IETF Logo Mail Archive

Re: [Dots] Last Call: <draft-ietf-dots-telemetry-19.txt> (Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry) to Proposed Standard

tom petch <daedulus@btconnect.com> Fri, 14 January 2022 12:32 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34E5E3A2365; Fri, 14 Jan 2022 04:32:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.615
X-Spam-Level:
X-Spam-Status: No, score=-2.615 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FGljM7IBK_Bp; Fri, 14 Jan 2022 04:32:32 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40106.outbound.protection.outlook.com [40.107.4.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 607433A2366; Fri, 14 Jan 2022 04:32:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tt0SR1c/GUXEAcGgxBLc6essuL1IQlS/BgxQYo71+WS+LXn9ADgW8HXngnVxg8soKygIQiZhpLK+ZWhmjaOtpp1rBpS/nCyaVj3eerAtTfjw/iG29SSGNP/VfoYH2AudXQTEsGviHolKtj0RKEC5YMeMcFBxUtlxOXnbzUZlXhT53mYS5liVY6JKsUaOKRPWf7ocsJILrqqtlL/AenxDebb7OJ1FX3TygYxOEC5A6evMS7B19IIS04WMqAt7pIRlwrYMPqE2eNMAvKmxV/17VlJWD60WOOOJbolTQV0Loee+TFmwY6MHFtQWCAPrF8Y5HiAAWLsVUQvzb7DYpt+Vrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jQ8nnNnLrkB6UGmEySLvCe7s3kSlrhcg6erdV9qtVXM=; b=i9oyHY7CGR4biz6XIv5FLAX0VxXoYK6yicftYidgm8bxVXh+jJ4ODt2ksinV6a0KCg1iUh3GlphhPuAU/v/FDGXnFMmJhaus6Kf3IiZ67VrmCqfXKoZec1L9bPDVO/U7tha/DgnLbYgWZFdKBCRyKqeb6BVnwLArrJVof/Q1y1fCcJofhHwJksFgR0mvnB45CjvEGpDpRpGMta0P4Dcqd10IuvPP1QquUZwlS9RWFFFz5fbEQAh49ZOf3slHxvkx18seSXAx61swgVdrJb5ZYg/OiIi7CGDfK9aYQCcKW24vULFneIner1PiJH8N/+LXgqAyKKvwQBmKR1BI40sLBQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jQ8nnNnLrkB6UGmEySLvCe7s3kSlrhcg6erdV9qtVXM=; b=vwXOperMwkgT+HCeuz5rA4PUDzLFIOEzh1Lwdqw95U6Fjpu/x/yP1xkBVZ7XiLHcCbyAP/tTuQR5L9zQHbEerNk37Ba8Hom7tHHFfP5y6H3QoppNRQIvzL2vSqLGXca5cov+1HdtM28dArHchTzGnjYDl+/qdzmx27oor7TECzA=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR0701MB2638.eurprd07.prod.outlook.com (2603:10a6:801:4::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.3; Fri, 14 Jan 2022 12:32:28 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::60fd:157e:c5e3:1a18]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::60fd:157e:c5e3:1a18%7]) with mapi id 15.20.4909.003; Fri, 14 Jan 2022 12:32:27 +0000
To: last-call@ietf.org
References: <164182513674.28016.284174261896096787@ietfa.amsl.com>
Cc: dots-chairs@ietf.org, valery@smyslov.net, dots@ietf.org, draft-ietf-dots-telemetry@ietf.org
From: tom petch <daedulus@btconnect.com>
Message-ID: <61E16D53.7050003@btconnect.com>
Date: Fri, 14 Jan 2022 12:32:19 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <164182513674.28016.284174261896096787@ietfa.amsl.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LO2P265CA0240.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:b::36) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b2a1e533-f459-463c-7aa5-08d9d759ecac
X-MS-TrafficTypeDiagnostic: VI1PR0701MB2638:EE_
