DDoS Open Threat Signaling
|The information below is for an older proposed charter
DDoS Open Threat Signaling WG
||DDoS Open Threat Signaling
Start Chartering/Rechartering (Internal Steering Group/IAB Review)
||Charter Edit AD
||Send notices to
The aim of DDoS Open Threat Signaling (DOTS) is to develop a standards
based approach for the real time signaling of DDoS related telemetry and
threat handling data between elements concerned with attack mitigation.
The elements may be described as:
* On-premise DDoS mitigation platforms
* Service provider DDoS mitigation platforms
* Other devices/platforms with network perspective engaged in traffic analysis
The elements may be chained for communication to construct a larger collaborative system.
These elements may be communicating inter-domain or intra-domain over
links that may be congested by attack traffic resulting in hostile
conditions for connection oriented approaches and more generalized
signaling and telemetry solutions. Robustness under these conditions is
paramount while ensuring appropriate regard for authentication,
authorization, privacy and data integrity. Elements may be deployed as
part of a wider strategy incorporating multiple points of detection and
mitigation, both on premise or service provider based. Should mitigation
need to move between elements in the chain, then effective signaling of
telemetry and current threat handling is essential. Feedback between
participating elements is required for increased awareness supporting
effective decision making.
The WG will, where appropriate, reuse or extend existing standard
protocols and mechanisms, for instance IPFIX and its templating mechanism.
The WG may coordinate with other working groups and initiatives that
compliment the DOTS effort E.G. SACM, MILE, SUPA, I2NSF.
The charter of the working group is to produce one or more standards track
specifications to provide for this open signaling in the DDoS problem
space. While the resulting standards should be designed so they apply to
network security applications beyond DDoS mitigation, this working group
will focus on DDoS mitigation. This streamlined focus of the charter is
intended to lead to an earlier result due to community interests in having
such capability in a short timeframe. The specification(s) produced by
the WG will include a standard mechanism for authentication and
authorization, for data integrity, and for providing for privacy in
The WG will produce the following deliverables and milestones:
* Document or Documents describing the problem space, use cases, protocol
requirements and other qualifying information as the WG sees fit.
* Document or Documents specifying a protocol and associated data models
to address the WG stated goal.