Re: [Dots] AD review of draft-ietf-dots-data-channel-25

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 15 February 2019 11:06 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A95B130F84; Fri, 15 Feb 2019 03:06:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2diJmB3KyNH3; Fri, 15 Feb 2019 03:06:38 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B23E130FA2; Fri, 15 Feb 2019 03:06:38 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1550228690; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-exchange-diagnostics:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=Q4M/Iv1Awip/5yfZljcOZK0+55kimu1nhOTIy1 GnfEk=; b=H5qjkdEku+ijGpvIx368Dnzv9+AlfeoqBv6r+2y6 XJoTILBB16769OcnYpI5P5HAa+wld3rrHUwi4+u78vs0MjW3Gi Wn012nYKHvNwZB3dXVIyWGPI+G1hzt2xtPj6BxG+V/e5qm0GFn k1RYg7Hkf7oUhVZPHFMAVP4wehordwg=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 530d_7877_d48c8805_08b7_4046_8c09_40568a9be5e8; Fri, 15 Feb 2019 04:04:50 -0700
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 15 Feb 2019 04:06:19 -0700
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Fri, 15 Feb 2019 04:06:19 -0700
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 15 Feb 2019 04:06:18 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2423.namprd16.prod.outlook.com (20.177.225.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1622.19; Fri, 15 Feb 2019 11:06:17 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a92f:410f:4068:d183]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a92f:410f:4068:d183%5]) with mapi id 15.20.1622.016; Fri, 15 Feb 2019 11:06:17 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: "dots@ietf.org" <dots@ietf.org>, "draft-ietf-dots-data-channel@ietf.org" <draft-ietf-dots-data-channel@ietf.org>
Thread-Topic: AD review of draft-ietf-dots-data-channel-25
Thread-Index: AQHUxRIUo475NEhnvke5Q68IH00fwKXgsiOQ
Date: Fri, 15 Feb 2019 11:06:17 +0000
Message-ID: <BYAPR16MB279099DF23F40CF46280EEE2EA600@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <20190213164622.GX56447@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA1F03D@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190214191707.GM56447@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA1FCF6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA1FCF6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0f788349-1341-4b4b-7d17-08d693359c03
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2423;
x-ms-traffictypediagnostic: BYAPR16MB2423:
x-microsoft-exchange-diagnostics: 1;BYAPR16MB2423;23:fKnXSbogtescpmMKImKrPofI2e7NWaeM1ATGGCksS6g0xVlUzS/FpORjAFjSxZ+BJPrcXRRWj7QmcUPj5Nr+FqoL6d1zyrWQyGuklFDMZcI8nPLBRh3UbZEqc53nb3HUPjMnwCWiTdvPrkTSjl3rozIApAOUh4Ec5D1I0BuOtXEOrb5AUznG+No+a4Zb91x3ZKyGzkRII0jeVViIZ3ovzFNk3jKbSRCCclCjEoMDRf0v0Op3qAiG7/9oKO1dHFcZyztwUeq7tXeEw8tA8O6Tx2t46Otj38fURbKCHtnH44EDZDdBlcCk1EV9wzaSkAV0Mbn4f1KbsqqsJwbvKYcK+TkXSUXq8GikVVxMaI4dHOa8dkUZdTBu08l6AjmW35nMSNW+R/vcAgxGy/MuvMmjMDoE6wHV+aMLzRNpvHlkZ/c8IbojhDcdHJ6FhQD2xLfrSpuv79KaNEowOWiip6OMaC1jGKhdFAlpem3rMcPxBT1PV10FdWCpzYSgFTw3OW53LvS4kgeBSbM7Ao5Sk6ZIcz9OytB2dqU4zS99BuLsAUx0Tk8Z4FXtKep+Zhukfs6V+CO84nw+VoBW8Z83jpFSSoTzYQEGnX45C/aP8pF6Qtqa27+9aL2k7QhANb6q6GlKlsDTAKinkTs42KBQKO5jSXDQNfg+omdJkSgsMkiPQrL6Qd01aAtrUmEaYxUnRaNS0wjUkPofz59b/GNmB/HYul75Q8J+IRkv9ygU7Bm+L7zRemyEs+ZxRHtHi8RLEUHGVACv2qxoi8kb0nKR5TlDWPmV1Hnt4B5eFrAn93sRLdKkxV0XndUfR2USu0MaUiC7r9qiyi/PFSUqMz2k8zd9Xbm2EpdOdtBe2I7B93f369tI1gNhmzEUsLQJBfLcPMNBGTAaRlZTJxSbPqd7Kv6zBC3P2cpwTjgayPmMBKoxWJKuLLCxT76bnKWCEfUQBUNVmhwPCPA1KjIn58/rjbhnSr/ePsBKRgQpHeWB6HJdGfnHfHrC3dHZrOQkEzIaDlpRgGPTdacj91OePmSIwTzRiDQKbprYjHoO8hShJb9EniAjWTOCV4wqqvxVNu1oNbiT1BYCyRUYQxuqhsiRwQDntd45tgIGBBmkYGcOHgGvt/pCiGTJkUoSAqtdERzoUH7TsdkHlSEAQJ8jyneJlM85EHAn57MygY8DSHhB9UzwEq41DXHoA4DfgmPlw2ZkYSFfngD7ubTqlexIgak5w5DgmL3nGlN8vyrNWVd5420HLqVoo2ARXHeQUO/w/wsLMIhH3597YhjXd/BApke++m2JqoHNTX58Rw/SMQhptSsBr1upHAQc3pE1Nw2folv7jTQu
