IETF Logo Mail Archive

Re: [Cacao] [EXT] Consensus call for CACAO Charter

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 03 July 2019 16:40 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: cacao@ietfa.amsl.com
Delivered-To: cacao@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC6F81200E5 for <cacao@ietfa.amsl.com>; Wed, 3 Jul 2019 09:40:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbqN7hsu7hy4 for <cacao@ietfa.amsl.com>; Wed, 3 Jul 2019 09:40:57 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 449DB1202B3 for <cacao@ietf.org>; Wed, 3 Jul 2019 09:40:51 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id B4D7E38190 for <cacao@ietf.org>; Wed, 3 Jul 2019 12:38:56 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4904CBB7 for <cacao@ietf.org>; Wed, 3 Jul 2019 12:40:50 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "cacao@ietf.org" <cacao@ietf.org>
In-Reply-To: <F097C3C2-A3FA-4F6D-9D06-C1E7D0AE5F58@gmail.com>
References: <71E2F960-274F-4DA9-938A-E31AB0C474A4@cert.org> <9BD47F64-D893-4416-8013-02AE2527271B@symantec.com> <2705E843-FAF1-4512-9B9C-D91625A9A383@tzi.org> <etPan.5d123ba6.6d0f767d.1c9@cert.org> <98B45BE0-8EEA-4408-963E-C38991BE6390@lookingglasscyber.com> <etPan.5d1283a1.cd09a53.1c9@cert.org> <F097C3C2-A3FA-4F6D-9D06-C1E7D0AE5F58@gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 03 Jul 2019 12:40:50 -0400
Message-ID: <5249.1562172050@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cacao/K7sBQXgbCCwFmwpy2qTO34UmLtQ>
Subject: Re: [Cacao] [EXT] Consensus call for CACAO Charter
X-BeenThere: cacao@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Collaborative Automated Course of Action Operations <cacao.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cacao>, <mailto:cacao-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cacao/>
List-Post: <mailto:cacao@ietf.org>
List-Help: <mailto:cacao-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cacao>, <mailto:cacao-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2019 16:41:00 -0000

{sorry, this draft sat unfinished for a week}

Bret Jordan <jordan.ietf@gmail.com> wrote:
    >> [inacio] In this case, do (at least you and Bret) intend that the data
    >> model for CACAO is will use the STIX data model?  Following from that,
    >> there isn’t really a data modeling task and that the real work would
    >> be creating the necessary serializations for playbooks.



    > CACAO will not be using the STIXv2 Data Model since if STIXv2 supported
    > this functionality there would be no need for this group. However, it
    > is vitally important that CACAO be linkable to other STIXv2 data in the
    > graph.  But luckily we know a thing or two about STIXv2.  There is also
    > a lot of concepts that we have learned from designing and implementing
    > cyber threat intelligence based on STIXv2.  So all of that knowledge
    > will flow in to this working group.  Meaning, we know how IDs need to
    > be done to support this, we know how versioning needs to work, we
    > understand what type of data needs to be related in the graph and how
    > to do it. The real challenge will be getting the sequencing of atomic
    > actions and any temporal / conditional logic right.

It would be really useful to the people come to this from the IETF side of
things (whether as digital signature experts, threat modelling, serialization
experts, etc.)  if the STIXv2 expertise/experience could be distilled in some
way.  I'm not asking to take in-person time on this.  My suggestions would
include:
  a) pointing us to videos of existing talks/tutorials
  b) having a side-meeting or virtual-interim on it
  {c) getting Jeopardy to add it as a category}

    > I am somewhat alarmed that we have to give this much detail and be this
    > prescriptive in the charter.  A charter IMHO should focus on the goals
    > that we want to achieve and some general guidance (subject to change)
    > on how we believe we will be able to solve it. With that said, if we
    > need to give super explicit details about how we are going to write
    > that part of the content then here is some text.

I think that you have a pretty clear vision of what you want, but the rest of
us just see some fog downstream.  We think you are saying it conceals a
bridge (rather than, a yacht, barge, waterfall or mountain).  In order to be
convinced, we need to know if it's a cable-stayed suspension bridge, a truss
bridge, or a flood-control dam.   We don't need to know the dimensions of the
cables, or the number of pylons, or if the flood-control dams are operated by
trolls or RPI running the Google IoT platform.

We like to have formats in the charter because it eliminates (or front-end
loads) what is usually a wasteful rat-hole on formats.

    > to be version 7. I know if I was not a sponsor of this work, I would be
    > bored and some what irritated that we were not yet working on real
    > things.

Actually, you are working on real things!
You are developing the trust relationships and the share vision that will be
needed to get through the harder things.

    > Also I would imagine that most people will communicate and provide most
    > of their feedback during the weekly working calls (that we will setup)
    > and in the Google Docs directly. So I would think that overall, list
    > traffic will always be light.  But just like we do with the STIX
    > community, we will try to always send notes to the list about what was
    > talked about and discussed on the working calls.

Weekly is probably fine for a design team meeting.
I suggest that it's too often for others.  Every two weeks can work well.
Some will not have seen the Google Doc discussion.

    > I am thinking that we may need to add the following to the charter as
    > well, just to keep us from having endless debates about how we are
    > going to do work. Something like:

    > “This working group plans on holding weekly working calls from 8:00
    > AM-9:00 AM US-Pacific and the working groups plans on using Google Docs
    > for all specification work. While working group members can always send
    > comments and suggestions via email, it will be encouraged to document
    > all comments and suggestions directly in Google docs to enable a more
    > rapid development and response process."

I think that this is too specific and does not belong in the charter.

I suggest:

"The working group plans on holding monthly virtual interim calls.
One or more design team will be created that will hold calls according to
a higher cadence, to be determined by the participants.  The WG intends
to use Github for issue tracking; the design team(s) may use other mechanism
(Google Docs, etc.) as they see need"

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email