[secdir] [new-work] WG Review: DDoS Open Threat Signaling (dots)

The IESG <iesg@ietf.org> Fri, 12 June 2015 16:01 UTC

Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A96B1A1BA4; Fri, 12 Jun 2015 09:01:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1434124883; bh=5JawuC1RlGurlGYbtKqK0HrOKDnyKldV+SNUAjWzw1Q=; h=MIME-Version:From:To:Message-ID:Date:Subject:Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=fWM68neSWBrLbezc/lw891MUIUm3LL7sU4GNCqLd4lFWDpSLXsNue6zbqLCvhu4YI PkI5eEjSQQL4rqt/VCrGuYCLeUvhYFBLZPtKK+J4ruu4owdUo7Lz0/NBW020RlWsps t3fU6Tpl3ZbquvKJCbGa7Z1PrEum1i5V8rKNfi40=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 84B6E1A1B8A; Fri, 12 Jun 2015 09:01:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_14=0.6] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YCS_1Tz1kmbl; Fri, 12 Jun 2015 09:01:15 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 27BD11A1B8D; Fri, 12 Jun 2015 09:01:15 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: <new-work@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.3.p2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150612160115.14053.47696.idtracker@ietfa.amsl.com>
Date: Fri, 12 Jun 2015 09:01:15 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/new-work/tZMl4uPB_kB9cjOqI9dzpVBkMwE>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.15
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: "new-work" <new-work-bounces@ietf.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/9v-gQ4t68EQkbBV2t80nklxzcHk>
X-Mailman-Approved-At: Fri, 12 Jun 2015 09:11:49 -0700
Subject: [secdir] [new-work] WG Review: DDoS Open Threat Signaling (dots)
X-BeenThere: secdir@ietf.org
Reply-To: iesg@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2015 16:01:23 -0000

A new IETF working group has been proposed in the Security Area. The IESG
has not made any determination yet. The following draft charter was
submitted, and is provided for informational purposes only. Please send
your comments to the IESG mailing list (iesg at ietf.org) by 2015-06-22.

DDoS Open Threat Signaling (dots)
Current Status: Proposed WG

  Roman Danyliw <rdd@cert.org>;

Assigned Area Director:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>;

Mailing list
  Address: dots@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/dots
  Archive: https://mailarchive.ietf.org/arch/search/?email_list=dots


The aim of DDoS Open Threat Signaling (DOTS) is to develop a standards
based approach for the realtime signaling of DDoS related telemetry and
threat handling requests and data between elements concerned with DDoS
attack detection, classification, traceback, and mitigation.

The elements may be described as:
* On-premise DDoS mitigation platforms
* Service provider DDoS mitigation platforms
* Other network elements and services with the ability to analyze and/or
influence network traffic

Elements may participate in DDoS detection, classification, traceback 
and mitigation individually or within the context of a larger 
collaborative system.

These elements may be communicating inter-domain or intra-domain over
links that may be congested by attack traffic resulting in potentially
hostile conditions for any type of upstream signaling, in particular
transport protocols that yield to congestion, and more generalized 
signaling and  telemetry solutions.  Robustness under these conditions 
is paramount  while ensuring appropriate regard for authentication, 
authorization,  privacy and data integrity.  Elements may be deployed as 
part of a wider strategy incorporating multiple points of DDoS 
detection, classification, traceback and mitigation, both on premise or 
service provider based.  Should changing conditions necessitate altering 
the specifics of mitigation actions and/or the topological scope of 
mitigation coverage, timely and  effective signaling of telemetry and 
current threat status to all elements involved in the mitigation is 
essential.  Feedback between participating elements is required for 
increased awareness supporting effective decision making.

The WG will, where appropriate, reuse or extend existing standard
protocols and mechanisms (for example, IPFIX and its associated
templating and extension mechanisms).  Any modification of or extension 
to existing protocols must be in close coordination with the working 
groups responsible for the protocol being modified, and may be done in 
this working group after agreement with all the relevant WGs and 
responsible Area Directors.  The WG may coordinate on a situationally
appropriate basis with other working groups and initiatives which
compliment the DOTS effort e.g. M3AAWG, SACM, MILE, SUPA, I2NSF et. al.

The WG will document requirements for the transport protocol to be used
for the signaling of DOTS and consult with the Transport Area about the 
requirements and, if applicable, any new development of a encapsulation 
scheme for DOTS.

The charter of the working group is to produce one or more standards
track specifications to provide for this open signaling in the DDoS 
problem space.  While the resulting standards should be designed so they 
apply to network security applications beyond the DDoS problem space, 
this working group will focus on signaling and coordination mechanisms 
directly related to DDoS attack detection, classification, traceback and 
mitigation, incorporating the general principles articulated in RFC5218
<https://tools.ietf.org/html/rfc5218>;.  Focusing the WG efforts on DDoS
is intended to meet the community's desire for a deployable solution in 
the near term.  The specification(s) produced by the WG will include a
standard mechanism for authentication and authorization, data integrity, 
and providing for privacy in operation, with privacy-friendly choices 
being the default in all cases.

The WG will produce the following deliverables and milestones:

* Document or Documents describing the problem space, use cases, 
protocol requirements and other qualifying information as the WG sees 
* Document or Documents specifying protocols and associated data models
to address the stated goals of the WG.

  Feb 2016 - Requirements/use case information document to IESG
  May 2016 - Transport document as proposed standard to IESG
  Jun 2016 - Data model document as proposed standard to IESG

new-work mailing list