Re: [Dots] WGLC for draft-dots-use-cases-19

<mohamed.boucadair@orange.com> Tue, 06 August 2019 07:20 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF0DB12013B for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 00:20:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ARuWDsImnnVa for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 00:20:32 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D234412034B for <dots@ietf.org>; Tue, 6 Aug 2019 00:20:31 -0700 (PDT)
Received: from opfednr00.francetelecom.fr (unknown [xx.xx.xx.64]) by opfednr27.francetelecom.fr (ESMTP service) with ESMTP id 462mHy04H3z4xN4; Tue, 6 Aug 2019 09:20:30 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.51]) by opfednr00.francetelecom.fr (ESMTP service) with ESMTP id 462mHx6SJyzDq7b; Tue, 6 Aug 2019 09:20:29 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM22.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0468.000; Tue, 6 Aug 2019 09:20:29 +0200
From: <mohamed.boucadair@orange.com>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, "Valery Smyslov" <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>
CC: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
Thread-Topic: [Dots] WGLC for draft-dots-use-cases-19
Thread-Index: AdVMHvzhmt/V33ByRr+d368GCi1ExgABDh/gAAA/2oA=
Date: Tue, 6 Aug 2019 07:20:28 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
In-Reply-To: <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/vAvUUV70QPqVBrQ78zefGvAFx7I>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 07:20:35 -0000

Hi Tiru, 

The NEW text indicates the following: 

==
   In addition to the above DDoS Orchestration, the selected DDoS
   mitigation systems can return back a mitigation request to the
   orchestrator as an offloading. 
                     ^^^^^^^^^^^
   ....
   the DDoS mitigation system can send mitigation requests
   with additional hints such as its blocked traffic information to the
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^          
   orchestrator.
==

Which means that the DMS is blocking that traffic based on "some" information. That same information is passed to an orchestrator so that it can filter the traffic. What changes is ** how/where ** filters are installed. 

Like the interface with a mitigator, the interface between the controller and underlying routers is out of scope. 

>From a DOTS perspective, the information supplied by the DMS to an Orchestrator is considered as "additional hints" which is adhering to RFC8612:

==
   GEN-004  Mitigation Hinting: DOTS clients may have access to attack
      details that can be used to inform mitigation techniques.  Example
      attack details might include locally collected fingerprints for an
      on-going attack, or anticipated or active attack focal points
      based on other threat intelligence.  DOTS clients MAY send
      mitigation hints derived from attack details to DOTS servers, with
      the full understanding that the DOTS server MAY ignore mitigation
      hints.
==   

I don't think there are new security considerations induced by the NEW text.  

Cheers,
Med

> -----Message d'origine-----
> De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda, Tirumaleswar
> Reddy
> Envoyé : mardi 6 août 2019 08:52
> À : Valery Smyslov; dots@ietf.org
> Cc : Xialiang (Frank, Network Standard & Patent Dept)
> Objet : Re: [Dots] WGLC for draft-dots-use-cases-19
> 
> The security implications of the new use case need to be discussed in the
> draft, please see https://mailarchive.ietf.org/arch/msg/dots/tb-
> 1ojJ6TmSmRUci6JoUeD-gB1Y
> 
> Cheers,
> -Tiru
> 
> > -----Original Message-----
> > From: Dots <dots-bounces@ietf.org>; On Behalf Of Valery Smyslov
> > Sent: Tuesday, August 6, 2019 11:56 AM
> > To: dots@ietf.org
> > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > <frank.xialiang@huawei.com>;
> > Subject: [Dots] WGLC for draft-dots-use-cases-19
> >
> >
> >
> > Hi,
> >
> > this message starts a short WGLC for draft-ietf-dots-use-cases-19 to
> confirm
> > the WG consensus regarding the latest addition of a new use case to the
> > draft.
> > The WGLS will last one week and will end on Tuesday, 13 August.
> >
> > Regards,
> > Frank & Valery.
> >
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots