Re: [Dots] AD review of draft-ietf-dots-data-channel-25
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 28 February 2019 11:00 UTC
Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47AFC128BCC; Thu, 28 Feb 2019 03:00:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WCbuTTVxL-Zg; Thu, 28 Feb 2019 03:00:23 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E733E12D4E8; Thu, 28 Feb 2019 03:00:22 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1551351466; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-exchange-diagnostics:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=rgtArY2CSyIMdgdd9s6uyhVrL9MEa4z1//VTn9 flWUY=; b=BrugsCqJzjOlV+fZyCbTFAJjoNHfHw9afhmGcFee qSNNnmHwg4xyr0qKHevffo5n/INek9N4Qdq9sVGYu/ESSrI9E1 r/4srJCmnVduI0t1bZzehPN+rctVU1ckn9k+rTAkCieao8tKxp IlJaPd6PVWYbqZgOktkiTx+VCk3KOsw=
Received: from DNVEXAPP1N06.corpzone.internalzone.com (unknown [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 21ae_4980_f6b9dcf7_6809_458d_ab0a_4f70d75040f1; Thu, 28 Feb 2019 03:57:46 -0700
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 28 Feb 2019 04:00:13 -0700
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Thu, 28 Feb 2019 04:00:13 -0700
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (10.44.176.243) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 28 Feb 2019 04:00:10 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2725.namprd16.prod.outlook.com (20.178.232.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.15; Thu, 28 Feb 2019 11:00:08 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39%2]) with mapi id 15.20.1665.015; Thu, 28 Feb 2019 11:00:08 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: "dots@ietf.org" <dots@ietf.org>, "draft-ietf-dots-data-channel@ietf.org" <draft-ietf-dots-data-channel@ietf.org>
Thread-Topic: AD review of draft-ietf-dots-data-channel-25
Thread-Index: AQHUxRIUo475NEhnvke5Q68IH00fwKXgsiOQgAAV9gCAEoE9oIABvKCAgAAWnNA=
Date: Thu, 28 Feb 2019 11:00:07 +0000
Message-ID: <BYAPR16MB2790F8CA2FF82789D36A94CAEA750@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <20190213164622.GX56447@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA1F03D@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190214191707.GM56447@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA1FCF6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <BYAPR16MB279099DF23F40CF46280EEE2EA600@BYAPR16MB2790.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302EA1FEC0@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <BYAPR16MB2790FF9AA5D6C22037F62B54EA740@BYAPR16MB2790.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302EA26902@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA26902@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 643b1901-9a09-4393-96bb-08d69d6be6e5
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2725;
x-ms-traffictypediagnostic: BYAPR16MB2725:
x-microsoft-exchange-diagnostics: 1;BYAPR16MB2725;23:+V91a8MNBnvSH9Y0By64dsjVta8vW8EByf0T1PscF4ARVVdQjuiQ421Lai0nr9mtJ9dTwj/x6OEx3xUCVI8JnIV1p3YOdxLcBi1JdoVDcSQ9I2AC5FLJYtHJL+mOJK4HN1in9gVtGlp1wjsS2LdAC0TonEOue3KiER8EkG8dT6xVVDwuQPrsHl67xZ8PIs6kcFRXFfcN5rZu+YdjKPlW5g4iJRGWtBKX9yRQ4DUQzq34evAlCr+GOR/S6kfLpt23cBWW3eyaILQ5WIanjM7FDMy47ku4ohZm+4/PGWYMGSKZtJb8UbglTmgAvnJpzGGRZtDu6eaRKqQKuLaNKYKcrVXzSHaD/krH6ZR8WxZhq6UcspB3MU2SJ10Uc+2IqbhBQJvf1xq7Ur/z5EHN3yu/VgxcGrPOCgO77vwDQfA9p/QpBNVOGIRAf7hgS4dszstzH0Nil+CYk8EjzZYNygLEJEvbmi4DSMNFksc8ujAh1fcb7U/EAvmOpARrwNUcAbYjGxlwnMydwmJoSFaR/33/r1PlvfrHLajm3U+/+d5zSJkW1OS/mKJl9leb8xOW9DOz597Arl9zqCiSYuFvseky6jgVCG3Av5Exy6vraEZXdXVGw0vtbyLMik1LAOvFSU9XR9f97T2XQMVkeBOmWecWXb/eE6kQzZTcbktpvjKZvt/CmBD29QLXRqycZEfteEC00bSVtHr8/sjyuo0SB3kwhsuF7JpQnyxrLAF7ccpbJl8o9T1bntigO5Ug2jynUztE/V8JFDBobYfdU5ORC1AA/gqgO47d64qRVIZQvem3puJdvDGeNPMdYrk6hV4sgoCClNullHDdlLgZ9vVNZQxPepkYDI+ciMw+aXS/3O3Qgxt9WM8HwCh46rFuC8eGkZmx14+oh1XOriFz3ZJL0WyxM5Oo45CRRFUQ1x92s68FwRpLxaCkfCFxkf7y3VMnLXzGybkonBRxlvm8qBTFJpXQmN3/wwvXH0CqGRHyss4kVGut3Ioh3GNtWlWc2xS/L64lOmYJtWTElBVoIuA5dwxr47rQyA0Wq0ZdgicjF56sFJP7ocSAyGZ7MUL9a/QUpo4TObr1LdMAJdFcugT91F0TeR/x427bPtk+4iaJ0Je34srqcA33g0BPb8otENWlLo4Qq2phf3mgwKRGqC6aHnQXWF0OxvWPWiXyYavvt6MNgjtVL+Gcgh5sR2JHLubOq7ZzS8/AICuwmM5PPgcouPxHWLRFiQ301J0eNtjDFLplbdR7YJjD350TP7PxjNGPVwx80xmU0fgmY01MKL2Sqkrn/u75BECGI1IiA/BfM25IsEV1eUZ/UTW0XYBSg7drH6d3W7GOD+2p4jlk3rvwZYlnlZ2+h/QGU2UZWwckNm8pmyvs0YqXCu/JAT+9l9bqwSNQv2GOtnKdE5CwnKKGnbaWubvwoj1dsK+5QDhr4DcBFY9kTbonM9HvSZBf7pmobIH0
x-microsoft-antispam-prvs: <BYAPR16MB2725ECD6591D52647063643AEA750@BYAPR16MB2725.namprd16.prod.outlook.com>
x-forefront-prvs: 0962D394D2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(366004)(396003)(376002)(346002)(189003)(199004)(13464003)(32952001)(6116002)(6246003)(93886005)(53936002)(2501003)(7696005)(486006)(446003)(33656002)(8936002)(2906002)(11346002)(99286004)(3846002)(2171002)(68736007)(81156014)(81166006)(110136005)(476003)(54906003)(186003)(76176011)(8676002)(316002)(66066001)(26005)(25786009)(6436002)(53546011)(5660300002)(6506007)(52536013)(66574012)(102836004)(5024004)(14444005)(256004)(74316002)(478600001)(72206003)(80792005)(106356001)(9686003)(55016002)(305945005)(97736004)(7736002)(229853002)(4326008)(86362001)(71200400001)(71190400001)(14454004)(105586002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2725; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: aNhU4yuvwpZ+6Za5Tmm3R77sdFQ9kjhFlwzMfdwwNX1Izx/ExSmKCXxC8U9ISQ1B7s2j36touH4ismosHbHLZgwfv3HuwNsVUgi3+J4xr5KgMI1LVg4RI9fN5dTlMCKdxSw20zvUA1NLjQ8kBafru9Ee/Ruj5pgy7L2IFSog7UxOFYkSmPzSW7A4Ci7CQI/vo3cgqYJ997BsDP7Le0OoNvYHfzeLLQZYcw7WD91wVn4ldieNf0WQimiIKlv6qZRHJUGT+tGDo01Dvyapz7nY9DVS/E8hJqM2jJ2Y0o/ULgQ1WNKUz5WnGClODGzCNEV5DXLRxeLwxVX580RIIt4WDcOdGzUA+p/r295yFk629quWBeC4KMts4N7kZBPnu0+C3je7eCEbEaai30HGhdbzCqqT6RtK9EHRzN0z2Iuy0i4=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 643b1901-9a09-4393-96bb-08d69d6be6e5
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2019 11:00:07.8710 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2725
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6492> : inlines <7025> : streams <1814339> : uri <2803637>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/sWsnaEQNBtk8uk9uX56mh6xb7nA>
Subject: Re: [Dots] AD review of draft-ietf-dots-data-channel-25
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 11:00:27 -0000
> -----Original Message----- > From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com> > Sent: Thursday, February 28, 2019 2:59 PM > To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>; > Benjamin Kaduk <kaduk@mit.edu> > Cc: dots@ietf.org; draft-ietf-dots-data-channel@ietf.org > Subject: RE: AD review of draft-ietf-dots-data-channel-25 > > > > Re-, > > I added this note to my local copy: > > How a DOTS client synchronizes its configuration with the one > maintained by its DOTS server(s) is implementation-specific. For > example, a DOTS client can send a GET message before and/or after each > configuration change request. The example does not look correct, no need to send GET messages to synchronize the configuration during peace time. We need an example to discuss the scenario when attack traffic is initiated and client did not receive response to the configuration request from the DOTS server. I propose the following