x-microsoft-antispam-prvs: <BYAPR16MB24239EF615C70F6D4D884544EA600@BYAPR16MB2423.namprd16.prod.outlook.com>
x-forefront-prvs: 09497C15EB
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39860400002)(396003)(376002)(346002)(136003)(189003)(199004)(32952001)(93886005)(11346002)(486006)(2171002)(106356001)(4326008)(25786009)(6246003)(66066001)(14444005)(256004)(53936002)(80792005)(86362001)(72206003)(478600001)(55016002)(97736004)(6436002)(229853002)(14454004)(9686003)(68736007)(316002)(305945005)(7736002)(8936002)(99286004)(186003)(2501003)(74316002)(8676002)(54906003)(26005)(81156014)(110136005)(2906002)(102836004)(105586002)(7696005)(81166006)(33656002)(71200400001)(71190400001)(76176011)(446003)(6506007)(476003)(6116002)(3846002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2423; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: ZHs5FiSBO6adkxXjTJbOoBgynhxwdtNBr4ptq6GfAlGVhvU5Mumq30Zv+Q9Q5tXHZt7szvgTtBlJFd9G/nfzhu5NcMpqColef/eCKarI6FVCXYAbX7cU4iB/fCoBqQa8joc7/Rvt3Lp4ha17p4dn+gc1rXgzsjdPkEwnGOjSaCBrgfLhjpsZ8/ViL1Rzx8juDDQxmr9cNY+g6ZF8z9fosirqM1DqhTNNh2jIVcK7n1w/BGTB+QRKtXDe0Wv4/Lye1Mq+YRhnOS3M2rXXyWBSXyd8PXsDJ7s369sAmBXt6vNKBfl/45J5eKnD62LTHL3c+QqoldAHOooQbN05i5DKpz0lgvhPU8qnEMom9K8RtEHCAGEDDAnSxHNASdAY1bg9w2+0GK5hXn6njgFiYV69OcLrRuAsYd+ZSLpLtSMxYRE=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f788349-1341-4b4b-7d17-08d693359c03
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Feb 2019 11:06:17.8036 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2423
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6484> : inlines <7018> : streams <1813101> : uri <2796702>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/nQaUP7Qo0g-0sTBSoz1ypDNdftY>
Subject: Re: [Dots] AD review of draft-ietf-dots-data-channel-25
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 11:06:41 -0000

I am catching up with the discussion, couple of points:

1)
      *  If a network resource (DOTS client) detects a potential DDoS
         attack from a set of IP addresses, the DOTS client informs its
         servicing DOTS gateway of all suspect IP addresses that need to
         be drop- or accept-listed for further investigation.

Comment> I don't see why suspect IP addresses will be accept-listed ?
                    We may want to remove "or accept-listed" from the above line.

[Med] The dots client will know if its request is successfully delivered. When an attack is ongoing, the dots client should not use it data channel because it is likely to be perturbed.   

Comment> If the HTTP response from the server did not reach the client because of a volumetric attack saturating the incoming the link, the DOTS client will not know
whether the configuration is successfully updated or not. After the attack is mitigated, the client will have to re-establish the TLS session and retrieve
the configuration to check if its last request was successfully applied or not before updating the configuration.

Cheers,
-Tiru