IETF Logo Mail Archive

Re: [Dots] WGLC for draft-ietf-dots-rfc8782-bis-01

mohamed.boucadair@orange.com Wed, 07 October 2020 06:24 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D09723A1650; Tue, 6 Oct 2020 23:24:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZosljLn-7TV; Tue, 6 Oct 2020 23:24:04 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BC153A1170; Tue, 6 Oct 2020 23:24:04 -0700 (PDT)
Received: from opfedar00.francetelecom.fr (unknown [xx.xx.xx.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by opfedar24.francetelecom.fr (ESMTP service) with ESMTPS id 4C5knG3FFPz5x9h; Wed, 7 Oct 2020 08:24:02 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1602051842; bh=ZzZq9TL5zLiby3xazVQ/ZbXQgqNdxxTCfcGU0pCoTUI=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=hKJJAYMjj51zuhEi2x5afoyxnRKKZTWG/pnt9T5YN4h20RXXuQ/yXiGzFup3bfuEn CIuF57xDg/ZV7QRiFqzXYFfep7OP71FDNlaSo2oSZXBHa3uTo9K/fs8W1o3HdJ7573 FLegtSM8EIxFL0fZol7MElNriaxQ30ZCk+62LISwZimdYQjJzdCYgLDWTXu6IBr1LL VCXH29HrUfelMFagL3zdVS647biHLebRKJtp1foDD/EYSfZp3rp2NtUuzzD80aWH1x Owfaz1v/QOJtnl3du6GfWpTpLiK0esemcgsUlQkD52EjAoWTQ5Z+VXdWfJVPYjqWLQ zOXfWUfSCzaLQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by opfedar00.francetelecom.fr (ESMTP service) with ESMTPS id 4C5knG1tMfzCqkC; Wed, 7 Oct 2020 08:24:02 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Yasuaki Morita <yasuaki.morita@lepidum.co.jp>
CC: Valery Smyslov <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>, "dots-chairs@ietf.org" <dots-chairs@ietf.org>, "draft-ietf-dots-rfc8782-bis@ietf.org" <draft-ietf-dots-rfc8782-bis@ietf.org>
Thread-Topic: [Dots] WGLC for draft-ietf-dots-rfc8782-bis-01
Thread-Index: AQHWm/Eq/T+7BVNhfkehy5Yxe/q6zKmLqUxg
Date: Wed, 07 Oct 2020 06:24:01 +0000
Message-ID: <17820_1602051842_5F7D5F02_17820_303_1_787AE7BB302AE849A7480A190F8B93303154E25F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <14ca01d69bd5$dbf0d0a0$93d271e0$@smyslov.net> <CAFDrJwkTPz7xHHxjOGk66XFJsgh=e0Zhri+4rXnPt7WQT_icBA@mail.gmail.com> <14948_1601988535_5F7C67B7_14948_426_3_787AE7BB302AE849A7480A190F8B93303154DCDC@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAFDrJw=D1+eqLTfF=y_sbr0eS=2B7d3SmVa-fczoShn18WtWHQ@mail.gmail.com>
In-Reply-To: <CAFDrJw=D1+eqLTfF=y_sbr0eS=2B7d3SmVa-fczoShn18WtWHQ@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/yo-aT614TJAd79G9pZ4MOroCRcQ>
Subject: Re: [Dots] WGLC for draft-ietf-dots-rfc8782-bis-01
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 06:24:06 -0000

Hi Yasuaki, 

Thank you for clarifying. 

> I can explain the use case but I am not sure it is meaningful.
> Let a client send a PUT mitigation request to the server, and
> another client program send a GET request to obtain that mitigation
> request.
> In this case, the latter client might get more information if the
> GET response includes attack-status.

(Putting aside how the information will be used by the second client: anomaly detect among clients of the same domain(?))

This assumes that the server maintains two mitigation requests with conflicting scopes and which are issued by distinct clients of the same domain. This is not allowed in the current spec. When such mitigations are received, is likely to maintain only one of them active. 

So even if the constraint is relaxed to echo "attack-status" by a server, only the client that communicated the parameter can access it ... but I don't see why we need to do that.  

Cheers,
Med

> -----Message d'origine-----
> De : Yasuaki Morita [mailto:yasuaki.morita@lepidum.co.jp]
> Envoyé : mardi 6 octobre 2020 16:58
> À : BOUCADAIR Mohamed TGI/OLN <mohamed.boucadair@orange.com>
> Cc : Valery Smyslov <valery@smyslov.net>; dots@ietf.org; dots-
> chairs@ietf.org; draft-ietf-dots-rfc8782-bis@ietf.org
> Objet : Re: [Dots] WGLC for draft-ietf-dots-rfc8782-bis-01
> 
> Hi Med
> 
> Thank you for your reply.
> 
> > [Med] It is mandatory in a request and an accepted mitigation
> response, but not in a conflict response for instance.
> > The structure applies of the mitigation independently whether this
> a request, response, conflict, efficacy update, etc.
> 
> I see, I understand.
> 
> > [Med] "attack-status" is an attribute that is sent by a client to
> share its view on the attack with the server. The server manipulates
> "status" to report the status as seen at the server side.
> > The server does not include the "attack-status" (received from the
> client) in a GET.
> >
> > > There is no reason to restrict the server sending attack-status
> to
> > > the clients.
> 
> Perhaps this is something I didn't understand correctly about the
> use of "attack-status" in RFC8782 (not bis), which defines "attack-
> status"
> as the following.
> 
>            |     +--rw attack-status?          iana-signal:attack-
> status
> 
> >
> > [Med] What would be the use case if that constraint was relaxed?
> 
> I can explain the use case but I am not sure it is meaningful.
> Let a client send a PUT mitigation request to the server, and
> another client program send a GET request to obtain that mitigation
> request.
> In this case, the latter client might get more information if the
> GET response includes attack-status.
> 


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email