DDoS Open Threat Signaling

The information below is for an older proposed charter
Document Proposed charter DDoS Open Threat Signaling WG (dots) Snapshot
Title DDoS Open Threat Signaling
Last updated 2015-06-04
State Start Chartering/Rechartering (Internal Steering Group/IAB Review) Rechartering
WG State Proposed
IESG Responsible AD Benjamin Kaduk
Charter Edit AD Kathleen Moriarty
Send notices to (None)


The aim of DDoS Open Threat Signaling (DOTS) is to develop a standards
based approach for the real time signaling of DDoS related telemetry and
threat handling data between elements concerned with attack mitigation.

The elements may be described as:
* On-premise DDoS mitigation platforms
* Service provider DDoS mitigation platforms
* Other devices/platforms with network perspective engaged in traffic analysis

The elements may be chained for communication to construct a larger collaborative system.

These elements may be communicating inter-domain or intra-domain over 
links that may be congested by attack traffic resulting in hostile
conditions for connection oriented approaches and more generalized
signaling and telemetry solutions.  Robustness under these conditions is
paramount while ensuring appropriate regard for authentication,
authorization, privacy and data integrity.  Elements may be deployed as
part of a wider strategy incorporating multiple points of detection and
mitigation, both on premise or service provider based.  Should mitigation
need to move between elements in the chain, then effective signaling of
telemetry and current threat handling is essential.  Feedback between
participating elements is required for increased awareness supporting
effective decision making.

The WG will, where appropriate, reuse or extend existing standard
protocols and mechanisms, for instance IPFIX and its templating mechanism.
 The WG may coordinate with other working groups and initiatives that
compliment the DOTS effort E.G. SACM, MILE, SUPA, I2NSF.

The charter of the working group is to produce one or more standards track
specifications to provide for this open signaling in the DDoS problem
space.  While the resulting standards should be designed so they apply to
network security applications beyond DDoS mitigation, this working group
will focus on DDoS mitigation.  This streamlined focus of the charter is
intended to lead to an earlier result due to community interests in having
such capability in a short timeframe.  The specification(s) produced by
the WG will include a standard mechanism for authentication and
authorization, for data integrity, and for providing for privacy in

The WG will produce the following deliverables and milestones:

* Document or Documents describing the problem space, use cases, protocol
requirements and other qualifying information as the WG sees fit.
* Document or Documents specifying a protocol and associated data models
to address the WG stated goal.