Re: [Dots] another option://答复: Can DOTS protocol support IP whitelist for DOTS client's AA?
"Roland Dobbins" <rdobbins@arbor.net> Fri, 29 September 2017 06:05 UTC
Return-Path: <rdobbins@arbor.net>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CBF3134A3B for <dots@ietfa.amsl.com>; Thu, 28 Sep 2017 23:05:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1u1jc5WI_NCc for <dots@ietfa.amsl.com>; Thu, 28 Sep 2017 23:05:08 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0093.outbound.protection.outlook.com [104.47.40.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2129E13219E for <Dots@ietf.org>; Thu, 28 Sep 2017 23:05:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=cO2rWgYGsHF+dXSaYvhrJDV6aQzH7Sj4BQKpnA7AEjo=; b=CFHa0ZuBju2BDYSri1xTrsaqzg4iywEff8yFLar9ituYgrhLWrLIwNyqn8SslBicnMj/FKkIA+29e/hYBMvk7LWDdR/D3emAVd6ZKCL0b/84VifSY/VDY51iHRi0cpAlWiSqbqkHR/iE3Xj1l0PF44MW1+7PV7IA1ybU7FN8qI0=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=rdobbins@arbor.net;
Received: from [172.19.254.101] (184.82.231.92) by BY1PR0101MB1029.prod.exchangelabs.com (2a01:111:e400:5005::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Fri, 29 Sep 2017 06:05:06 +0000
From: Roland Dobbins <rdobbins@arbor.net>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
Cc: Xialiang <frank.xialiang@huawei.com>, "Dots@ietf.org" <Dots@ietf.org>
Date: Fri, 29 Sep 2017 13:05:05 +0700
Message-ID: <6E4F0B0C-DB3D-4DB5-93EC-FFC652EB987A@arbor.net>
In-Reply-To: <DM5PR16MB17880F012FB44009155ADCA1EAB50@DM5PR16MB1788.namprd16.prod.outlook.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12BB2D185@DGGEML502-MBX.china.huawei.com> <C02846B1344F344EB4FAA6FA7AF481F12BB2D19B@DGGEML502-MBX.china.huawei.com> <DM5PR16MB17880F012FB44009155ADCA1EAB50@DM5PR16MB1788.namprd16.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.7r5419)
X-Originating-IP: [184.82.231.92]
X-ClientProxiedBy: SG2PR06CA0108.apcprd06.prod.outlook.com (2603:1096:3:14::34) To BY1PR0101MB1029.prod.exchangelabs.com (2a01:111:e400:5005::26)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 877b89ea-0b86-432e-c02e-08d5070008cb
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:BY1PR0101MB1029;
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 3:2T7o5sJHXJOAhz0yCVtxqK0w5TSufImIZAfl3t3+IY3Sh59wp14j42QYRbgvvs7hKGsUul+Gh0BDhENSRmGRVhbiLsUTCNknGQ8vs1ev1vt7rI9uT3FgbgF21QHWonpSQMjO4yK+lBjK6xKOTerUMHJHn2clGnFX8vF/nmGdc/kEP5ROb8TSgC1exl5mgnpPgTo6CwYQibhfUIMIdhIDhZprxfSh1UfBPZQ49Vsr3tFY0H3cZqL8/blsmwi8+bQf; 25:Az8Rsngl7CHlwcZPkfRhMRWlgalVOUaZxhNcfapXoruzVkNJ9vN/p4+a/4xNV8r21vHGbINdiR3dSQfl7DmFvj/KW1S8kMm5PtdjxcHHlevjhOGx94jwzsVLfj0tD6iVqqivhBFd55HkB9uQYCAejW5qmZzObj9dSR0nMEJYLOmXPt4ugdKK9sOFNSZ6hGrXHzGxCFEhmEZ0sVq+iGhjyggRefDeY4gOjiiuEK26oBNrAhLbBOyhDWuPZNrGu/KynM2hJwLKSsaLKBiGKQkgS3xxZ0mz1Z6g7SopyExe/0/i/dxjc/GbAKkcipjk5hyY4fFl16Tv9Kpc2NEigfoC3g==; 31:yx2P0z7+4oNU06CMXGUG3bfFqbNpgt0l07EN4YMNy0Tj0/ymlU+6wYZjQEJKcjVUjFLbjlNU2zWJLqeDThweHa3mJVHWPjol0gYtAX+e55YISCdbF6sSV+q3j7uv60zb3AHol2HuIlOg5pyy4/AAMDlnhynuUVMd/BBBkjADKzHpJMt/NVARAdWtsFgh57u8G4TS40NCT19zmlGmYAcNdGjHiaKwv/+jUIKZlA/1bjo=
