IETF Logo Mail Archive

Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-23.txt

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 28 August 2018 13:43 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6071130F55 for <dots@ietfa.amsl.com>; Tue, 28 Aug 2018 06:43:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZeHQhSC0q7p for <dots@ietfa.amsl.com>; Tue, 28 Aug 2018 06:43:52 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4188B130F58 for <dots@ietf.org>; Tue, 28 Aug 2018 06:43:52 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1535463842; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-exchange-antispam-report-test: x-ms-exchange-senderadcheck:x-exchange-antispam-report-cfa-test: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=F r9KTbQ+EVSki4AaifCxekPHF06/3IyRmfUYouOpTC 4=; b=Nx2RlIG9CeA6Ky7SmCrQxCDeq7x0H6wEKQmFW1S69xJl 0ESiNYwHjx0YsUly/5FVrASYs4+r39oLOrGx/OOefrOjZnPPmW Z8Ys2zkA4kQK6v5E8X5zA7A5BZthmZwAny4lNluWqAPn9Z/9TH y+/2HtxiSt3ZzsHOlpwtkXW0ziE=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 3126_8875_afb969f2_7b34_400b_9f7b_08a260e9bd6d; Tue, 28 Aug 2018 08:44:01 -0500
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 28 Aug 2018 07:42:59 -0600
Received: from DNVEX10N01.corpzone.internalzone.com (10.44.82.192) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Tue, 28 Aug 2018 07:42:59 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEX10N01.corpzone.internalzone.com (10.44.82.192) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 28 Aug 2018 07:42:59 -0600
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 28 Aug 2018 07:42:58 -0600
Received: from BN6PR16MB1425.namprd16.prod.outlook.com (10.172.207.19) by BN6PR16MB1586.namprd16.prod.outlook.com (10.172.208.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1080.14; Tue, 28 Aug 2018 13:42:56 +0000
Received: from BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::70b9:d1c3:ceda:596]) by BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::70b9:d1c3:ceda:596%4]) with mapi id 15.20.1080.015; Tue, 28 Aug 2018 13:42:56 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: kaname nishizuka <kaname@nttv6.jp>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] I-D Action: draft-ietf-dots-signal-channel-23.txt
Thread-Index: AQHUNiXwJ7qUEGeO/kqEzSoNu5xIs6TU5dOAgABVjMA=
Date: Tue, 28 Aug 2018 13:42:56 +0000
Message-ID: <BN6PR16MB14250EB96CE34C0846F73B10EA0A0@BN6PR16MB1425.namprd16.prod.outlook.com>
References: <153450832098.18132.7342824614297335945@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302DFAB5EC@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <63f96d7b-77f0-e5c4-6759-1225079f84f6@nttv6.jp>
In-Reply-To: <63f96d7b-77f0-e5c4-6759-1225079f84f6@nttv6.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.500.52
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [185.221.69.47]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR16MB1586; 6:XAp1IDQlutED65Hs28qjr66daE9pIk+2FLCOGlym6BLqG5EB2IhBe4KTC4U9lqfD+7wTcWfq7USJ0575xVWu+Qn9WVEO7Q2sOh/hNqiBtk8TWKI7FkhRaMtYN9jwq7tIQQbGZvao65puHsqKjwxrYHiTCe0Xvv14qLNiPj6EHy1dax3qqCZx8lypkyWG5/LTVWEUa2XF5bZ5Tgx0sbbOTq2IkYFfHi4bu7MxzY9tsutusLdi7v4CvTRq1nzESfM+J5DIoXxefNSCpSXBsdjj3KhAHT/LDU4NDKmduFgBJIH+ig8KEGaWLph+27vihulxh2Mh1lN1DP4s9nPpFZ2MaJrVo6OYf7VVRanBsNS8U2DAsCSDP5NzGr9fijPV0Fkm/8nNGAofd3pB5fPBH+5iWAwN6PzB9AIi/10P0Fe1BwuqfLwy/jGLG2xR0M6HTX3NjHxf+TihpPImiExqzdOWog==; 5:6XTWAGvKu6jj/R42Zp0fi1VkDAzE90TQavFKno9QX/B23+N/PsaADQVZ3tnOeszggAetwnonvFThvbLPc/FYuaqrtpJPjZuZ1FBrVnsCj4oHIgK2eaXoM1YFwSAuDTimnzgDMDqq/f/bXGtsJ4q0ym8kYYDgngWkEiOTWA2RkuY=; 7:f2IZgXcKEAJYRvawgFVStspYxCIgGalBPEaHpbc/yPU7Ts23lpCWunQhzxl5ADHj1+Pna/My64Orfu3XidCPRNdg4sA17ZdGL4hyPYq6zi226SXrU1H02Pg5cTPvdebdw7OKKuuC8LiaHvQjtgUB/J6QtNhVLfpuM08wrNOYBJDiGyM/w9zSzz3s8fk3Q/TysPOVtE/aIoiG9uA6YmDemPzQtAR2s0L5/3axt7Wwwf4dKIm70orY1vsHk/VAQdBY
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 721dacd1-b57b-496b-0b43-08d60cec2956
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:BN6PR16MB1586;
x-ms-traffictypediagnostic: BN6PR16MB1586:
x-microsoft-antispam-prvs: <BN6PR16MB1586E2B47A92C171A3185F39EA0A0@BN6PR16MB1586.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(120809045254105)(161740460382875)(18271650672692)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(3231311)(944501410)(52105095)(149027)(150027)(6041310)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(201708071742011)(7699016); SRVR:BN6PR16MB1586; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB1586;
x-forefront-prvs: 077884B8B5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(39860400002)(376002)(346002)(396003)(55784004)(53754006)(32952001)(199004)(189003)(106356001)(14454004)(2906002)(7696005)(86362001)(76176011)(105586002)(476003)(7736002)(21615005)(99286004)(229853002)(74316002)(186003)(446003)(26005)(102836004)(3846002)(790700001)(6116002)(316002)(53546011)(8936002)(110136005)(11346002)(5660300001)(80792005)(55016002)(33656002)(6306002)(53936002)(9686003)(54896002)(606006)(6506007)(6436002)(486006)(9326002)(256004)(8676002)(2501003)(5250100002)(81156014)(81166006)(68736007)(478600001)(25786009)(14444005)(66066001)(6246003)(97736004)(5024004)(2900100001)(72206003)(966005)(236005)(561944003)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB1586; H:BN6PR16MB1425.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: g/pNi//Aen3/Oj9kDtXm4DEqEeBcW7jaI5oWpeRKZv8jFLg/uE17v3++bqDky9YNny4FOy/e47ou9oCyILX79y/Fk9jj1h+O62W/aJ85ucsxgazKPKqW20ImZjlFUZeluLOVtOH+UOm0bibF0BrE6ZhMPHnXLpUpf9M6ExZoV+TBhxdR2te8KJL532dSIfahadq7jHoyUW8efkStE98HUxZYk5higs0NBsccuWLlh5JwW6PngN7YnrlcybT2KgJYQ5F/qjc/SbTsbUhmjwLl+jWCI7+k6D8n/qI7fhxouOk3Se8sQVzXZFT26gR8B0oH2ZAJWBx3zFegyL2VYfZ+gqLV8G1XqycuOWCDE4CrG5A=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN6PR16MB14250EB96CE34C0846F73B10EA0A0BN6PR16MB1425namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 721dacd1-b57b-496b-0b43-08d60cec2956
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2018 13:42:56.4198 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB1586
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6361> : inlines <6831> : streams <1796807> : uri <2697908>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/xgPB5ObdtEPXWn4UWL6AY3j2PjI>
Subject: Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-23.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2018 13:44:03 -0000

