Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification
draft-ietf-dots-rfc8782-bis-04
Document | Type | Active Internet-Draft (dots WG) | |
---|---|---|---|
Authors | Mohamed Boucadair , Jon Shallow , Tirumaleswar Reddy.K | ||
Last updated | 2020-12-04 (latest revision 2020-12-03) | ||
Replaces | draft-boucadair-dots-rfc8782-bis | ||
Stream | IETF | ||
Intended RFC status | Proposed Standard | ||
Formats | plain text xml pdf htmlized (tools) htmlized bibtex | ||
Yang Validation | ☯ 0 errors, 0 warnings. | ||
Reviews | |||
Additional Resources | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Valery Smyslov | ||
Shepherd write-up | Show (last changed 2021-01-15) | ||
IESG | IESG state | Publication Requested | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Benjamin Kaduk | ||
Send notices to | valery@smyslov.net |
DOTS M. Boucadair, Ed. Internet-Draft Orange Obsoletes: 8782 (if approved) J. Shallow Intended status: Standards Track Expires: June 6, 2021 T. Reddy.K McAfee December 3, 2020 Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification draft-ietf-dots-rfc8782-bis-04 Abstract This document specifies the Distributed Denial-of-Service Open Threat Signaling (DOTS) signal channel, a protocol for signaling the need for protection against Distributed Denial-of-Service (DDoS) attacks to a server capable of enabling network traffic mitigation on behalf of the requesting client. A companion document defines the DOTS data channel, a separate reliable communication layer for DOTS management and configuration purposes. This document obsoletes RFC 8782. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on June 6, 2021. Boucadair, et al. Expires June 6, 2021 [Page 1] Internet-Draft DOTS Signal Channel Protocol December 2020 Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Design Overview . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Backward Compatibility Considerations . . . . . . . . . . 9 4. DOTS Signal Channel: Messages & Behaviors . . . . . . . . . . 10 4.1. DOTS Server(s) Discovery . . . . . . . . . . . . . . . . 10 4.2. CoAP URIs . . . . . . . . . . . . . . . . . . . . . . . . 10 4.3. Happy Eyeballs for DOTS Signal Channel . . . . . . . . . 10 4.4. DOTS Mitigation Methods . . . . . . . . . . . . . . . . . 13 4.4.1. Request Mitigation . . . . . . . . . . . . . . . . . 13 4.4.2. Retrieve Information Related to a Mitigation . . . . 29 4.4.2.1. DOTS Servers Sending Mitigation Status . . . . . 35 4.4.2.2. DOTS Clients Polling for Mitigation Status . . . 37 4.4.3. Efficacy Update from DOTS Clients . . . . . . . . . . 38 4.4.4. Withdraw a Mitigation . . . . . . . . . . . . . . . . 40 4.5. DOTS Signal Channel Session Configuration . . . . . . . . 41 4.5.1. Discover Configuration Parameters . . . . . . . . . . 43 4.5.2. Convey DOTS Signal Channel Session Configuration . . 48 4.5.3. Configuration Freshness and Notifications . . . . . . 54 4.5.4. Delete DOTS Signal Channel Session Configuration . . 55 4.6. Redirected Signaling . . . . . . . . . . . . . . . . . . 56 4.7. Heartbeat Mechanism . . . . . . . . . . . . . . . . . . . 58 5. DOTS Signal Channel YANG Modules . . . . . . . . . . . . . . 61 5.1. Tree Structure . . . . . . . . . . . . . . . . . . . . . 61 5.2. IANA DOTS Signal Channel YANG Module . . . . . . . . . . 64 5.3. IETF DOTS Signal Channel YANG Module . . . . . . . . . . 68 6. YANG/JSON Mapping Parameters to CBOR . . . . . . . . . . . . 81 7. (D)TLS Protocol Profile and Performance Considerations . . . 85 7.1. (D)TLS Protocol Profile . . . . . . . . . . . . . . . . . 85 7.2. (D)TLS 1.3 Considerations . . . . . . . . . . . . . . . . 86 7.3. DTLS MTU and Fragmentation . . . . . . . . . . . . . . . 88Show full document text