update: For example, a DOTS client can re-establish the disconnected DOTS signal channel session after the attack is mitigated and sends a GET message before configuration change request. Cheers, -Tiru > > Cheers, > Med > > > -----Message d'origine----- > > De : Konda, Tirumaleswar Reddy > > [mailto:TirumaleswarReddy_Konda@McAfee.com] > > Envoyé : mercredi 27 février 2019 07:59 À : BOUCADAIR Mohamed TGI/OLN; > > Benjamin Kaduk Cc : dots@ietf.org; > > draft-ietf-dots-data-channel@ietf.org > > Objet : RE: AD review of draft-ietf-dots-data-channel-25 > > > > > -----Original Message----- > > > From: mohamed.boucadair@orange.com > <mohamed.boucadair@orange.com> > > > Sent: Friday, February 15, 2019 5:53 PM > > > To: Konda, Tirumaleswar Reddy > <TirumaleswarReddy_Konda@McAfee.com>; > > > Benjamin Kaduk <kaduk@mit.edu> > > > Cc: dots@ietf.org; draft-ietf-dots-data-channel@ietf.org > > > Subject: RE: AD review of draft-ietf-dots-data-channel-25 > > > > > > This email originated from outside of the organization. Do not click > > > links > > or > > > open attachments unless you recognize the sender and know the > > > content is > > safe. > > > > > > Hi Tiru, > > > > > > Please see inline. > > > > > > Cheers, > > > Med > > > > > > > -----Message d'origine----- > > > > De : Konda, Tirumaleswar Reddy > > > > [mailto:TirumaleswarReddy_Konda@McAfee.com] > > > > Envoyé : vendredi 15 février 2019 12:06 À : BOUCADAIR Mohamed > > > > TGI/OLN; Benjamin Kaduk Cc : dots@ietf.org; > > > > draft-ietf-dots-data-channel@ietf.org > > > > Objet : RE: AD review of draft-ietf-dots-data-channel-25 > > > > > > > > I am catching up with the discussion, couple of points: > > > > > > > > 1) > > > > * If a network resource (DOTS client) detects a potential DDoS > > > > attack from a set of IP addresses, the DOTS client informs its > > > > servicing DOTS gateway of all suspect IP addresses that need to > > > > be drop- or accept-listed for further investigation. > > > > > > > > Comment> I don't see why suspect IP addresses will be accept-listed ? > > > > We may want to remove "or accept-listed" from > > > > the above line. > > > > > > > > > > [Med] Ack. > > > > > > > [Med] The dots client will know if its request is successfully delivered. > > > > When an attack is ongoing, the dots client should not use it data > > > > channel because it is likely to be perturbed. > > > > > > > > Comment> If the HTTP response from the server did not reach the > > > > Comment> client > > > > because of a volumetric attack saturating the incoming the link, > > > > the DOTS client will not know whether the configuration is > > > > successfully updated or not. After the attack is mitigated, the > > > > client will have to re-establish the TLS session and retrieve the > > > > configuration to check if its last request was successfully > > > > applied or not before updating the configuration. > > > > > > > > > > [Med] Agree. Still, how the client syncs its config with the one > > > maintained > > by > > > the server is implementation-specific. A client can send a GET > > > before > > and/or > > > after a configuration change request, in regular intervals, after > > > attack mitigation, etc. > > > > Adding a Implementation Note looks useful to me. > > > > -Tiru > > > > > > > > > Cheers, > > > > -Tiru
- [Dots] AD review of draft-ietf-dots-data-channel-… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Roman Danyliw
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy
- Re: [Dots] AD review of draft-ietf-dots-data-chan… mohamed.boucadair
- Re: [Dots] AD review of draft-ietf-dots-data-chan… Konda, Tirumaleswar Reddy