Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification
RFC 8782
|
Document |
Type |
|
RFC - Proposed Standard
(May 2020; No errata)
|
|
Authors |
|
Tirumaleswar Reddy.K
,
Mohamed Boucadair
,
Prashanth Patil
,
Andrew Mortensen
,
Nik Teague
|
|
Last updated |
|
2020-05-30
|
|
Replaces |
|
draft-reddy-dots-signal-channel
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
html
xml
pdf
htmlized
bibtex
|
|
Yang Validation |
|
☯
4 errors, 0 warnings.
draft-ietf-dots-signal-channel-41.txt:
xym 0.4.8:
Extracting 'iana-dots-signal-channel@2019-01-17.yang'
Removed 0 empty lines
Extracting 'ietf-dots-signal-channel@2019-11-13.yang'
Removed 0 empty lines
ietf-dots-signal-channel@2019-11-13.yang:
pyang 2.2.1: pyang --verbose --ietf -p {libs} {model}:
# module search path: a/www/ietf-ftp/yang/rfcmod/:/a/www/ietf-ftp/yang/draftmod/:/a/www/ietf-ftp/yang/ianamod/:.:/var/lib/wwwrun/yang/modules:/a/www/ietf-datatracker/7.1.0/env/share/yang/modules
# read ietf-dots-signal-channel@2019-11-13.yang (CL)
# read /a/www/ietf-datatracker/7.1.0/env/share/yang/modules/ietf/ietf-inet-types.yang
# read /a/www/ietf-ftp/yang/rfcmod/ietf-inet-types@2013-07-15.yang
# read /a/www/ietf-datatracker/7.1.0/env/share/yang/modules/ietf/ietf-yang-types.yang
# read /a/www/ietf-ftp/yang/rfcmod/ietf-yang-types@2013-07-15.yang
# read iana-dots-signal-channel@2019-01-17.yang
ietf-dots-signal-channel@2019-11-13.yang:14: error: module "ietf-dots-data-channel" not found in search path
yanglint SO 1.6.7: yanglint --verbose -p {rfclib} -p {draftlib} -p {tmplib} {model} -i:
err : Data model "ietf-dots-data-channel" not found.
err : Importing "ietf-dots-data-channel" module into "ietf-dots-signal-channel" failed.
err : Module "ietf-dots-signal-channel" parsing failed.
iana-dots-signal-channel@2019-01-17.yang:
pyang 2.2.1: pyang --verbose --ietf -p {libs} {model}:
# module search path: a/www/ietf-ftp/yang/rfcmod/:/a/www/ietf-ftp/yang/draftmod/:/a/www/ietf-ftp/yang/ianamod/:.:/var/lib/wwwrun/yang/modules:/a/www/ietf-datatracker/7.1.0/env/share/yang/modules
# read iana-dots-signal-channel@2019-01-17.yang (CL)
yanglint SO 1.6.7: yanglint --verbose -p {rfclib} -p {draftlib} -p {tmplib} {model} -i:
No validation errors
|
|
Reviews |
|
|
|
Additional Resources |
|
|
Stream |
WG state
|
|
Submitted to IESG for Publication
|
|
Document shepherd |
|
Liang Xia
|
|
Shepherd write-up |
|
Show
(last changed 2018-09-19)
|
IESG |
IESG state |
|
RFC 8782 (Proposed Standard)
|
|
Consensus Boilerplate |
|
Yes
|
|
Telechat date |
|
|
|
Responsible AD |
|
Benjamin Kaduk
|
|
Send notices to |
|
Liang Xia <frank.xialiang@huawei.com>
|
IANA |
IANA review state |
|
Version Changed - Review Needed
|
|
IANA action state |
|
RFC-Ed-Ack
|
Internet Engineering Task Force (IETF) T. Reddy.K, Ed.
Request for Comments: 8782 McAfee
Category: Standards Track M. Boucadair, Ed.
ISSN: 2070-1721 Orange
P. Patil
Cisco
A. Mortensen
Arbor Networks, Inc.
N. Teague
Iron Mountain Data Centers
May 2020
Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal
Channel Specification
Abstract
This document specifies the Distributed Denial-of-Service Open Threat
Signaling (DOTS) signal channel, a protocol for signaling the need
for protection against Distributed Denial-of-Service (DDoS) attacks
to a server capable of enabling network traffic mitigation on behalf
of the requesting client.
A companion document defines the DOTS data channel, a separate
reliable communication layer for DOTS management and configuration
purposes.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8782.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction
2. Terminology
3. Design Overview
4. DOTS Signal Channel: Messages & Behaviors
4.1. DOTS Server(s) Discovery
4.2. CoAP URIs
4.3. Happy Eyeballs for DOTS Signal Channel
4.4. DOTS Mitigation Methods
4.4.1. Request Mitigation
4.4.2. Retrieve Information Related to a Mitigation
4.4.2.1. DOTS Servers Sending Mitigation Status
4.4.2.2. DOTS Clients Polling for Mitigation Status
4.4.3. Efficacy Update from DOTS Clients
4.4.4. Withdraw a Mitigation
4.5. DOTS Signal Channel Session Configuration
4.5.1. Discover Configuration Parameters
4.5.2. Convey DOTS Signal Channel Session Configuration
4.5.3. Configuration Freshness and Notifications
4.5.4. Delete DOTS Signal Channel Session Configuration
4.6. Redirected Signaling
4.7. Heartbeat Mechanism
5. DOTS Signal Channel YANG Modules
5.1. Tree Structure
5.2. IANA DOTS Signal Channel YANG Module
5.3. IETF DOTS Signal Channel YANG Module
6. YANG/JSON Mapping Parameters to CBOR
7. (D)TLS Protocol Profile and Performance Considerations
7.1. (D)TLS Protocol Profile
7.2. (D)TLS 1.3 Considerations
7.3. DTLS MTU and Fragmentation
8. Mutual Authentication of DOTS Agents & Authorization of DOTS
Clients
9. IANA Considerations
9.1. DOTS Signal Channel UDP and TCP Port Number
9.2. Well-Known 'dots' URI
9.3. Media Type Registration
9.4. CoAP Content-Formats Registration
9.5. CBOR Tag Registration
9.6. DOTS Signal Channel Protocol Registry
9.6.1. DOTS Signal Channel CBOR Key Values Subregistry
9.6.1.1. Registration Template
9.6.1.2. Initial Subregistry Content
9.6.2. Status Codes Subregistry
9.6.3. Conflict Status Codes Subregistry
9.6.4. Conflict Cause Codes Subregistry
9.6.5. Attack Status Codes Subregistry
9.7. DOTS Signal Channel YANG Modules
10. Security Considerations
11. References
11.1. Normative References
11.2. Informative References
Appendix A. CUID Generation
Acknowledgements
Contributors
Authors' Addresses
1. Introduction
A Distributed Denial-of-Service (DDoS) attack is a distributed
Show full document text