Hi Kaname,

Please see inline.

From: Dots <dots-bounces@ietf.org> On Behalf Of kaname nishizuka
Sent: Tuesday, August 28, 2018 1:58 PM
To: dots@ietf.org
Subject: Re: [Dots] I-D Action: draft-ietf-dots-signal-channel-23.txt


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi,

I did a review on -23 of the signal channel draft:



1. [correction] GET request can be without 'sid' Uri-Path parameter.

<

   If a non-zero value of Max-Age Option is received by a DOTS client,

   it MUST issue a GET request with 'sid' Uri-Path parameter to retrieve

   the current and acceptable configuration before the expiry of the

   value enclosed in the Max-Age option.

>

   If a non-zero value of Max-Age Option is received by a DOTS client,

   it MUST issue a GET request to retrieve

   the current and acceptable configuration before the expiry of the

   value enclosed in the Max-Age option.



[TR] The proposed line is not correct. The client has to use GET request with ‘sid’ to refresh the configuration parameters it had previously negotiated.





2. [proposal] Adding trigger-mitigation to several example figures about mitigation request



[TR] The default value of trigger-mitigation is ‘true’, I don’t see the need to explicitly convey the attribute in the mitigation request.



-Tiru



Figure 7.

{

 "ietf-dots-signal-channel:mitigation-scope": {

   "scope": [

     {

       "target-prefix": [

          "2001:db8:6401::1/128",

          "2001:db8:6401::2/128"

        ],

       "target-port-range": [

         {

           "lower-port": 80

         },

         {

           "lower-port": 443

         },

         {

            "lower-port": 8080

         }

        ],

        "target-protocol": [

          6

        ],

       "lifetime": 3600,

       "trigger-mitigation": true

     }

   ]

 }

}



Figure 8.

