Diff: rfc9066v4.txt - rfc9066.txt

	rfc9066v4.txt	rfc9066.txt

	Internet Engineering Task Force (IETF) T. Reddy.K	Internet Engineering Task Force (IETF) T. Reddy.K
	Request for Comments: 9066 Akamai	Request for Comments: 9066 Akamai
	Category: Standards Track M. Boucadair, Ed.	Category: Standards Track M. Boucadair, Ed.
	ISSN: 2070-1721 Orange	ISSN: 2070-1721 Orange
	J. Shallow	J. Shallow

	October 2021	November 2021

	Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal	Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal
	Channel Call Home	Channel Call Home

	Abstract	Abstract

	This document specifies the Denial-of-Service Open Threat Signaling	This document specifies the Denial-of-Service Open Threat Signaling
	(DOTS) signal channel Call Home, which enables a Call Home DOTS	(DOTS) signal channel Call Home, which enables a Call Home DOTS
	server to initiate a secure connection to a Call Home DOTS client and	server to initiate a secure connection to a Call Home DOTS client and
	to receive attack traffic information from the Call Home DOTS client.	to receive attack traffic information from the Call Home DOTS client.

	skipping to change at line 51 ¶	skipping to change at line 51 ¶

	Copyright (c) 2021 IETF Trust and the persons identified as the	Copyright (c) 2021 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of	(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect	carefully, as they describe your rights and restrictions with respect
	to this document. Code Components extracted from this document must	to this document. Code Components extracted from this document must

	include Simplified BSD License text as described in Section 4.e of	include Revised BSD License text as described in Section 4.e of the
	the Trust Legal Provisions and are provided without warranty as	Trust Legal Provisions and are provided without warranty as described
	described in the Simplified BSD License.	in the Revised BSD License.

	Table of Contents	Table of Contents

	1. Introduction	1. Introduction
	2. Terminology	2. Terminology
	3. Applicability Scope	3. Applicability Scope
	4. Coexistence of a Base DOTS Signal Channel and DOTS Call Home	4. Coexistence of a Base DOTS Signal Channel and DOTS Call Home
	5. DOTS Signal Channel Call Home	5. DOTS Signal Channel Call Home
	5.1. Procedure	5.1. Procedure
	5.2. DOTS Signal Channel Variations	5.2. DOTS Signal Channel Variations

	skipping to change at line 249 ¶	skipping to change at line 249 ¶
	"DDoS Mitigation System (DMS)" refers to a system that performs DDoS	"DDoS Mitigation System (DMS)" refers to a system that performs DDoS
	mitigation.	mitigation.

	"Base DOTS signal channel" refers to [RFC9132].	"Base DOTS signal channel" refers to [RFC9132].

	The meaning of the symbols in YANG tree diagrams are defined in	The meaning of the symbols in YANG tree diagrams are defined in
	[RFC8340] and [RFC8791].	[RFC8340] and [RFC8791].

	(D)TLS is used for statements that apply to both Transport Layer	(D)TLS is used for statements that apply to both Transport Layer
	Security (TLS) [RFC8446] and Datagram Transport Layer Security (DTLS)	Security (TLS) [RFC8446] and Datagram Transport Layer Security (DTLS)

	[RFC9147]. Specific terms are used for any statement that applies to	[RFC6347] [DTLS13]. Specific terms are used for any statement that
	either protocol alone.	applies to either protocol alone.

	3. Applicability Scope	3. Applicability Scope

	The problems discussed in Section 1 may be encountered in many	The problems discussed in Section 1 may be encountered in many
	deployments (e.g., home networks, enterprise networks, transit	deployments (e.g., home networks, enterprise networks, transit
	networks, data centers). The solution specified in this document can	networks, data centers). The solution specified in this document can
	be used for those deployments to block DDoS attack traffic closer to	be used for those deployments to block DDoS attack traffic closer to
	the source(s) of the attack. That is, attacks that are issued, e.g.,	the source(s) of the attack. That is, attacks that are issued, e.g.,
	from within an enterprise network or a data center will thus be	from within an enterprise network or a data center will thus be
	blocked before exiting these networks.	blocked before exiting these networks.

	skipping to change at line 1450 ¶	skipping to change at line 1450 ¶
	[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X.	[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X.
	Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052,	Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052,
	DOI 10.17487/RFC6052, October 2010,	DOI 10.17487/RFC6052, October 2010,
	<https://www.rfc-editor.org/info/rfc6052>.	<https://www.rfc-editor.org/info/rfc6052>.

	[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful	[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
	NAT64: Network Address and Protocol Translation from IPv6	NAT64: Network Address and Protocol Translation from IPv6
	Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,	Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
	April 2011, <https://www.rfc-editor.org/info/rfc6146>.	April 2011, <https://www.rfc-editor.org/info/rfc6146>.


