med.doc > > > > > > > > > > > > > > Cheers, > > > > > > > Med > > > > > > > > > > > > > > > -----Message d'origine----- > > > > > > > > De : Dots <dots-bounces@ietf.org> De la part de Valery Smyslov > > > > > > > > Envoyé : mercredi 9 février 2022 12:28 À : dots@ietf.org Cc : > > > > > > > > dots-chairs@ietf.org; draft-ietf-dots-telemetry-use-cases@ietf.org > > > > > > > > Objet : [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04 > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > this message starts a two-week working group last call for > > > > > > > > draft-ietf- dots-telemetry-use-cases-04. > > > > > > > > The WGLC will end on Thursday, February 24. Please, review the > > > > > > > > draft and send your comments to the mailing list. > > > > > > > > > > > > > > > > Regards, > > > > > > > > Frank & Valery. > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > Dots mailing list > > > > > > > > Dots@ietf.org > > > > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > > > > > > > > > ____________________________________________________________________ > > > > > > > _____________________________________________________ > > > > > > > > > > > > > > Ce message et ses pieces jointes peuvent contenir des informations > > > > > > > confidentielles ou privilegiees et ne doivent donc pas etre > > > > > > > diffuses, exploites ou copies sans autorisation. Si vous avez recu > > > > > > > ce message par erreur, veuillez le signaler a l'expediteur et le > > > > > detruire ainsi que les pieces jointes. Les messages electroniques etant > > > > > susceptibles d'alteration, Orange decline toute responsabilite si ce > > > > > message a ete altere, deforme ou falsifie. Merci. > > > > > > > > > > > > > > This message and its attachments may contain confidential or > > > > > > > privileged information that may be protected by law; they should not > > > > > be distributed, used or copied without authorisation. > > > > > > > If you have received this email in error, please notify the sender > > > > > and delete this message and its attachments. > > > > > > > As emails may be altered, Orange is not liable for messages that > > > > > have been modified, changed or falsified. > > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > ---------------------------------- > > > > > > Yuuhei HAYASHI > > > > > > 08065300884 > > > > > > yuuhei.hayashi@gmail.com > > > > > > iehuuy_0220@docomo.ne.jp > > > > > > ---------------------------------- > > > > > > > > > > > > > > > > > > > > -- > > > > > ---------------------------------- > > > > > Yuuhei HAYASHI > > > > > 08065300884 > > > > > yuuhei.hayashi@gmail.com > > > > > iehuuy_0220@docomo.ne.jp > > > > > ---------------------------------- > > > > > > > > _________________________________________________________________________________________________________________________ > > > > > > > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > > > > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > > > > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > > > > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > > > > > > > This message and its attachments may contain confidential or privileged information that may be protected by law; > > > > they should not be distributed, used or copied without authorisation. > > > > If you have received this email in error, please notify the sender and delete this message and its attachments. > > > > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > > > > Thank you. > > > > > > > > > > > > > -- > > > ---------------------------------- > > > Yuuhei HAYASHI > > > 08065300884 > > > yuuhei.hayashi@gmail.com > > > iehuuy_0220@docomo.ne.jp > > > ---------------------------------- > > > > > > > > -- > > ---------------------------------- > > Yuuhei HAYASHI > > 08065300884 > > yuuhei.hayashi@gmail.com > > iehuuy_0220@docomo.ne.jp > > ---------------------------------- > > > > > > _______________________________________________ > > Dots mailing list > > Dots@ietf.org > > https://www.ietf.org/mailman/listinfo/dots > > _________________________________________________________________________________________________________________________ > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. -- ---------------------------------- Yuuhei HAYASHI 08065300884 yuuhei.hayashi@gmail.com iehuuy_0220@docomo.ne.jp ----------------------------------
- [Dots] WGLC for draft-ietf-dots-telemetry-use-cas… Valery Smyslov
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… Meiling Chen
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… Meiling Chen
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… H Y
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… mohamed.boucadair
- Re: [Dots] WGLC for draft-ietf-dots-telemetry-use… Valery Smyslov