Minutes for DOTS at IETF-93
minutes-93-dots-1

Meeting Minutes DDoS Open Threat Signaling (dots) WG
Title Minutes for DOTS at IETF-93
State Active
Other versions plain text
Last updated 2015-08-15

Meeting Minutes
minutes-93-dots

   DDoS Open Threat Signaling (DOTS) WG Minutes

TUESDAY, July 21, 2015
1740-1840  Afternoon Session III
Congress Hall  II  SEC   DOTS (DDoS Open Threat Signaling WG)

Co-Chairs: Roman Danyliw and Tobias Gondrom

Meeting recording:
http://ietf93.conf.meetecho.com/index.php/Recorded_Sessions#DOTS

1. Note well, logistics, charter introduction (chairs, 5 min)
2. Use Case Discussion (20 min)
  - draft-mglt-dots-use-cases-00 (Daniel Migault, 10 min)
  - draft-xia-dots-extended-use-cases-00 (Frank Xialiang 10 min)
    draft-fu-ipfix-network-security-01
3. Requirements Discussion (20 min)
   - draft-mortensen-threat-signaling-requirements-00
     (Andrew Mortensen, 10 min)
   - Chris Morrow and Roland Dobbins (10 min)
4. Way Ahead for Use Cases and Requirements Discussion (10 min)
5. Summaries of Other Drafts (5 min)
  - draft-teague-open-threat-signaling-01 (Nik Teague)
  - draft-reddy-dots-transport-00 (Tiru Reddy)
    draft-reddy-dots-info-model-00

------------------------------------------------
1. Note well, logistics, charter introduction
------------------------------------------------
Presenters: Roman Danyliw and Tobias Gondrom
Slides: https://www.ietf.org/proceedings/93/slides/slides-93-dots-0.pdf

The agenda was approved without any changes.  The newly approved charter and
the options for advancing the use case and requirements conversations were
introduced.

------------------------------------------------
2a. Use Cases: draft-mglt-dots-use-cases-00
------------------------------------------------
Presenters: Daniel Migault
Draft: draft-mglt-dots-use-cases-00
Slides: https://www.ietf.org/proceedings/93/slides/slides-93-dots-2.pdf

The presenter provided an overview of an individual draft submission on DOTS
use cases. Clarifying questions during presentation.

Q: (?) Is the "DDOS Orchestrator" in the architecture diagram the attacker or
the defender? A: Defender.

Q: (Scott Arvik) How prescriptive are the depicted use cases for the work in
DOTS? A: The use cases are not suggesting a definitive architecture.

Q: (?) Can multiple "orchestrators" interact with each other in the depicted
use cases? A: Yes.

------------------------------------------------
2b. Use Cases: draft-xia-dots-extended-use-cases-00
               draft-fu-ipfix-network-security-01
------------------------------------------------
Presenters: Frank Xialiang
Draft: draft-xia-dots-extended-use-cases-00
       draft-fu-ipfix-network-security-01
Slides: https://www.ietf.org/proceedings/93/slides/slides-93-dots-1.pdf

The presenter provided an overview of another individual draft submission on
DOTS use cases.

Q: (Aliba) How much implementation exists for the presented use cases?
A: Some.  We've already capable of finding Top-N traffic

Comment: (Bob Moscowitz) Have you looked at flow sampling for your use cases?

------------------------------------------------
3a. Requirements: draft-mortensen-threat-signaling-requirements-00
------------------------------------------------
Presenters: Andrew Mortensen
Draft: draft-mortensen-threat-signaling-requirements-00
Slides: https://www.ietf.org/proceedings/93/slides/slides-93-dots-4.pdf

The presenter provided an overview of an individual draft submission on
requirements for DOTS.

Q: (?) Is the terminology the draft introduces intertwined with the
requirements it enumerates? A: No, the terminology and requirements are
separable.

Q: (Tobias Gondrom, as individual) Did you use the existing other drafts to
inform your document. A: Yes.

------------------------------------------------
3b. Requirements: Operational Requirements
------------------------------------------------
Presenters: Chris Morrow and Roland Dobbins
Draft: none
Slides: https://www.ietf.org/proceedings/93/slides/slides-93-dots-3.pdf

The presenters presented operational requirements for DOTS.

Q: (?) Is there a concise definition of DOS used in your presentation or for
DOTS? A: Maintaining availability.

Comment: No provider has the motivation to stop inter-domain DOS attacks.
A: That doesn't matter.  DOTS should support this use cases.

Q: (?) Does the DOS attack have to be large scale to be in scope?
A: Not necessarily.  The specifics of the attack don't matter much to DOTS.

Comment: (?) DOTS needs to describe what is being attacked and
how.

------------------------------------------------
4. Way Ahead for Use Cases and Requirements Discussion
------------------------------------------------

After the presentations, the chairs opened the floor to discussion about where
to take the requirements and use case discussion.

--[ Open Discussion ]--

Comment: (Roland Dobbins) From the presented materials, we largely don't have
use cases, only model architecture of what's currently done.

Comment: (Doug McDomery?) There may be a need to consider differentiating an
attack from bad provisioning.

Comment: (Rick Sullivan) The current use cases are block diagrams of
implementations.  They can't be used by operators.

Comment: (Bob Muscowitz) Only go through the trouble of combining use cases or
requirements drafts if the WG will be submitting to RFC. Comment Response:
(Tobias Gondrom) A use case/requirement document is a charter item.

--[ Consensus Call #1 ]--
Should we combine all input on use cases into a single WG document?

yes: very strong
no : almost none

Result: consensus to create a single WG use case document

- How many volunteers to be editors? ~10
- How many volunteers to be reviewers? ~15

--[ Consensus Call #2 ]--
Should we combine all input on requirements into a single WG document?

yes: strong
no : some

Result: consensus to create a single WG requirements document

- How many volunteers to be editors? ~10
- How many volunteers to be reviewers? ~12

--[ Question to WG ]--
How many of you will implement DOTS? ~12

------------------------------------------------
Closing
------------------------------------------------

The chairs thanked the participants and closed the meeting.  The following
items were on the agenda but due to an overrun in earlier topics were not
presented:

  5. Summaries of Other Drafts (5 min)
    - draft-teague-open-threat-signaling-01 (Nik Teague)
    - draft-reddy-dots-transport-00 (Tiru Reddy)
      draft-reddy-dots-info-model-00