X-Microsoft-Antispam-PRVS: <VI1PR0701MB2638AF09E202261DFD8F95FFC6549@VI1PR0701MB2638.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: vLJApsH4zZmIxMjFm9yJE15TPgTw2qAELx7NdZkxC+z2s0ahvverTv3c69CxfRw0M+x07zBN18+2c/wZOG34tcx6V3Xj+Rgx+1fzYZ823oi9NgfM8Ws+BdINzAB0utj6AxwkfFi33AsQtDRIbUxqaxgcUJLuKFfYRdtFHCW9u6iplDyjSwwmcuI5p2W4O6yjqPwbHGGQozPdtLfIkJ19sAyBOuOP2gNlb7XNpVHr1QIwhb6XdNJmeoh07EHeacDbJ11NQ52CaT6IKtjEewhAeTdURONOcdGMMVIaL5s2u62emqBpHP9htdj1MprZTwBgrP4TZ+vzaOtulai95GTyF+sDF79KfyNiNpogR/MhLkJl3wz+wex3wqmBUDEBxjT2zWEvT7CH82qOgW3IcBiBIZDszcqkYz4xhLOzlETmHbzxb2nlukGOT6CoBYFNHqm2qcJ7eyzD12pvb/AJyJ//EYGzfV3laWfWpKgk9GKS57IJprPsSDN/TL4n4HzOiwmLlLQVKJDuMSmqy36AJ5djGgxZqQ8GcC5YWEA/iOOCDmu4qFhyk5PKQs8zEGhfw4MtOYCjlg47Q2+xMUzYA2ElB+LhwARNBAQKCgsBP5dl5o4N3BITvkwIlw4ixaVpZsb3HAETw/ebS/SJ6wntH+pqan96LahKL74CyGyOlqTKKfiMNevB7EuynNRwWddP6mthG5WUVRAof96pGSmjRrglclAdMcpffukE8jMCdZF30pVykV0CbBwe3as0O2fcnaE/TTSwmk3BlDHC3FeSqAoCnLKpuYp9y7anIUzyBTzNU9LE3V+1nSaiqAE3mtet18Rb
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38350700002)(82960400001)(4326008)(38100700002)(66476007)(52116002)(6512007)(6916009)(8676002)(8936002)(66946007)(86362001)(316002)(5660300002)(66556008)(83380400001)(2616005)(36756003)(87266011)(186003)(53546011)(6506007)(6666004)(6486002)(26005)(966005)(2906002)(33656002)(508600001)(20210929001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: K82/eIkmdmkFrc8Dac8gDiXhdrKUPPUM1Gq/zj08TJbmipp4p5/hsgmdrppfR6Do6TtWbFHt+eoTAlUqvvxrRgpksqabd5ifeG5eua58tN5T40zGZbtlrbP5NqTDydowSPHdIVSog7jTLkI1zU4fZzWT9JmA02oDibtHq3G4+DsfZDTFlCW0Nm/fUhfnH9NBgh95uKt6v1j6OAyGzYdknQuIh2Kxa2eBmXjg9/ICH+5VjFK2WL82+MikRLNKL5kY/EdZmvunlpWme17HtVU3H8pqeyTSHpeTthB4m8HwqD/i/C5aUSs4O7icnPe7axZJbYRFrbRBOitrclb/OHqeruy9UsVMtUh5nHr+a1AZKhOPU/7u/sLti/zrY79eIl8Zw7nclIVyusnietd7Gu2AkQhZkYqPjuy+eEoNbSU9/W9uSRCbvKU7R2vM1ov7F9j1ytvDX7QogVka5HTCw6NOQvYVynZ88CkpI+8REcdcz3Slx69VcA9pprZl++rQ+hLus0ZbSIkCN34bG3FEHdhHmKhjOa6RKJ9sS7drehOyrWmURNOzBRP4NgtZG+xfCvBVlnyHXZMqilKhBPR1rpV387G2Tb+w5CyvvGg6N3h1peooPu6w5P9ExrLbFKy01e/JuzqtKRjzRkYyou58qMFxbcGJok77r1Rc307Eq5nzEbJAwpoBS7T6Kbu6gS9vHd+BlikvG4l9QHpLfrXuejb4kRLL691p8sVXYT3kfMitRZpSSvpYCoPw8ByW7sdWghBhpLuY5J3fWBqnaGAcCeLFessF7I7WtU3v1P3gt3AgbxPmQIKkhaDHyANQQSLKonMmCnhFgwJSjUj7Z++8Mw+G8hrINQ8J0xS0INzPHNDrBUQNeHXCEE0OZhEVLXHfRslvNBV8fg6neIU4JAcE8YNgCNs930DNWC0AKvqfwj7EmudZur35BiQGe4RNV/pt5TjjhAWaOgltIoG7jSEy2+EXq4xR+prBbUGiy+MVy6jb/QKy0Hot0mb19xFh/nEhRn3GsOiEsfHLWLstYMllOd3Sum4vqjfBRzrT3UMHvWe34ts20rKCaf7sxz56XfCQQXOJo9F1vrA9sEPH3BsNpCCiGZCFEec9sUnQ3gtbkqcmN6FjSmMPEFkQwpr+FFbwyEZOdYtWDH5340ZSaA1pxsBGGNz2cp2X1GAO/YdfSr5uZPqIgQr2CYtGIR1CePW3UCi//ZKV1tExRrO5iKf28Eoh1OlOj/iZ/lZvc3MFqJxgtw/2Iu44Upr0Ffm6Fikulj7Cc3DcRmDrZ4oE4etQaike94Md20tQPEqLGJZYOxah3ILB3YXGtnC5/eAW5kS0rZ/RCqEGfGnOKmx3pCsXswoju/ACqJQBFISQ4OWK2WhKx59gMHZSZZtFiv30GtC9NWJe0R8xZNc5stdo8GlOD4PuHR8NmzPD4eds1c5d3ypktfUEvv3eDTBN8WFt4aT31NCLPuDU5cqR6cDHKworkho9L8P8w3TfwePNOtuuyjtkzgUYDlHEvEU/RRSPtNnhh0Wx04EV1a4l0WoqOxIEddOYJRpS1XK0vesf56vmZuKT6jXa2BrHk0qeSUP5DQCtWzOVztzozLiIDBETG6NRAuXOAj5ymQgjYCBHp6bqQytJ9yk=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b2a1e533-f459-463c-7aa5-08d9d759ecac
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jan 2022 12:32:27.6632 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 1Ns8SvTNWB5EvUXAU26xXbVVhLIxrRpqADcvlsJkw0oFl7jC1bfxFzU6gy361bVyIewUyauixwT8W8EzTJ5JEg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2638
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/uvJnPvyhGdzq6W1zdHD3MVWMRgs>
Subject: Re: [Dots] Last Call: <draft-ietf-dots-telemetry-19.txt> (Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry) to Proposed Standard
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jan 2022 12:32:38 -0000

