Re: [Dots] clarification questions from the hackathon
kaname nishizuka <kaname@nttv6.jp> Fri, 29 March 2019 09:01 UTC
Return-Path: <kaname@nttv6.jp>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD713120026 for <dots@ietfa.amsl.com>; Fri, 29 Mar 2019 02:01:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nttv6.jp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ARK-bps6XOKz for <dots@ietfa.amsl.com>; Fri, 29 Mar 2019 02:01:37 -0700 (PDT)
Received: from guri.nttv6.jp (guri.nttv6.jp [115.69.228.140]) by ietfa.amsl.com (Postfix) with ESMTP id 594EF12015F for <dots@ietf.org>; Fri, 29 Mar 2019 02:01:37 -0700 (PDT)
Received: from z.nttv6.jp (z.nttv6.jp [IPv6:2402:c800:ff06:6::f]) by guri.nttv6.jp (NTTv6MTA) with ESMTP id D8F3425F6A1; Fri, 29 Mar 2019 18:01:35 +0900 (JST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nttv6.jp; s=20180820; t=1553850096; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Wo4nDp7XcOpLeRsAt/NSXyubFOynfLAvSgf/gppKqkY=; b=WaaTrOGmKhLZnN5GCOg4K5yYUNzE0vFi/HNIYBQ+CRuv4Fbc2Qj+p8/TJHKr0duG4/WjFM mINxSVXci9pXj0L8sKOM4wjefoAD2U+/xe2L5VVg9/flkO43rSI4VWMgZQ1C46wlUkSgxm 86He/32GIRG2eifht2mzj/0a8TR4vR4=
Received: from dhcp-8181.meeting.ietf.org (fujiko.nttv6.jp [IPv6:2402:c800:ff06:136::141]) by z.nttv6.jp (NTTv6MTA) with ESMTP id 542CE763373; Fri, 29 Mar 2019 18:01:34 +0900 (JST)
To: mohamed.boucadair@orange.com, Jon Shallow <supjps-ietf@jpshallow.com>, "dots@ietf.org" <dots@ietf.org>
References: <108a01d4e588$72f886b0$58e99410$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93302EA4F27E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: kaname nishizuka <kaname@nttv6.jp>
Message-ID: <1519e976-9b67-ca8e-d3d4-eb22727f0ddd@nttv6.jp>
Date: Fri, 29 Mar 2019 18:01:33 +0900
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA4F27E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Authentication-Results: guri.nttv6.jp; spf=pass smtp.mailfrom=kaname@nttv6.jp
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/nyrZxLNH2HQvocwJjnVTgL3OGow>
Subject: Re: [Dots] clarification questions from the hackathon
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2019 09:01:41 -0000
Hi, please see inline. regards, Kaname On 2019/03/29 4:28, mohamed.boucadair@orange.com wrote: > Re-, > > Please see inline. > > Cheers, > Med > >> -----Message d'origine----- >> De : Jon Shallow [mailto:supjps-ietf@jpshallow.com] >> Envoyé : jeudi 28 mars 2019 18:05 >> À : BOUCADAIR Mohamed TGI/OLN; kaname nishizuka; dots@ietf.org >> Objet : RE: [Dots] clarification questions from the hackathon >> >> Hi All, >> >> See inline >> >> Regards >> >> Jon >> >>> -----Original Message----- >>> From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of ietf- >>> supjps-mohamed.boucadair@orange.com >>> Sent: 28 March 2019 13:39 >>> To: kaname nishizuka; dots@ietf.org >>> Subject: Re: [Dots] clarification questions from the hackathon >>> >>> Re-, >>> >>> Please see inline. >>> >>> Cheers, >>> Med >>> >>>> -----Message d'origine----- >>>> De : Dots [mailto:dots-bounces@ietf.org] De la part de kaname nishizuka >>>> Envoyé : jeudi 28 mars 2019 11:38 >>>> À : dots@ietf.org >>>> Objet : [Dots] clarification questions from the hackathon >>>> >>>> Hi, >>>> >>>> I'd like to continue discussion of these topics in the ML. >>>> >>>> #1: Questions about signal-control-filtering >>>> 1. Should a mitigation request create a mitigation before doing a PUT + >>>> acl-list [{acl-name, activation-type}] against the active mitigation, or >> is a >>>> ‘PUT + acl-list [{acl-name, activation-type}]’ allowed to create a new >>>> mitigation? >>> [Med] Both are currently allowed in the draft. I don't still a valid reason >> to >>> restrict this. >> [Jon] As per draft >> A DOTS client MUST NOT use the filtering control over DOTS signal >> channel if no attack (mitigation) is active; >> > [Med] What is meant actually is: > > A DOTS client MUST NOT use the filtering control over DOTS signal > channel in 'idle' time; > > Will update the text. > [kaname] in order to make what I and Jon raised clearer, A DOTS client MUST NOT use the filtering control over DOTS signal channel in 'idle' time. If a mitigation request which includes both valid mitigation scope and acl-* for the first time in idle time, it should be treated as it's already in attack time. Or, simply I'm wondering if it is possible to drop the sentence because acl-* is always accompany with a mitigation scope so there is no way to enable it by itself in idle time? >> [Jon] then needs to be reworded as there is no active mitigation until the >> PUT is done... >> I believe that both cases should be supported. >>>> 2. Should the response to a GET (or Observed GET) include the acl-list >>>> [{acl-name, activation-type}] if the PUT included it? >>> [Med] The current spec says "no". That's said, what would be the value in >>> returning it? Then, why not allowing to return the references to all ACLs >> that >>> are enabled during the mitigation time? >>> >> [Jon] When observing the mitigation request, if the activation-type is >> changed externally, the client will then know about the change. Assuming the >> response got back to the client, this is effectively an ACK to the fact that >> the ACL change got through. > [Med] The observe case makes sense, indeed. > >> Interesting concept about knowing about all the relevant ACLs as returned >> over the signal channel. More work for the server to do in determining which >> ACLs are valid for, say, a specific IP address that is being mitigated. Not >> entirely convinced of the benefit of this as this generally is available over >> the data channel. >> > [Med] I'm not convinced, either. > > _______________________________________________ > Dots mailing list > Dots@ietf.org > https://www.ietf.org/mailman/listinfo/dots
- [Dots] clarification questions from the hackathon kaname nishizuka
- Re: [Dots] clarification questions from the hacka… Olli Vanhoja
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… Jon Shallow
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… Jon Shallow
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… kaname nishizuka
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… Jon Shallow
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair