Re: [secdir] Secdir last call review of draft-ietf-dots-signal-channel-30

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 15 March 2019 13:21 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1304A131244; Fri, 15 Mar 2019 06:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pt-3tN36Ie7u; Fri, 15 Mar 2019 06:21:35 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE5BE13124B; Fri, 15 Mar 2019 06:21:34 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 21C533826B; Fri, 15 Mar 2019 09:21:12 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 6326119BE; Fri, 15 Mar 2019 09:21:32 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 6090312A4; Fri, 15 Mar 2019 09:21:32 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
cc: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-dots-signal-channel.all@ietf.org" <draft-ietf-dots-signal-channel.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "dots@ietf.org" <dots@ietf.org>
In-Reply-To: <BYAPR16MB27909890588A3D557F3DDB51EA440@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155257761487.2625.10003476313108979036@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA3DFC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <72f7b85c-74fb-0f79-8211-50043c2b4b47@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B93302EA3E475@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <f15534d0-4c4e-171e-a092-5947eada76ca@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B93302EA3E6E1@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <BYAPR16MB27909890588A3D557F3DDB51EA440@BYAPR16MB2790.namprd16.prod.outlook.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Fri, 15 Mar 2019 09:21:32 -0400
Message-ID: <10751.1552656092@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/L-atz5GF5WxTR6uxLo-5KmrntiM>
Subject: Re: [secdir] Secdir last call review of draft-ietf-dots-signal-channel-30
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2019 13:21:37 -0000

Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com> wrote:
    > Stephen is referring to an attack where a compromised DOTS client
    > initiates mitigation request for a target resource that is attacked and
    > learns the mitigation efficacy of the DOTS server, informs the
    > mitigation efficacy to DDoS attacker to change the DDoS attack
    > strategy.

Is there a word for an an infantry troup who goes behind enemy lines in order
to communicate how will the artilery is?  I guess a modern form is these
laser targetted missiles, where the target is "painted".

I don't know if there are words for this kind of thing, but this would seem
to describe the situation.

    > We can add the following lines to address his comment:

    > A compromised DOTS client can collude with a DDoS attacker to send
    > mitigation request for a target resource, learns the mitigation
    > efficacy from the DOTS server, and conveys the efficacy to the DDoS
    > attacker to learn the mitigation capabilities of the DDoS mitigation
    > and to possibly change the DDoS attack strategy. This attack can be
    > prevented by auditing the behavior of DOTS clients and authorizing the
    > DOTS client to request mitigation for specific target resources.

If a resource is already under attack, there are already mitigation requests
for that target, can a compromised DOTS client leaern anything by requesting
mitigation on the same target?

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-