[saag] DOTS Summary

"Roman D. Danyliw" <rdd@cert.org> Thu, 26 March 2015 11:51 UTC

Return-Path: <rdd@cert.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23CFC1B2C99 for <saag@ietfa.amsl.com>; Thu, 26 Mar 2015 04:51:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxXNKJsJEOAj for <saag@ietfa.amsl.com>; Thu, 26 Mar 2015 04:51:57 -0700 (PDT)
Received: from plainfield.sei.cmu.edu (plainfield.sei.cmu.edu [192.58.107.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B5FB1B2C9A for <saag@ietf.org>; Thu, 26 Mar 2015 04:51:57 -0700 (PDT)
Received: from timber.sei.cmu.edu (timber.sei.cmu.edu [10.64.21.23]) by plainfield.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id t2QBpuO2009820 for <saag@ietf.org>; Thu, 26 Mar 2015 07:51:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1427370716; bh=qe30H1GDpqbSmbhZG2Rte4XwKTEYWY29ACRlDByu1GA=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version:Sender:Reply-To:Cc: In-Reply-To:References; b=Uh1S+gJQ7K1SHRJH0/sAW49tmjAMEtKcpLKtcWxo8aU2oHnftTFJts88+onqRQ83s IQenZdcTJ2SXjd1gEcyILqQd+aaHQ+NhQhie6ikx8oFR7sifBiF71u/4CFf30JhSo6 b4P/hxSobRDdqVAa+5P7R38LYzZvV/4GnkDG5r9U=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by timber.sei.cmu.edu (8.14.4/8.14.4/1456) with ESMTP id t2QBptUi012896 for <saag@ietf.org>; Thu, 26 Mar 2015 07:51:55 -0400
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0210.002; Thu, 26 Mar 2015 07:51:54 -0400
From: "Roman D. Danyliw" <rdd@cert.org>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: DOTS Summary
Thread-Index: AdBnu0EHdCjeBu+iQmGGxZTER5UODg==
Date: Thu, 26 Mar 2015 11:51:54 +0000
Message-ID: <359EC4B99E040048A7131E0F4E113AFCD93D5C9A@marathon>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.22.6]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/ERGPboU7XXl_pg1WIQ_3tvMr08E>
Subject: [saag] DOTS Summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 11:51:59 -0000

The DDOS Open Threat Signaling (DOTS) BOF [1] met on Tuesday.  This non-working group forming BOF discussed how on-premises mitigation devices could communicate threat and telemetry data with a service provider for improved mitigation.  Two draft [2] [3] and a panel of vendors helped frame the discussion.

There was consensus that the on-premises mitigation devices should communicate capabilities, telemetry, and threat data to the service provider.  The service provider should push down policy and describe what mitigation it is performing.  There was also consensus that this is work that the IETF should perform.

The next steps from the participants’ comments leaned towards a new working group.  Please continue the conversation and add your perspective on the mailing list [4].
  
[1] http://www.ietf.org/proceedings/92/slides/slides-92-dots-2.pptx
[2] draft-teague-open-threat-signaling-00
[3] draft-fu-ipfix-network-security-00
[4] https://www.ietf.org/mailman/listinfo/dots