Re: [Dots] New Version Notification - draft-ietf-dots-signal-call-home-10.txt
Benjamin Kaduk <kaduk@mit.edu> Tue, 27 October 2020 16:58 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 711C93A0CE2; Tue, 27 Oct 2020 09:58:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ztbKUIrBgQAy; Tue, 27 Oct 2020 09:58:29 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 725BC3A03AA; Tue, 27 Oct 2020 09:58:29 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 09RGwM6A024385 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Oct 2020 12:58:27 -0400
Date: Tue, 27 Oct 2020 09:58:22 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: draft-ietf-dots-signal-call-home.all@ietf.org
Cc: dots@ietf.org
Message-ID: <20201027165822.GO39170@kduck.mit.edu>
References: <160337163947.12987.14997256042327860516@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <160337163947.12987.14997256042327860516@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/orX-tbMPhZdtIPz8kxIz13JckdM>
Subject: Re: [Dots] New Version Notification - draft-ietf-dots-signal-call-home-10.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2020 16:58:32 -0000
On Thu, Oct 22, 2020 at 06:00:39AM -0700, internet-drafts@ietf.org wrote: > > A new version (-10) has been submitted for draft-ietf-dots-signal-call-home: > https://www.ietf.org/archive/id/draft-ietf-dots-signal-call-home-10.txt > > Sub state has been changed to AD Followup from Revised ID Needed > > > The IETF datatracker page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-dots-signal-call-home/ > > Diff from previous version: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dots-signal-call-home-10 Thanks for the updates; this all looks quite good. I have just a few editorial remarks on the new text (below), and the only issue keeping me from issuing an IETF LC is the IPR question (https://datatracker.ietf.org/ipr/3318/ appears in the IPR search for this document). I'm happy to do so if we have broad WG consensus to proceed even in light of the IPR report (or if the IPR report gets updated), but I don't remember anyone other than the authors replying on that topic yet. -Ben Section 5.3.1 The 'source-prefix' parameter is a mandatory attribute when the attack traffic information is signaled by a Call Home DOTS client (i.e., the Call Home scenario depicted in Figure 7). 'target-prefix' attribute MUST be included in the mitigation request signaling the attack information to a Call Home DOTS server. The 'target-uri' or nit: Start the second sentence with "The" (just like the third sentence). If the Call Home DOTS server rejects the mitigation request without waiting for a consent from the Call Home DOTS server domain administrator, the 'conflict-cause' set to '4' is returned in 4.09 (Conflict) sent back to the Call Home DOTS client. If the attack traffic information is identified by the Call Home DOTS server or the Call Home DOTS server domain administrator as legitimate traffic, the mitigation request is rejected with a 4.09 (Conflict) or a notification message with the 'conflict-clause' (Section 4.4.1 of [I-D.ietf-dots-rfc8782-bis]) set to the following new value: These two paragraphs seem to have a decent amount of overlap, and the first one also uses the conflict-cause value '4' before it's introduced by the second paragraph. I think we should be able to consolidate the two paragraphs. Section 5.3.2 Figure 10 depictes an example of a network provider that hosts a Call Home DOTS client and deploys a Carrier Grade NAT (CGN) between the DOTS client domain and DOTS server domain. In such case, nit: "cases" plural.
- Re: [Dots] New Version Notification - draft-ietf-… Benjamin Kaduk
- Re: [Dots] New Version Notification - draft-ietf-… tirumal reddy
- Re: [Dots] New Version Notification - draft-ietf-… mohamed.boucadair