IETF Logo Mail Archive

Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-23.txt

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 03 September 2018 07:32 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50916130E09 for <dots@ietfa.amsl.com>; Mon, 3 Sep 2018 00:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jsPARobbsxWC for <dots@ietfa.amsl.com>; Mon, 3 Sep 2018 00:32:50 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 556B012DD85 for <dots@ietf.org>; Mon, 3 Sep 2018 00:32:50 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1535959980; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-exchange-antispam-report-test: x-ms-exchange-senderadcheck:x-exchange-antispam-report-cfa-test: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=L LMmKsfyewKCjkxNU0fLmDxaQPaYQ92NBEXa+1E45o A=; b=lcw93hG9mQcxtZJQAZjFkHqqoiSNFzAhGNpxogMPUFBe pEj6qowxv87iPqko5xINx8cWrpjdT4TMzCCCjFalOJBd1jMpjN pNIybtFJW7lQqqdZpV2mCd2PgpgO55cYxKkdSaCFumxVU4BWMq 0IxaOBRGwoNZEN0HON1DcILFSx4=
Received: from DNVEXAPP1N06.corpzone.internalzone.com (unknown [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 0ee5_06f9_55f013b3_3936_4aa3_8396_9ad7693fe67f; Mon, 03 Sep 2018 02:33:00 -0500
Received: from DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 3 Sep 2018 01:32:36 -0600
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 3 Sep 2018 01:32:35 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Mon, 3 Sep 2018 01:32:34 -0600
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 3 Sep 2018 01:32:34 -0600
Received: from BN6PR16MB1425.namprd16.prod.outlook.com (10.172.207.19) by BN6PR16MB1412.namprd16.prod.outlook.com (10.172.207.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1101.17; Mon, 3 Sep 2018 07:32:33 +0000
Received: from BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::a14e:458f:4a71:ef35]) by BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::a14e:458f:4a71:ef35%6]) with mapi id 15.20.1101.016; Mon, 3 Sep 2018 07:32:33 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: kaname nishizuka <kaname@nttv6.jp>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] I-D Action: draft-ietf-dots-signal-channel-23.txt
Thread-Index: AQHUNiXwJ7qUEGeO/kqEzSoNu5xIs6TU5dOAgABVjMCACQRVgIAAAFHg
Date: Mon, 03 Sep 2018 07:32:33 +0000
Message-ID: <BN6PR16MB1425F8408EE866874368C39DEA0C0@BN6PR16MB1425.namprd16.prod.outlook.com>
References: <153450832098.18132.7342824614297335945@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302DFAB5EC@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <63f96d7b-77f0-e5c4-6759-1225079f84f6@nttv6.jp> <BN6PR16MB14250EB96CE34C0846F73B10EA0A0@BN6PR16MB1425.namprd16.prod.outlook.com> <5407aeab-0712-7c78-83eb-cb4078f1fabe@nttv6.jp>
In-Reply-To: <5407aeab-0712-7c78-83eb-cb4078f1fabe@nttv6.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.500.52
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR16MB1412; 6:+Fi6+2Ampms0MryIzg5mYU7BFew69WsRYv+DZuGmuqik4dO+VCK+Ut8TP8aUNO2GomcgNB6TF6Wbyx4BOXmKkjRzcrnJ6YprogqD2JXh7t/mm5deqOuKAPeq9BGuL82HS7H3NDee8WfTpaX/BwES9mTytRW5W1UwV/b9saGeU6MmVo/G6EOGRqhqxgQ1C+SDOXjBMAUsgwjyiIyklqIxln1j2ilhdwHHTOyaKPNFoQCC5S4gjtF62dwVBR180M2YGidLuQSpMNv0qJYjoi7hMEVx0IySKvtxG9JL07rcBRW35Rvd8GMhrc+QgDti8+GfSG8u9UzPBS4yxStioCaLZOX/tFyAid7uR+ni2Hj1dgZqdkbIAT8haM3HiOy70STS0bZPVa05s+1/bLcnzs7G8Q7pRtl6Q5uoK4JkN8OPTdkCEXQcFohb+fRtuJrILiNvH4h/toBJVB76B1U+7E4ehg==; 5:xZAjy2GJJ8noUHaqy7fJbT8Gn7Em4TDQRVSNeWI75Ib6V/BapqkKZwAI7xKW1E0mYlxLeKvtqf79OKMJrEzSI56nhFzejrBdrNjH9PzPsvVVDIAXTBQHei+RFzmPi7MgLVUZe7Jh/vjL6PYdH7F2szlDbGzi25+I8WGJ+s+Qzv8=; 7:RFHgR58ycBOOTJOc7h3m2GDK1zrMoooHdfUwQY2ddqL86o1DvbB1GFR40GkX9DJs4NJTCM8UTPC02bL5TOZ+fp8tFLmTlcDQJHa9AeLD/gnKPZchjCyYps+obyYudmmX8odpfEBNAYso910rduApT+nuj3oYhDDxiE14GxXc7BcLAc4w7JTLSUAVaHH2a1K/hjDNjYDamcFd0NzrSlicTDkAdF+nia4bdFo85T2MDCTzNZKM240GDs4JKuCQYCFf
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 5a267450-bc12-49cb-bdc8-08d6116f69c1
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:BN6PR16MB1412;
x-ms-traffictypediagnostic: BN6PR16MB1412:
x-microsoft-antispam-prvs: <BN6PR16MB14127D0073505AA055A39C3AEA0C0@BN6PR16MB1412.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(120809045254105)(161740460382875)(18271650672692)(21748063052155)(123452027830198);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(3231311)(944501410)(52105095)(10201501046)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(20161123564045)(20161123562045)(201708071742011)(7699016); SRVR:BN6PR16MB1412; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB1412;
x-forefront-prvs: 0784C803FD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(396003)(376002)(366004)(346002)(39850400004)(55784004)(199004)(53754006)(189003)(32952001)(86362001)(256004)(6506007)(5024004)(25786009)(9326002)(105586002)(106356001)(14454004)(8936002)(26005)(74316002)(99286004)(76176011)(53546011)(14444005)(561944003)(21615005)(186003)(486006)(7736002)(7696005)(476003)(8676002)(110136005)(6246003)(68736007)(316002)(11346002)(606006)(966005)(72206003)(80792005)(2501003)(2906002)(2900100001)(33656002)(229853002)(5660300001)(478600001)(55016002)(93886005)(66066001)(6306002)(54896002)(5250100002)(9686003)(3846002)(6116002)(53936002)(6436002)(790700001)(236005)(81166006)(81156014)(97736004)(446003)(102836004)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB1412; H:BN6PR16MB1425.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: fHTY8+DFCoWX+08loEG7wydgedToLSJ2opzJh0tQe0SSULzfTUNBnNOm+xyda644TkH1OBL5QzvlpN/lGuSvTM2AhCwx1BOGn/MjlYju03jcy2v77Lbxy6ollaun9kWmIRGRCxfL510v3Xu0uyB5gco7v+bGovnKocczZIof4wVT95CkiB2YAkdVLZo1FYQN3Bl9GnRX3LQavvXnI4LAVApHKgSV02mp7JbGX9in668A7wYbscN0DbzJy0YEtCHRP2ZDOXKzQY/TEebArX2wNElGisoo0EzTogLLn1aEt1KsMoOuatTs4ELQzJ+GeOqW7lUFD4GCjo9FrElol6lxKge4AmvSOM7gchveag4UtPA=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN6PR16MB1425F8408EE866874368C39DEA0C0BN6PR16MB1425namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a267450-bc12-49cb-bdc8-08d6116f69c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Sep 2018 07:32:33.1444 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB1412
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6364> : inlines <6844> : streams <1797355> : uri <2701926>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/tGoW-Tf9EUkfX1yjmUTSem5_dAY>
Subject: Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-23.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Sep 2018 07:32:53 -0000