X-MS-TrafficTypeDiagnostic: BY1PR0101MB1029:
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 20:9nQ0zEyxXRk0NKzGmN0GRhX1yWvCieY48IvVSFrIP+xssdiM/UNAUsZOXC7lCDtT+7+gIcDnMcatAjQ9MRVXBlJ5fRnsXLbwZl5MXxlXwBSQF36XJnsSunCf5fXELgBCH/eokyQAOKkY6mqbrI8NJ09RHUN/mI4s4zFLfzebmgoR3XTZyrH9C+ro3PscSsy9W53UZj9+G99yJDZqU5cqnR54nxFt4uED1N7pVPDkFdO85/j78WLs2PA06juCKd7VBtSWwEOL6XvQhB3oAtfWAn+PPhiiL9z7p80obRXeUx4Bu+bX/ijnpnqsXwvyZ0zpJ/enBjTpQHPUstj+q8RttQx8HZpXpkxrvYqV2WOISaGxujxyRv2XkcESeX1prh69Jte6Cwl/yX35YzF53GwxJkAtns6uNBLnY3wm6yMd4BsfXpRY+T0eaX/DBuF90o0QG1HG++G2JgKqtTobJ7O0FhZy/EDqAUVZqcO1LaME/qqDqUemSYzg7pcGZtT2+TPE; 4:YJFsRhaDC0AMbz0tYONWzHiI+OCJ0gvTuiPC6uRhqAb5jVsr2Kqfyb8QIl1BR9AfeY/GndseZkUU/njmnUIj/JTWNmKRmDtBfTKWakn43u0d0RDwRxMk9I+3v2OTMlv8jOklfXmNPOR7a3xWinbijBlUy9EIhxc6CFP9CR+zbp8x1wjGfhdwLJ+btMHjoqQ11ZVCE6axaEWk0WJl8daMju514KVHOBnlBDiUyQCdoIZBoQtA5u69QsMkrEYiYcfB
X-Exchange-Antispam-Report-Test: UriScan:;
X-Microsoft-Antispam-PRVS: <BY1PR0101MB1029406725F92DBAACC0D5BBCA7E0@BY1PR0101MB1029.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123562025)(20161123564025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BY1PR0101MB1029; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY1PR0101MB1029;
X-Forefront-PRVS: 0445A82F82
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6049001)(6009001)(376002)(39830400002)(346002)(24454002)(199003)(189002)(2870700001)(316002)(224303003)(50986999)(86362001)(33656002)(6486002)(82746002)(478600001)(16576012)(23676002)(105586002)(77096006)(47776003)(66066001)(5660300001)(558084003)(7736002)(305945005)(189998001)(53936002)(106356001)(101416001)(6246003)(53546010)(2950100002)(4326008)(83716003)(6916009)(68736007)(2906002)(50466002)(6116002)(97736004)(229853002)(3846002)(76176999)(50226002)(25786009)(8936002)(16526017)(54906003)(36756003)(81166006)(81156014); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0101MB1029; H:[172.19.254.101]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: arbor.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;BY1PR0101MB1029;23:LnNhmviHvHYqyJQFcVuLcwmZ32IFoNlYyQetT2aEUcg3BlIhLfR0U02G0Sc4y+tfA7wwR6u5A0ZAvxlVE0dxOcaS3UFFi6ZC2511IXmCqtRjDLVh/PJ3S9+4GMZyBgvBa8f8+5uqsDJdrXYAdBv5aooo04uQxnGRFku8qEItfqMngoZQzvyerhNTWgkzD31Rzozfp43yC3ySso0eyBzEKA5FEBhQTH0pCiSJs/VWe79OmhEJk0ivt7PiRV25RgxquGFnpDFJPJ2EsH6WuYS3OyW6xuOhj555xcG0C49ZsYcvYKjBmvBMeNVMWH8F8ZXCEURmtfQfMHSW1fmTn2w7kaf8RvO0Qjqe+vXp1MvDm657QaYdCxw9ovSKtCTvtF3zNZna55wwoczHHzQICj3ofSPtU98bSXk6j4tipetnd4IymtpOdI0Iu6M8NyLdp1RaeYlzzjoiOyHCsBIw2CVOMjnv3SCQuaWhxXF/renLhyyHxCHFnfNBXknISqPmZkkCgN9uFBAFMnr9NjIOs9fwtIwRSKLycK7cYk+xyoCwAZhYyoFmT+n3F502FbHpVARqj7TkxOUNPWSZWqtm1xy09/tzcfYNtIR6Puw96nXq9JsJEludf4q0086BhFHceDQ9a9aa4P3KtfrE8woq/9siGP1vn5LG+JX8IMLR0XBpQqcD39SGZHNLiFhjLzOk9yt/I5ykxUUtx5tMHZbqIMQnl7SsSQIrNqFOJ90P3SYGaXckxeaL9HCoTZBYJTTzO5KDNGCIi8mjNcM/Py5in1ur0UEUA09KCONXX2zJB8ea2yTER+IzByvaRsvuQoUJYMfd6gPAJu1Zqp5EKZIMW6wugYVirT0sPdJxxSDAcw4zYhND3x4M7/jHAlFTP3fwhdM+QErZ7beMQ+F268f4iVuyh3M+V3zDjQaKgT6lFztN3CH5xTk1/QwsKzQHrtVEnKF4vrvc35Nb6WyQumeQM/eNlqo4MU5PCwOLH8e46gGQ/CHo++NNtHcctJNodX7LcHbD7d9yZdOXgg+8mz3rDrIMOUajE871DFjO+nHXudy5nxWfWSYky0pMvDT4szcfMpGt0HpURQAlpSmSBKVzaVgg0ADPPc37pY95qDYYee/1a/VepzgtRrvc9JZqGUdshMkkjb+87g3aoaX6eq2CltQzIpb9/moXt0wxZF8pJ2rVyQMwuHxOlKAYMS1y8MXs9i5EXxlnwsNSdqt61Emad2swcb6Q3vXS89ntvy9TiHziAVY=
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0101MB1029; 6:evtEY1FT4nOoF2HlFay/7i9C9YA5zqV+TF+nFHdADAEvYnzqmDWTRWd/yj0y6cXf8gJ9lSMwj4aKbvBS3ZvUOYbHK4qIAG+vBIHzyku0UUrwMReR9NpEQfgE6hvDJezxHkxkaZshEnx+Tx89TZwAiIVct8RFDJll/VCHpX7/01b53xI9pH6vsYcpauuYPmXIGZD9ihDHd20Z63fIFvkDz+COY/6C2dVKoe87ITH4pNtZZz+be6L7aTcW6RLAH65Gl7XkXGtCQaLBUlanjqURnVFxCqRg0FUMYYQ/uYCcT0bRkIVNcFTHTcgCEbhcc6hEVo9AONwbPzmfRH/Spb91iQ==; 5:566HbwaZKyAJ8bWlvuEV1P3G1JfCpiVH9ZQKnlA1xykaEvHyO+rLuFNTbdfGVKwzm8e9b1tpQWiJs+/LtAJ2P+Kvp3XgVhb/bpd0DVvi/J7MSLzwNqoAq7Vysi26CUx3R/WacNuoMRrEzX/vJN1H7A==; 24:xcN+tr2ap9RhK7irfUnTqgPjrdl85P3mo+LkR3nqHcjXW9z5g7iNVlWPEfR3iS9cdiw+q2nEETvdxYMYdrhNy/zT1ristg0u1AHNr14WOns=; 7:qXFuVLzlWxpNGoxNy78kB1t5ggV9YgZMrX+Ch+ztSDCJpZ2t2PtQ6P+1eXzW/7FqKhgxRAj42twG/NuY0u9T61lzLc/IfsYQp3Lu85XUmxbwFekAai7iw1HIxH30tCzvKyn9dyYTjCzO86nrxAcW4wM66XTx4XoMWHlxgmDbZUB52mF/yx6o2oH+qlaXRHgjLJhPEQpP8l5oLAyPg7tQh1TepcgD8/q3nATyhs5wEZA=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Sep 2017 06:05:06.0352 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 54f11205-d4aa-4809-bd36-0b542199c5b2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0101MB1029
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/w0arKC-q0uKUiBnem7_gZjGqeew>
Subject: Re: [Dots] another option://答复: Can DOTS protocol support IP whitelist for DOTS client's AA?
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Sep 2017 06:05:09 -0000
On 7 Aug 2017, at 16:50, Konda, Tirumaleswar Reddy wrote: > I don’t think DOTS should relax the mutual authentication and > encryption requirements. Concur. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>
- Re: [Dots] another option://答复: Can DOTS protocol… Konda, Tirumaleswar Reddy
- Re: [Dots] another option://答复: Can DOTS protocol… kaname nishizuka
- [Dots] Can DOTS protocol support IP whitelist for… Xialiang (Frank)
- [Dots] another option://答复: Can DOTS protocol sup… Xialiang (Frank)
- Re: [Dots] Can DOTS protocol support IP whitelist… Artyom Gavrichenkov
- Re: [Dots] another option://答复: Can DOTS protocol… Konda, Tirumaleswar Reddy
- [Dots] 答复: another option://答复: Can DOTS protocol… Xialiang (Frank)
- Re: [Dots] another option://答复: Can DOTS protocol… Konda, Tirumaleswar Reddy
- Re: [Dots] another option://答复: Can DOTS protocol… kaname nishizuka
- Re: [Dots] another option://答复: Can DOTS protocol… Konda, Tirumaleswar Reddy
- Re: [Dots] another option://答复: Can DOTS protocol… Roland Dobbins
- Re: [Dots] another option://答复: Can DOTS protocol… Roland Dobbins