IETF Logo Mail Archive

Re: [Dots] WGLC for draft-dots-use-cases-19

<mohamed.boucadair@orange.com> Tue, 06 August 2019 09:20 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D58A512006F for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 02:20:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RtXllVMvG6Z0 for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 02:20:00 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C686312001A for <dots@ietf.org>; Tue, 6 Aug 2019 02:19:59 -0700 (PDT)
Received: from opfedar05.francetelecom.fr (unknown [xx.xx.xx.7]) by opfedar20.francetelecom.fr (ESMTP service) with ESMTP id 462pxp0Q4Jz8srv; Tue, 6 Aug 2019 11:19:58 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.95]) by opfedar05.francetelecom.fr (ESMTP service) with ESMTP id 462pxn6Kybz2xC0; Tue, 6 Aug 2019 11:19:57 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM24.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0468.000; Tue, 6 Aug 2019 11:19:57 +0200
From: mohamed.boucadair@orange.com
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, Valery Smyslov <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>
CC: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
Thread-Topic: [Dots] WGLC for draft-dots-use-cases-19
Thread-Index: AdVMHvzhmt/V33ByRr+d368GCi1ExgABDh/gAAA/2oAAAmsFAAAApBygAAFk76AAAGXy8A==
Date: Tue, 06 Aug 2019 09:19:57 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDBC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050DF869BABA8B3670DC85EAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
In-Reply-To: <DM5PR16MB17050DF869BABA8B3670DC85EAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/queaBn_llbHs5tlnayEDL5yun8M>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 09:20:03 -0000

Re-,

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : Konda, Tirumaleswar Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com]
> Envoyé : mardi 6 août 2019 11:15
> À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org
> Cc : Xialiang (Frank, Network Standard & Patent Dept)
> Objet : RE: [Dots] WGLC for draft-dots-use-cases-19
> 
> > -----Original Message-----
> > From: mohamed.boucadair@orange.com
> > <mohamed.boucadair@orange.com>
> > Sent: Tuesday, August 6, 2019 2:00 PM
> > To: Konda, Tirumaleswar Reddy
> > <TirumaleswarReddy_Konda@McAfee.com>; Valery Smyslov
> > <valery@smyslov.net>; dots@ietf.org
> > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > <frank.xialiang@huawei.com>
> > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> >
> > This email originated from outside of the organization. Do not click
> links or
> > open attachments unless you recognize the sender and know the content is
> > safe.
> >
> > Re-,
> >
> > Please see inline.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : Konda, Tirumaleswar Reddy
> > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > Envoyé : mardi 6 août 2019 10:14
> > > À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > > Xialiang (Frank, Network Standard & Patent Dept) Objet : RE: [Dots]
> > > WGLC for draft-dots-use-cases-19
> > >
> > > Hi Med,
> > >
> > > No, the orchestrator is not ignoring the mitigation hints.
> >
> > [Med] Why? The text is clear the orchestrator acts as DOTS server. As
> such, it
> > can ignore/accept hints.
> >
> >  It is sending
> > > filtering rules to block or rate-limit traffic to routers (last but
> > > one line in the new paragraph).
> >
> > [Med] Yes. That filtering rule is that would be applied by the DMS if it
> has
> > sufficient resources.
> >
> >  The adverse impact is legitimate users whose
> > > IP addresses were spoofed
> > > cannot access the services of the target server.
> >
> > [Med] This is a check at the DMS side. This check applies independently
> of **
> > where ** the filters are applied. This is not specific to this NEW text.
> 
> If the orchestrator is sending filtering rules to block traffic, checks
> are required to ensure spoofed IP address are not conveyed by the DMS.

[Med] Yes, but the current text describes the case where the DMS supplies "its blocked traffic information": 

  the DDoS mitigation system can send mitigation requests
  with additional hints such as its blocked traffic information to the
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^
  orchestrator.

So, the DMS has already done that check. 

 If
> the orchestrator delegates the mitigation to a separate domain (recursive
> signaling),
> the attack information provided by DMS can include spoofed IP addresses
> (so the new mitigator in the separate domain learns the attack traffic is
> coming from spoofed IP addresses).

[Med] This is not specific to this case, but applies each time there is recursive signaling. 

> 
> -Tiru
> 
> >
> > >
> > > Cheers,
> > > -Tiru
> > >
> > > > -----Original Message-----
> > > > From: mohamed.boucadair@orange.com
> > > > <mohamed.boucadair@orange.com>
> > > > Sent: Tuesday, August 6, 2019 12:50 PM
> > > > To: Konda, Tirumaleswar Reddy
> > > > <TirumaleswarReddy_Konda@McAfee.com>; Valery Smyslov
> > > > <valery@smyslov.net>; dots@ietf.org
> > > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > > <frank.xialiang@huawei.com>
> > > > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> > > >
> > > > This email originated from outside of the organization. Do not click
> > > links or
> > > > open attachments unless you recognize the sender and know the
> > > > content is safe.
> > > >
> > > > Hi Tiru,
> > > >
> > > > The NEW text indicates the following:
> > > >
> > > > ==
> > > >    In addition to the above DDoS Orchestration, the selected DDoS
> > > >    mitigation systems can return back a mitigation request to the
> > > >    orchestrator as an offloading.
> > > >                      ^^^^^^^^^^^
> > > >    ....
> > > >    the DDoS mitigation system can send mitigation requests
> > > >    with additional hints such as its blocked traffic information to
> the
> > > >                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > >    orchestrator.
> > > > ==
> > > >
> > > > Which means that the DMS is blocking that traffic based on "some"
> > > > information. That same information is passed to an orchestrator so
> > > > that
> > > it can
> > > > filter the traffic. What changes is ** how/where ** filters are
> > > installed.
> > > >
> > > > Like the interface with a mitigator, the interface between the
> > > controller and
> > > > underlying routers is out of scope.
> > > >
> > > > From a DOTS perspective, the information supplied by the DMS to an
> > > > Orchestrator is considered as "additional hints" which is adhering
> > > > to
> > > RFC8612:
> > > >
> > > > ==
> > > >    GEN-004  Mitigation Hinting: DOTS clients may have access to
> attack
> > > >       details that can be used to inform mitigation techniques.
> Example
> > > >       attack details might include locally collected fingerprints
> for an
> > > >       on-going attack, or anticipated or active attack focal points
> > > >       based on other threat intelligence.  DOTS clients MAY send
> > > >       mitigation hints derived from attack details to DOTS servers,
> with
> > > >       the full understanding that the DOTS server MAY ignore
> mitigation
> > > >       hints.
> > > > ==
> > > >
> > > > I don't think there are new security considerations induced by the
> > > > NEW
> > > text.
> > > >
> > > > Cheers,
> > > > Med
> > > >
> > > > > -----Message d'origine-----
> > > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda,
> > > > > Tirumaleswar Reddy Envoyé : mardi 6 août 2019 08:52 À : Valery
> > > > > Smyslov; dots@ietf.org Cc : Xialiang (Frank, Network Standard &
> > > > > Patent
> > > > > Dept) Objet : Re: [Dots] WGLC for draft-dots-use-cases-19
> > > > >
> > > > > The security implications of the new use case need to be discussed
> > > > > in the draft, please see
> > > > > https://mailarchive.ietf.org/arch/msg/dots/tb-
> > > > > 1ojJ6TmSmRUci6JoUeD-gB1Y
> > > > >
> > > > > Cheers,
> > > > > -Tiru
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Dots <dots-bounces@ietf.org> On Behalf Of Valery Smyslov
> > > > > > Sent: Tuesday, August 6, 2019 11:56 AM
> > > > > > To: dots@ietf.org
> > > > > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > > > > <frank.xialiang@huawei.com>
> > > > > > Subject: [Dots] WGLC for draft-dots-use-cases-19
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > this message starts a short WGLC for
> > > > > > draft-ietf-dots-use-cases-19 to
> > > > > confirm
> > > > > > the WG consensus regarding the latest addition of a new use case
> > > > > > to the draft.
> > > > > > The WGLS will last one week and will end on Tuesday, 13 August.
> > > > > >
> > > > > > Regards,
> > > > > > Frank & Valery.
> > > > > >
> > > > > > _______________________________________________
> > > > > > Dots mailing list
> > > > > > Dots@ietf.org
> > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > >
> > > > > _______________________________________________
> > > > > Dots mailing list
> > > > > Dots@ietf.org
> > > > > https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email