Hi Kaname,

Please see inline [TR2]

From: kaname nishizuka <kaname@nttv6.jp>
Sent: Monday, September 3, 2018 12:46 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>; dots@ietf.org
Subject: Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-23.txt


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi Tiru,

Please see inline.
On 2018/08/28 22:42, Konda, Tirumaleswar Reddy wrote:
Hi Kaname,

Please see inline.

From: Dots <dots-bounces@ietf.org><mailto:dots-bounces@ietf.org> On Behalf Of kaname nishizuka
Sent: Tuesday, August 28, 2018 1:58 PM
To: dots@ietf.org<mailto:dots@ietf.org>
Subject: Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-23.txt


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi,

I did a review on -23 of the signal channel draft:




1. [correction] GET request can be without 'sid' Uri-Path parameter.

<

   If a non-zero value of Max-Age Option is received by a DOTS client,

   it MUST issue a GET request with 'sid' Uri-Path parameter to retrieve

   the current and acceptable configuration before the expiry of the

   value enclosed in the Max-Age option.

>

   If a non-zero value of Max-Age Option is received by a DOTS client,

   it MUST issue a GET request to retrieve

   the current and acceptable configuration before the expiry of the

   value enclosed in the Max-Age option.



[TR] The proposed line is not correct. The client has to use GET request with ‘sid’ to refresh the configuration parameters it had previously negotiated.

[kaname]The client can get current values by GET request without 'sid' (4.5.1).



[TR2] Yes.



It seems that it hasn't been specified in the draft that previously negotiated configuration parameters are returned only by GET request with ‘sid’.



[TR2] No, GET request without ‘sid’ will not refresh the previously negotiated configuration parameters but will return the current, min and max values.



2. [proposal] Adding trigger-mitigation to several example figures about mitigation request



[TR] The default value of trigger-mitigation is ‘true’, I don’t see the need to explicitly convey the attribute in the mitigation request.

 [kaname] yes, but I've thought it makes the example more helpful because "trigger-mitigation" is important concept in mitigation request. To feed examples with "trigger-mitigation": false is also fine for me.



[TR2] Agree it’s a critical parameter and is discussed in detail in the specification but don’t want to confuse readers by adding the default value of “trigger-mitigation”: true to the example.



