Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification

This document specifies the DOTS signal channel, a protocol for signaling the need for protection against Distributed Denial-of- Service (DDoS) attacks to a server capable of enabling network traffic mitigation on behalf of the requesting client. A companion document defines the DOTS data channel, a separate reliable communication layer for DOTS management and configuration purposes. Editorial Note (To be removed by RFC Editor) Please update these statements within the document with the RFC number to be assigned to this document: o "This version of this YANG module is part of RFC XXXX;" o "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification"; o "| [RFCXXXX] |" o reference: RFC XXXX Please update this statement with the RFC number to be assigned to the following documents: o "RFC YYYY: Distributed Denial-of-Service Open Threat Signaling (DOTS) Data Channel Specification (used to be I-D .ietf-dots-data- channel) Please update TBD/TBD1/TBD2 statements with the assignments made by IANA to DOTS Signal Channel Protocol. Also, please update the "revision" date of the YANG modules.

[1]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[2]  David Thaler,et al.  Internet Engineering Task Force (ietf) Default Address Selection for Internet Protocol Version 6 (ipv6) , 2022 .

[3]  Peter Saint-Andre,et al.  Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) , 2015, RFC.

[4]  Michael Mealling,et al.  The IETF XML Registry , 2004, RFC.

[5]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[6]  Tirumaleswar Reddy,et al.  Constrained Application Protocol (CoAP) Hop-Limit Option , 2020, RFC.

[7]  Flemming Andreasen,et al.  Distributed-Denial-of-Service Open Threat Signaling (DOTS) Architecture , 2020 .

[8]  Paul E. Hoffman,et al.  DNS Queries over HTTPS (DoH) , 2018, RFC.

[9]  Hannes Tschofenig,et al.  Transport Layer Security (TLS) Cached Information Extension , 2016, RFC.

[10]  Simon Josefsson,et al.  The Base16, Base32, and Base64 Data Encodings , 2003, RFC.

[11]  Tirumaleswar Reddy,et al.  Using Early Data in DOTS , 2019 .

[12]  Yuchung Cheng,et al.  TCP fast open , 2011, CoNEXT '11.

[13]  Marcelo Bagnulo,et al.  Internet Engineering Task Force (ietf) Stateful Nat64: Network Address and Protocol Translation from Ipv6 Clients to Ipv4 Servers , 2011 .

[14]  Jeff Hodges,et al.  Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) , 2011, RFC.

[15]  Carsten Bormann,et al.  Block-Wise Transfers in the Constrained Application Protocol (CoAP) , 2016, RFC.

[16]  Hannes Tschofenig,et al.  Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) , 2005, RFC.

[17]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[18]  Dan Wing,et al.  Session Traversal Utilities for NAT (STUN) , 2020, RFC.

[19]  Mohamed Boucadair,et al.  Distributed-Denial-of-Service Open Threat Signaling (DOTS) Agent Discovery , 2020 .

[20]  Pyda Srisuresh,et al.  Traditional IP Network Address Translator (Traditional NAT) , 2001, RFC.

[21]  Hannes Tschofenig,et al.  Internet Engineering Task Force (ietf) Using Raw Public Keys in Transport Layer Security (tls) and Datagram Transport Layer Security (dtls) , 2022 .

[22]  Randall R. Stewart,et al.  Stream Control Transmission Protocol , 2000, RFC.

[23]  Roy T. Fielding,et al.  Uniform Resource Identifier (URI): Generic Syntax , 2005, RFC.

[24]  Martin Björklund,et al.  The YANG 1.1 Data Modeling Language , 2016, RFC.

[25]  Mark Handley,et al.  Datagram Congestion Control Protocol (DCCP) , 2006, RFC.

[26]  Paul E. Hoffman,et al.  Concise Binary Object Representation (CBOR) , 2020, RFC.

[27]  Scott Rose,et al.  Resource Records for the DNS Security Extensions , 2005, RFC.

[28]  Tirumaleswar Reddy,et al.  DDoS Open Threat Signaling (DOTS) Requirements , 2019, RFC.

[29]  Donald E. Eastlake,et al.  Transport Layer Security (TLS) Extensions: Extension Definitions , 2011, RFC.

[30]  Joseph D. Touch,et al.  The TCP Authentication Option , 2010, RFC.

[31]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[32]  Alexander Pelov,et al.  CBOR Encoding of Data Modeled with YANG , 2020 .

[33]  Jürgen Schönwälder,et al.  Using the NETCONF Protocol over Transport Layer Security (TLS) with Mutual X.509 Authentication , 2015, RFC.

[34]  Ladislav Lhotka,et al.  JSON Encoding of Data Modeled with YANG , 2016, RFC.

[35]  Robert T. Braden,et al.  Requirements for Internet Hosts - Communication Layers , 1989, RFC.

[36]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[37]  Barry Leiba,et al.  Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words , 2017, RFC.

[38]  Christian Huitema,et al.  IPv6 Addressing of IPv4/IPv6 Translators , 2010, RFC.

[39]  Mark Handley,et al.  Internet Denial-of-Service Considerations , 2006, RFC.

[40]  Andy Bierman,et al.  CoAP Management Interface , 2017 .

[41]  Cullen Jennings,et al.  Network Address Translation (NAT) Behavioral Requirements for Unicast UDP , 2007, RFC.

[42]  Akira Nakagawa,et al.  Common Requirements for Carrier-Grade NATs (CGNs) , 2013, RFC.

[43]  Jürgen Schönwälder Common YANG Data Types , 2010, RFC.

[44]  Eric Rescorla,et al.  The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 , 2020, RFC.

[45]  Mark Nottingham Well-Known Uniform Resource Identifiers (URIs) , 2019, RFC.

[46]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[47]  Thomas Narten,et al.  Guidelines for Writing an IANA Considerations Section in RFCs , 1998, RFC.

[48]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[49]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[50]  Daniel Migault,et al.  Use cases for DDoS Open Threat Signaling , 2019 .

[51]  Ned Freed,et al.  Media Type Specifications and Registration Procedures , 2005, RFC.

[52]  Bodo Möller,et al.  Transport Layer Security (TLS) False Start , 2016, RFC.

[53]  David Thaler,et al.  Architectural Considerations in Smart Object Networking , 2015, RFC.

[54]  Jürgen Falb,et al.  The Internet Protocol , 2005, The Industrial Information Technology Handbook.

[55]  Paul E. Hoffman,et al.  Specification for DNS over Transport Layer Security (TLS) , 2016, RFC.

[56]  Donald E. Eastlake,et al.  US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF) , 2011, RFC.

[57]  Mohamed Boucadair,et al.  Multi-homing Deployment Considerations for Distributed-Denial-of-Service Open Threat Signaling (DOTS) , 2018 .

[58]  Vince Fuller,et al.  Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan , 2006, RFC.

[59]  Godred Fairhurst,et al.  UDP Usage Guidelines , 2017, RFC.

[60]  Fred Baker,et al.  IPv6-to-IPv6 Network Prefix Translation , 2011, RFC.

[61]  David Schinazi,et al.  Happy Eyeballs Version 2: Better Connectivity Using Concurrency , 2017, RFC.

[62]  Klaus Hartke,et al.  Observing Resources in the Constrained Application Protocol (CoAP) , 2015, RFC.

[63]  Dan Wing,et al.  Port Control Protocol (PCP) , 2013, RFC.

[64]  Lou Berger,et al.  YANG Tree Diagrams , 2018, RFC.

[65]  Rich Salz,et al.  A Universally Unique IDentifier (UUID) URN Namespace , 2005, RFC.