		[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
		Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
		January 2012, <https://www.rfc-editor.org/info/rfc6347>.

	[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",	[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
	RFC 6991, DOI 10.17487/RFC6991, July 2013,	RFC 6991, DOI 10.17487/RFC6991, July 2013,
	<https://www.rfc-editor.org/info/rfc6991>.	<https://www.rfc-editor.org/info/rfc6991>.

	[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC	[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
	2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,	2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
	May 2017, <https://www.rfc-editor.org/info/rfc8174>.	May 2017, <https://www.rfc-editor.org/info/rfc8174>.

	[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol	[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
	Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,	Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,

	skipping to change at line 1472 ¶	skipping to change at line 1476 ¶
	[RFC8791] Bierman, A., Björklund, M., and K. Watsen, "YANG Data	[RFC8791] Bierman, A., Björklund, M., and K. Watsen, "YANG Data
	Structure Extensions", RFC 8791, DOI 10.17487/RFC8791,	Structure Extensions", RFC 8791, DOI 10.17487/RFC8791,
	June 2020, <https://www.rfc-editor.org/info/rfc8791>.	June 2020, <https://www.rfc-editor.org/info/rfc8791>.

	[RFC9132] Boucadair, M., Ed., Shallow, J., and T. Reddy.K,	[RFC9132] Boucadair, M., Ed., Shallow, J., and T. Reddy.K,
	"Distributed Denial-of-Service Open Threat Signaling	"Distributed Denial-of-Service Open Threat Signaling
	(DOTS) Signal Channel Specification", RFC 9132,	(DOTS) Signal Channel Specification", RFC 9132,
	DOI 10.17487/RFC9132, September 2021,	DOI 10.17487/RFC9132, September 2021,
	<https://www.rfc-editor.org/info/rfc9132>.	<https://www.rfc-editor.org/info/rfc9132>.


	[RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The
	Datagram Transport Layer Security (DTLS) Protocol Version
	1.3", RFC 9147, DOI 10.17487/RFC9147, 30 April 2021,
	<https://www.rfc-editor.org/rfc/rfc9147>.

	10.2. Informative References	10.2. Informative References

	[Cause] IANA, "DOTS Signal Channel Conflict Cause Codes",	[Cause] IANA, "DOTS Signal Channel Conflict Cause Codes",
	<https://www.iana.org/assignments/dots/>.	<https://www.iana.org/assignments/dots/>.

	[DOTS-MULTIHOMING]	[DOTS-MULTIHOMING]
	Boucadair, M., Reddy, T., and W. Pan, "Multi-homing	Boucadair, M., Reddy, T., and W. Pan, "Multi-homing
	Deployment Considerations for Distributed-Denial-of-	Deployment Considerations for Distributed-Denial-of-
	Service Open Threat Signaling (DOTS)", Work in Progress,	Service Open Threat Signaling (DOTS)", Work in Progress,

	Internet-Draft, draft-ietf-dots-multihoming-07, 6 July	Internet-Draft, draft-ietf-dots-multihoming-09, 2 December
	2021, <https://datatracker.ietf.org/doc/html/draft-ietf-	2021, <https://datatracker.ietf.org/doc/html/draft-ietf-

	dots-multihoming-07>.	dots-multihoming-09>.

		[DTLS13] Rescorla, E., Tschofenig, H., and N. Modadugu, "The
		Datagram Transport Layer Security (DTLS) Protocol Version
		1.3", Work in Progress, Internet-Draft, draft-ietf-tls-
		dtls13-43, 30 April 2021,
		<https://datatracker.ietf.org/doc/html/draft-ietf-tls-
		dtls13-43>.

	[I2NSF-TERMS]	[I2NSF-TERMS]
	Hares, S., Strassner, J., Lopez, D. R., Xia, L., and H.	Hares, S., Strassner, J., Lopez, D. R., Xia, L., and H.
	Birkholz, "Interface to Network Security Functions (I2NSF)	Birkholz, "Interface to Network Security Functions (I2NSF)
	Terminology", Work in Progress, Internet-Draft, draft-	Terminology", Work in Progress, Internet-Draft, draft-
	ietf-i2nsf-terminology-08, 5 July 2019,	ietf-i2nsf-terminology-08, 5 July 2019,
	<https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-	<https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-
	terminology-08>.	terminology-08>.

	[Key-Map] IANA, "DOTS Signal Channel CBOR Key Values",	[Key-Map] IANA, "DOTS Signal Channel CBOR Key Values",

End of changes. 7 change blocks.
	13 lines changed or deleted	19 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/