Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification
RFC 8782

Document Type RFC - Proposed Standard (May 2020; No errata)
Authors Tirumaleswar Reddy.K  , Mohamed Boucadair  , Prashanth Patil  , Andrew Mortensen  , Nik Teague 
Last updated 2020-05-30
Replaces draft-reddy-dots-signal-channel
Stream IETF
Formats plain text html xml pdf htmlized bibtex
Yang Validation 4 errors, 0 warnings.
Reviews
Additional Resources
- Yang catalog entry for iana-dots-signal-channel@2019-01-17.yang
- Yang catalog entry for ietf-dots-signal-channel@2019-11-13.yang
- Yang impact analysis for draft-ietf-dots-signal-channel
- Mailing list discussion
Stream WG state Submitted to IESG for Publication
Document shepherd Liang Xia
Shepherd write-up Show (last changed 2018-09-19)
IESG IESG state RFC 8782 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Benjamin Kaduk
Send notices to Liang Xia <frank.xialiang@huawei.com>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack


Internet Engineering Task Force (IETF)                   T. Reddy.K, Ed.
Request for Comments: 8782                                        McAfee
Category: Standards Track                              M. Boucadair, Ed.
ISSN: 2070-1721                                                   Orange
                                                                P. Patil
                                                                   Cisco
                                                            A. Mortensen
                                                    Arbor Networks, Inc.
                                                               N. Teague
                                              Iron Mountain Data Centers
                                                                May 2020

   Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal
                         Channel Specification

Abstract

   This document specifies the Distributed Denial-of-Service Open Threat
   Signaling (DOTS) signal channel, a protocol for signaling the need
   for protection against Distributed Denial-of-Service (DDoS) attacks
   to a server capable of enabling network traffic mitigation on behalf
   of the requesting client.

   A companion document defines the DOTS data channel, a separate
   reliable communication layer for DOTS management and configuration
   purposes.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8782.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
   2.  Terminology
   3.  Design Overview
   4.  DOTS Signal Channel: Messages & Behaviors
     4.1.  DOTS Server(s) Discovery
     4.2.  CoAP URIs
     4.3.  Happy Eyeballs for DOTS Signal Channel
     4.4.  DOTS Mitigation Methods
       4.4.1.  Request Mitigation
       4.4.2.  Retrieve Information Related to a Mitigation
         4.4.2.1.  DOTS Servers Sending Mitigation Status
         4.4.2.2.  DOTS Clients Polling for Mitigation Status
       4.4.3.  Efficacy Update from DOTS Clients
       4.4.4.  Withdraw a Mitigation
     4.5.  DOTS Signal Channel Session Configuration
       4.5.1.  Discover Configuration Parameters
       4.5.2.  Convey DOTS Signal Channel Session Configuration
       4.5.3.  Configuration Freshness and Notifications
       4.5.4.  Delete DOTS Signal Channel Session Configuration
     4.6.  Redirected Signaling
     4.7.  Heartbeat Mechanism
   5.  DOTS Signal Channel YANG Modules
     5.1.  Tree Structure
     5.2.  IANA DOTS Signal Channel YANG Module
     5.3.  IETF DOTS Signal Channel YANG Module
   6.  YANG/JSON Mapping Parameters to CBOR
   7.  (D)TLS Protocol Profile and Performance Considerations
     7.1.  (D)TLS Protocol Profile
     7.2.  (D)TLS 1.3 Considerations
     7.3.  DTLS MTU and Fragmentation
   8.  Mutual Authentication of DOTS Agents & Authorization of DOTS
           Clients
   9.  IANA Considerations
     9.1.  DOTS Signal Channel UDP and TCP Port Number
     9.2.  Well-Known 'dots' URI
     9.3.  Media Type Registration
     9.4.  CoAP Content-Formats Registration
     9.5.  CBOR Tag Registration
     9.6.  DOTS Signal Channel Protocol Registry
       9.6.1.  DOTS Signal Channel CBOR Key Values Subregistry
         9.6.1.1.  Registration Template
         9.6.1.2.  Initial Subregistry Content
       9.6.2.  Status Codes Subregistry
       9.6.3.  Conflict Status Codes Subregistry
       9.6.4.  Conflict Cause Codes Subregistry
       9.6.5.  Attack Status Codes Subregistry
     9.7.  DOTS Signal Channel YANG Modules
   10. Security Considerations
   11. References
     11.1.  Normative References
     11.2.  Informative References
   Appendix A.  CUID Generation
   Acknowledgements
   Contributors
   Authors' Addresses

1.  Introduction

   A Distributed Denial-of-Service (DDoS) attack is a distributed
Show full document text