Re: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 07 February 2020 10:49 UTC
Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54EED12084D for <dots@ietfa.amsl.com>; Fri, 7 Feb 2020 02:49:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCtyKsHnKstq for <dots@ietfa.amsl.com>; Fri, 7 Feb 2020 02:49:29 -0800 (PST)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [63.128.21.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 691FF120838 for <dots@ietf.org>; Fri, 7 Feb 2020 02:49:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1581072568; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=g4jG8FOKosu99IGvB21vIMu8cz2EG8DuCQevd7N0m4o=; b=ek1qtHqG5u/U47vwx5049YST9a8UFujqd+/eYaez70wRnWEpjfxSMbGIhCHyQHwh1jCV+5 IquLV1F6aoYQ1k3BLda6zYQTbNGOZ8SfQ+f/5RLxh22/7YErAupIqomf9Zr3jggk+2Kbah wy337MFt+ARpb8YOB0jnT7UnBcwPf58=
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2169.outbound.protection.outlook.com [104.47.58.169]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-18-DjkXwhBzMV68OBCErikxBQ-1; Fri, 07 Feb 2020 05:49:26 -0500
Received: from CY4PR1601MB1254.namprd16.prod.outlook.com (10.172.118.12) by CY4PR1601MB1141.namprd16.prod.outlook.com (10.172.117.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.21; Fri, 7 Feb 2020 10:49:25 +0000
Received: from CY4PR1601MB1254.namprd16.prod.outlook.com ([fe80::e851:20e8:57bd:fedd]) by CY4PR1601MB1254.namprd16.prod.outlook.com ([fe80::e851:20e8:57bd:fedd%12]) with mapi id 15.20.2707.024; Fri, 7 Feb 2020 10:49:25 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Jon Shallow <supjps-ietf@jpshallow.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt
Thread-Index: AQHV2EX1YQ9eUkWY2E+gQ7j9EgylIKgE4pYAgARXvICAAvfD0IAA4c4AgACrzQCAAdgt8A==
Date: Fri, 07 Feb 2020 10:49:25 +0000
Message-ID: <CY4PR1601MB1254D964B289DE4C418D983AEA1C0@CY4PR1601MB1254.namprd16.prod.outlook.com>
References: <158048229416.21195.16114328651657501634@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93303141473A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B933031414F55@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CY4PR1601MB125427847C0E00EC33BD4520EA020@CY4PR1601MB1254.namprd16.prod.outlook.com> <0a3001d5dc62$37f49820$a7ddc860$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93303142D65C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93303142D65C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.4.0.45
dlp-reaction: no-action
x-originating-ip: [49.37.206.28]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0d73fa0b-9028-45dc-5d9f-08d7abbb65eb
x-ms-traffictypediagnostic: CY4PR1601MB1141:
x-microsoft-antispam-prvs: <CY4PR1601MB1141A1DDE367F85F9DFD9C6BEA1C0@CY4PR1601MB1141.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0306EE2ED4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(346002)(376002)(136003)(366004)(199004)(189003)(32952001)(8676002)(81156014)(81166006)(66574012)(71200400001)(86362001)(52536014)(8936002)(33656002)(110136005)(316002)(66946007)(76116006)(9686003)(66476007)(64756008)(66446008)(26005)(66556008)(478600001)(5660300002)(186003)(6506007)(55016002)(53546011)(2906002)(7696005)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR1601MB1141; H:CY4PR1601MB1254.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Tuko8gvv50eQ48l1Bl+Ou7zPLvaEXLECOFnkor3iN+Glor0Mv3OeYY/BvXs96B8nY5Yl+Vl99mndIWo/uHd+y5/l4qePvxr0Y8kUAZHRS2MIivuf21xyMiUmWCY+KSfUyRrDfywtxsotbH2bTiRzVn0wabMOXPH74efokxryVSi41TtZFccWNld1ogjNfWzgNenS+81+mBgRy9o16b4ifykRG2VOo6V009aUsyFud5bqZBnUbyTI5SUfLigYihwnujNW7v55LwIGn7aykbGvmAExaqGfhO5KqUBw2PPNLgYBjA+7eNipP7ZBOA+BSXQeP2basBD65xVc+DUIv46c2FTyjHW+YubvFHXQfBzG03QHQIn9vonirDc3W/4Hw/bMDIkhuQQxn+IYeoo6yun2lv/5WJIMw/Jc9ZMw7eX11VdOB/wC/nPWuCeWG7VMwruWRw8jE4Uzh5OliAHgvZ2mracD3jm6+eGZiI4bWAeppml7ljayv9mv1BP8fU4s9vAUeoMMvS+onVJBi2qFGyxfPA==
x-ms-exchange-antispam-messagedata: yj//R4BaM0QEDnfuF44sw+FEVTCdqF27WAXQE4tzzWQmJHTmh2hibuB8H4vIhS5S3rv0t4HZzTqsqZ0Vh5tlsCGLhdgjzkZWewUPMF3dpoWUnol4ZOxqpsjsyYcrnxqESMRcFhFknVXyt/xW8+N46w==
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: mcafee.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0d73fa0b-9028-45dc-5d9f-08d7abbb65eb
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2020 10:49:25.2242 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: RUjK5HTZafIJIP01VEncHE0BmnTK+CRGHmouDNXA57k3tN93m0hEbjKc0qfaDwD94rzX2O7dbuPz8qqz+cJrjHKGmRva5D+9GZnfbYGYQjjk9Bf1LV+1X3048wIzf4aN
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1601MB1141