Some stray thoughts

I wonder if there is a recognised terminology for attacks, threats and 
such-like.  I have been looking at I2NSF I-D recently and they are, 
well, different.  I note too that secdir reviews thereof queried some of 
the I2NSF terminology but what is right and what is wrong?.  I am 
reminded of the efforts to produce a second version of the Security 
Glossary some time ago.

I find the use of -g and -ps alien.  I worked out what they mean but 
cannot help feeling that there is a clearer way to express this, such as 
pps, bps, Bps (YANG does not like capitalisation but does allow it where 
it is widely recognised, which, for me, Bps is).

URI for IANA are inconsistent, http: and https: - since IANA allows 
http: (hurrah) I am easy with either but do like consistency

"The DOTS telemetry module (Section 10.1) uses "enumerations" rather
    than "identities" to define units, samples, and intervals because
    otherwise the namespace identifier "ietf-dots-telemetry" must be
    included when a telemetry attribute is included "
Well yes but that is saying the ietf-dots-telemetry is a bad choice of 
prefix - the 'ietf' is redundant and the 'telemetry' is prolix

       TBA: Overlapping pipe scope (see Section 12).
could do with an explanatory note, perhaps one for the RFC Editor


    vendor-id:  Vendor ID is a security vendor's Enterprise Number as
       registered with IANA [Enterprise-Numbers].  It is a four-byte
       integer value.
No, it is an integer which in this model is uint32 which can be 
represented in a number of ways

The user has to understand that [Enterprise-Numbers] is the same as 
Private Enterprise Numbers", which may not be apparent; consistent 
terminology is good.

YANG TLD is out of date and URI lacks https:

Authors vary between the frontispiece, the YANG modules and Authors' 
Addresses

Two references in the YANG modules I do not see in the I-D References
       <https://www.iana.org/assignments/protocol-numbers/>.
       "Section 4.4.2 of RFC UUUU.";
The latter is not an RFC I am familiar with (but then that is true of 
most RFC:-(

     reference
       "IANA: Private Enterprise Numbers";
would be clearer with a URI, whereever it occurs which is in more than 
one place

Security COnsiderations uses part of the YANG Guidelines template but 
not all; TLS is notable for its absence.

Tom Petch





On 10/01/2022 14:32, The IESG wrote:
>
> The IESG has received a request from the DDoS Open Threat Signaling WG (dots)
> to consider the following document: - 'Distributed Denial-of-Service Open
> Threat Signaling (DOTS) Telemetry'
>    <draft-ietf-dots-telemetry-19.txt> as Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits final
> comments on this action. Please send substantive comments to the
> last-call@ietf.org mailing lists by 2022-01-24. Exceptionally, comments may
> be sent to iesg@ietf.org instead. In either case, please retain the beginning
> of the Subject line to allow automated sorting.
>
> Abstract
>
>
>     This document aims to enrich the DOTS signal channel protocol with
>     various telemetry attributes, allowing for optimal Distributed
>     Denial-of-Service (DDoS) attack mitigation.  It specifies the normal
>     traffic baseline and attack traffic telemetry attributes a DOTS
>     client can convey to its DOTS server in the mitigation request, the
>     mitigation status telemetry attributes a DOTS server can communicate
>     to a DOTS client, and the mitigation efficacy telemetry attributes a
>     DOTS client can communicate to a DOTS server.  The telemetry
>     attributes can assist the mitigator to choose the DDoS mitigation
>     techniques and perform optimal DDoS attack mitigation.
>
>
>
>
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-dots-telemetry/
>
>
>
> No IPR declarations have been submitted directly on this I-D.
>
>
>
>
>
> _______________________________________________
> IETF-Announce mailing list
> IETF-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-announce
> .
>

v2.23.0 | Report a Bug | By Email