-Tiru


regards,
kaname


-Tiru



Figure 7.

{

 "ietf-dots-signal-channel:mitigation-scope": {

   "scope": [

     {

       "target-prefix": [

          "2001:db8:6401::1/128",

          "2001:db8:6401::2/128"

        ],

       "target-port-range": [

         {

           "lower-port": 80

         },

         {

           "lower-port": 443

         },

         {

            "lower-port": 8080

         }

        ],

        "target-protocol": [

          6

        ],

       "lifetime": 3600,

       "trigger-mitigation": true

     }

   ]

 }

}



Figure 8.

A1                                      # map(1)

   01                                   # unsigned(1)

   A1                                   # map(1)

      02                                # unsigned(2)

      81                                # array(1)

         A5                             # map(5)

            06                          # unsigned(6)

            82                          # array(2)

               74                       # text(20)

                  323030313A6462383A363430313A3A312F313238 # "2001:db8:6401::1/128"

               74                       # text(20)

                  323030313A6462383A363430313A3A322F313238 # "2001:db8:6401::2/128"

            07                          # unsigned(7)

            83                          # array(3)

               A1                       # map(1)

                  08                    # unsigned(8)

                  18 50                 # unsigned(80)

               A1                       # map(1)

                  08                    # unsigned(8)

                  19 01BB               # unsigned(443)

               A1                       # map(1)

                  08                    # unsigned(8)

                  19 1F90               # unsigned(8080)

            0A                          # unsigned(10)

            81                          # array(1)

               06                       # unsigned(6)

            0E                          # unsigned(14)

            19 0E10                     # unsigned(3600)

            18 2D                       # unsigned(45)

            F5                          # primitive(21)





thanks,

Kaname


On 2018/08/17 21:28, mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com> wrote:

Hi all,



This version follows the recommendations from the core WG:

* Move Hop-Limit text to a separate I-D: I-D.boucadair-core-hop-limit.

* Abandon the use of 3.00, but use 5.03 instead.



The good news is that these changes are straightforward and do not hold publication because I-D.boucadair-core-hop-limit is not a normative reference.



We also updated the text to reflect the recent publication of RFC8446 (TLS 1.3). Changes are tweaked to be aligned with the discussion with Benjamin (thanks).



Chairs, the token is yours now :)



Cheers,

Med



-----Message d'origine-----

De : I-D-Announce [mailto:i-d-announce-bounces@ietf.org] De la part de

internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>

Envoyé : vendredi 17 août 2018 14:19

À : i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>

Cc : dots@ietf.org<mailto:dots@ietf.org>

Objet : I-D Action: draft-ietf-dots-signal-channel-23.txt





A New Internet-Draft is available from the on-line Internet-Drafts

directories.

This draft is a work item of the DDoS Open Threat Signaling WG of the IETF.



        Title           : Distributed Denial-of-Service Open Threat Signaling

(DOTS) Signal Channel Specification

        Authors         : Tirumaleswar Reddy

                          Mohamed Boucadair

                          Prashanth Patil

                          Andrew Mortensen

                          Nik Teague

  Filename        : draft-ietf-dots-signal-channel-23.txt

  Pages           : 87

  Date            : 2018-08-17



Abstract:

   This document specifies the DOTS signal channel, a protocol for

   signaling the need for protection against Distributed Denial-of-

   Service (DDoS) attacks to a server capable of enabling network

   traffic mitigation on behalf of the requesting client.



   A companion document defines the DOTS data channel, a separate

   reliable communication layer for DOTS management and configuration

   purposes.



Editorial Note (To be removed by RFC Editor)



   Please update these statements within the document with the RFC

   number to be assigned to this document:



   o  "This version of this YANG module is part of RFC XXXX;"



   o  "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling

      (DOTS) Signal Channel Specification";



   o  "| [RFCXXXX] |"



   o  reference: RFC XXXX



   Please update TBD statements with the port number to be assigned to

   DOTS Signal Channel Protocol.



   Also, please update the "revision" date of the YANG module.





The IETF datatracker status page for this draft is:

https://datatracker.ietf.org/doc/draft-ietf-dots-signal-channel/



There are also htmlized versions available at:

https://tools.ietf.org/html/draft-ietf-dots-signal-channel-23

https://datatracker.ietf.org/doc/html/draft-ietf-dots-signal-channel-23



A diff from the previous version is available at:

https://www.ietf.org/rfcdiff?url2=draft-ietf-dots-signal-channel-23





Please note that it may take a couple of minutes from the time of submission

until the htmlized version and diff are available at tools.ietf.org.



Internet-Drafts are also available by anonymous FTP at:

ftp://ftp.ietf.org/internet-drafts/



_______________________________________________

I-D-Announce mailing list

I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>

https://www.ietf.org/mailman/listinfo/i-d-announce

Internet-Draft directories: http://www.ietf.org/shadow.html

or ftp://ftp.ietf.org/ietf/1shadow-sites.txt



_______________________________________________

Dots mailing list

Dots@ietf.org<mailto:Dots@ietf.org>

https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email