X-MC-Unique: DjkXwhBzMV68OBCErikxBQ-1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: mcafee.com
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/lSc6JNXiQfdi8CUgDRB8K-gL4Uo>
Subject: Re: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 10:49:32 -0000
> -----Original Message----- > From: mohamed.boucadair@orange.com > <mohamed.boucadair@orange.com> > Sent: Thursday, February 6, 2020 12:09 PM > To: Jon Shallow <supjps-ietf@jpshallow.com>; Konda, Tirumaleswar Reddy > <TirumaleswarReddy_Konda@McAfee.com>; dots@ietf.org > Subject: RE: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt > > CAUTION: External email. Do not click links or open attachments unless you > recognize the sender and know the content is safe. > > Hi Jon, all, > > Please see inline. > > Cheers, > Med > > > -----Message d'origine----- > > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] > > Envoyé : mercredi 5 février 2020 21:24 À : 'Konda, Tirumaleswar > > Reddy'; BOUCADAIR Mohamed TGI/OLN; dots@ietf.org Objet : RE: [Dots] > > I-D Action: draft-ietf-dots-telemetry-01.txt > > > > See inline > > > > Regards > > > > Jon > > > ... > > > > > > > > (1) key value range for telemetry: Jon raised this point "These > > keys > > > requires 3 > > > > bytes - and telemetry information is going to be difficult to fit > > into a > > > packet. I > > > > appreciate that comprehension-required Is for numbers less than > > 0x8000 - > > > > perhaps the comprehension-required range is reduced and also has a > > > section > > > > higher up so the total of 0x8000 still stands so less bytes can be > > used > > > here." > > > > > > > > +----------------------+-------+-------+------------+---------- > > -----+ > > > > | Parameter Name | CBOR | CBOR | Change | > > Specification | > > > > | | Key | Major | Controller | > > Document(s) | > > > > | | Value | Type | | > > | > > > > +----------------------+-------+-------+------------+---------- > > -----+ > > > > | ietf-dots-signal-cha | 32776 | 5 | IESG | > > [RFCXXXX] | > > > > | nnel:telemetry | | | | > > | > > > > > > > > Med: This is a major one. We need to assess the gain, but it is > > possible > > in > > > > theory to update our assignment policies and reassign, e.g., 128- > > 255 > > range > > > to > > > > be comprehension-optional (specific for telemetry). This would > > mean that > > > > the telemetry spec will be tagged as updating the base signal > > channel > > > spec. > > > > We need more discussion. > > > > > > Why not change the DOTS telemetry attributes to comprehension- > > required > > > ? > > [Med] Telemetry attributes are not mandatory for the signal channel to > function. A signal channel message enriched with telemetry data should not > exacerbate message failure. > > > > If the server does not understand the DOTS telemetry attributes, it > > will > > > respond with 4.00 error response, and the client can re-send the > > request > > > without the DOTS telemetry attributes. > > > > Jon> Telemetry is also gated by a different sets of Path-URIs. > > [Med] Except when telemetry is also included in an update during a > mitigation (S-C or S-C). What I have for this one in my local copy is as follows: > > In order to make use of this feature, DOTS clients MUST establish a > telemetry setup session with the DOTS server in 'idle' time and MUST > set the 'server-originated-telemetry' attribute to 'true'. > > DOTS servers MUST NOT include telemetry attributes in mitigation > status updates sent to DOTS clients for which 'server-originated- > telemetry' attribute is set to 'false'. > > > However, > > source-prefix attribute comes from draft-ietf-dots-signal-call-home > > and also occupies 3 bytes - do we change the source-prefix CBOR Key > > type to comprehension-required? > > > > [Med] Including a source prefix in a signal channel message while not > supported by the server must not lead to an error. That attribute cannot be > set a comprehension-required. I suggest we don't touch that part. Works for me. -Tiru
- [Dots] I-D Action: draft-ietf-dots-telemetry-01.t… internet-drafts
- Re: [Dots] I-D Action: draft-ietf-dots-telemetry-… mohamed.boucadair
- Re: [Dots] I-D Action: draft-ietf-dots-telemetry-… mohamed.boucadair
- Re: [Dots] I-D Action: draft-ietf-dots-telemetry-… Konda, Tirumaleswar Reddy
- Re: [Dots] I-D Action: draft-ietf-dots-telemetry-… Jon Shallow
- Re: [Dots] I-D Action: draft-ietf-dots-telemetry-… mohamed.boucadair
- Re: [Dots] I-D Action: draft-ietf-dots-telemetry-… Konda, Tirumaleswar Reddy