Re: [Dots] clarification questions from the hackathon
"Jon Shallow" <supjps-ietf@jpshallow.com> Mon, 01 April 2019 11:26 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4139B1200F4 for <dots@ietfa.amsl.com>; Mon, 1 Apr 2019 04:26:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhVxhQstEJh8 for <dots@ietfa.amsl.com>; Mon, 1 Apr 2019 04:26:51 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0782E1200E3 for <dots@ietf.org>; Mon, 1 Apr 2019 04:26:50 -0700 (PDT)
Received: from [127.0.0.1] (helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.91) (envelope-from <jon.shallow@jpshallow.com>) id 1hAv5S-00022D-7k; Mon, 01 Apr 2019 12:26:46 +0100
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: mohamed.boucadair@orange.com, kaname nishizuka <kaname@nttv6.jp>, dots@ietf.org
References: <108a01d4e588$72f886b0$58e99410$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93302EA4F27E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B93302EA50720@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA50720@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Mon, 01 Apr 2019 12:26:44 +0100
Message-ID: <13aa01d4e87d$cafde560$60f9b020$@jpshallow.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-gb
Thread-Index: AQHt3r5uLxQCm36T4hpiV9AQ3uXfywEEvNQdAusoxfCl1b6fwA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/zOwMlA0HPWLU9DYy0MAGq9pJI4E>
Subject: Re: [Dots] clarification questions from the hackathon
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2019 11:26:53 -0000
Hi Med, Changes look good to me - thanks. Regards Jon > -----Original Message----- > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of mohamed.boucadair@orange.com > Sent: 01 April 2019 12:13 > To: Jon Shallow; kaname nishizuka; dots@ietf.org > Subject: Re: [Dots] clarification questions from the hackathon > > Jon, Kaname, all, > > FWIW, a proposal to integrate the interop comments is available at: > https://github.com/boucadair/filter-control/blob/master/wdiff%20draft- > nishizuka-dots-signal-control-filtering-05.txt%20draft-nishizuka-dots-signal- > control-filtering-06.pdf > > Cheers, > Med > > > > > > > > > > -----Message d'origine----- > > > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de kaname > nishizuka > > > > > Envoyé : jeudi 28 mars 2019 11:38 > > > > > À : dots@ietf.org > > > > > Objet : [Dots] clarification questions from the hackathon > > > > > > > > > > Hi, > > > > > > > > > > I'd like to continue discussion of these topics in the ML. > > > > > > > > > > #1: Questions about signal-control-filtering > > > > > 1. Should a mitigation request create a mitigation before doing a PUT > > + > > > > > acl-list [{acl-name, activation-type}] against the active mitigation, > > or > > > is a > > > > > ‘PUT + acl-list [{acl-name, activation-type}]’ allowed to create a new > > > > > mitigation? > > > > > > > > [Med] Both are currently allowed in the draft. I don't still a valid > > reason > > > to > > > > restrict this. > > > > > > [Jon] As per draft > > > A DOTS client MUST NOT use the filtering control over DOTS signal > > > channel if no attack (mitigation) is active; > > > > > > > [Med] What is meant actually is: > > > > A DOTS client MUST NOT use the filtering control over DOTS signal > > channel in 'idle' time; > > > > Will update the text. > > > > > [Jon] then needs to be reworded as there is no active mitigation until the > > > PUT is done... > > > I believe that both cases should be supported. > > > > > > > > > 2. Should the response to a GET (or Observed GET) include the acl- > > list > > > > > [{acl-name, activation-type}] if the PUT included it? > > > > > > > > [Med] The current spec says "no". That's said, what would be the value > in > > > > returning it? Then, why not allowing to return the references to all ACLs > > > that > > > > are enabled during the mitigation time? > > > > > > > [Jon] When observing the mitigation request, if the activation-type is > > > changed externally, the client will then know about the change. Assuming > > the > > > response got back to the client, this is effectively an ACK to the fact > > that > > > the ACL change got through. > > > > [Med] The observe case makes sense, indeed. > > > > > > > > Interesting concept about knowing about all the relevant ACLs as returned > > > over the signal channel. More work for the server to do in determining > > which > > > ACLs are valid for, say, a specific IP address that is being mitigated. > > Not > > > entirely convinced of the benefit of this as this generally is available > > over > > > the data channel. > > > > > > > [Med] I'm not convinced, either. > > > _______________________________________________ > Dots mailing list > Dots@ietf.org > https://www.ietf.org/mailman/listinfo/dots
- [Dots] clarification questions from the hackathon kaname nishizuka
- Re: [Dots] clarification questions from the hacka… Olli Vanhoja
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… Jon Shallow
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… Jon Shallow
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… kaname nishizuka
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… Jon Shallow
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair
- Re: [Dots] clarification questions from the hacka… Konda, Tirumaleswar Reddy
- Re: [Dots] clarification questions from the hacka… mohamed.boucadair