A1                                      # map(1)

   01                                   # unsigned(1)

   A1                                   # map(1)

      02                                # unsigned(2)

      81                                # array(1)

         A5                             # map(5)

            06                          # unsigned(6)

            82                          # array(2)

               74                       # text(20)

                  323030313A6462383A363430313A3A312F313238 # "2001:db8:6401::1/128"

               74                       # text(20)

                  323030313A6462383A363430313A3A322F313238 # "2001:db8:6401::2/128"

            07                          # unsigned(7)

            83                          # array(3)

               A1                       # map(1)

                  08                    # unsigned(8)

                  18 50                 # unsigned(80)

               A1                       # map(1)

                  08                    # unsigned(8)

                  19 01BB               # unsigned(443)

               A1                       # map(1)

                  08                    # unsigned(8)

                  19 1F90               # unsigned(8080)

            0A                          # unsigned(10)

            81                          # array(1)

               06                       # unsigned(6)

            0E                          # unsigned(14)

            19 0E10                     # unsigned(3600)

            18 2D                       # unsigned(45)

            F5                          # primitive(21)





thanks,

Kaname


On 2018/08/17 21:28, mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com> wrote:

Hi all,



This version follows the recommendations from the core WG:

* Move Hop-Limit text to a separate I-D: I-D.boucadair-core-hop-limit.

* Abandon the use of 3.00, but use 5.03 instead.



The good news is that these changes are straightforward and do not hold publication because I-D.boucadair-core-hop-limit is not a normative reference.



We also updated the text to reflect the recent publication of RFC8446 (TLS 1.3). Changes are tweaked to be aligned with the discussion with Benjamin (thanks).



Chairs, the token is yours now :)



Cheers,

Med



-----Message d'origine-----

De : I-D-Announce [mailto:i-d-announce-bounces@ietf.org] De la part de

internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>

Envoyé : vendredi 17 août 2018 14:19

À : i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>

Cc : dots@ietf.org<mailto:dots@ietf.org>

Objet : I-D Action: draft-ietf-dots-signal-channel-23.txt





A New Internet-Draft is available from the on-line Internet-Drafts

directories.

This draft is a work item of the DDoS Open Threat Signaling WG of the IETF.



        Title           : Distributed Denial-of-Service Open Threat Signaling

(DOTS) Signal Channel Specification

        Authors         : Tirumaleswar Reddy

                          Mohamed Boucadair

                          Prashanth Patil

                          Andrew Mortensen

                          Nik Teague

  Filename        : draft-ietf-dots-signal-channel-23.txt

  Pages           : 87

  Date            : 2018-08-17



Abstract:

   This document specifies the DOTS signal channel, a protocol for

   signaling the need for protection against Distributed Denial-of-

   Service (DDoS) attacks to a server capable of enabling network

   traffic mitigation on behalf of the requesting client.



   A companion document defines the DOTS data channel, a separate

   reliable communication layer for DOTS management and configuration

   purposes.



Editorial Note (To be removed by RFC Editor)



   Please update these statements within the document with the RFC

   number to be assigned to this document:



   o  "This version of this YANG module is part of RFC XXXX;"



   o  "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling

      (DOTS) Signal Channel Specification";



   o  "| [RFCXXXX] |"



   o  reference: RFC XXXX



   Please update TBD statements with the port number to be assigned to

   DOTS Signal Channel Protocol.



   Also, please update the "revision" date of the YANG module.





The IETF datatracker status page for this draft is:

https://datatracker.ietf.org/doc/draft-ietf-dots-signal-channel/



There are also htmlized versions available at:

https://tools.ietf.org/html/draft-ietf-dots-signal-channel-23

https://datatracker.ietf.org/doc/html/draft-ietf-dots-signal-channel-23



A diff from the previous version is available at:

https://www.ietf.org/rfcdiff?url2=draft-ietf-dots-signal-channel-23





Please note that it may take a couple of minutes from the time of submission

until the htmlized version and diff are available at tools.ietf.org.



Internet-Drafts are also available by anonymous FTP at:

ftp://ftp.ietf.org/internet-drafts/



_______________________________________________

I-D-Announce mailing list

I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>

https://www.ietf.org/mailman/listinfo/i-d-announce

Internet-Draft directories: http://www.ietf.org/shadow.html

or ftp://ftp.ietf.org/ietf/1shadow-sites.txt



_______________________________________________

Dots mailing list

Dots@ietf.org<mailto:Dots@ietf.org>

https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email