IETF Logo Mail Archive

Re: [mile] Clarifying iodef:SoftwareType (Issue #47)

"Roman D. Danyliw" <rdd@cert.org> Wed, 25 March 2015 10:33 UTC

Return-Path: <rdd@cert.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD36A1ACDB4 for <mile@ietfa.amsl.com>; Wed, 25 Mar 2015 03:33:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8W9mAQ2gn9H9 for <mile@ietfa.amsl.com>; Wed, 25 Mar 2015 03:33:37 -0700 (PDT)
Received: from plainfield.sei.cmu.edu (plainfield.sei.cmu.edu [192.58.107.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A11A91AC3AE for <mile@ietf.org>; Wed, 25 Mar 2015 03:33:37 -0700 (PDT)
Received: from pawpaw.sei.cmu.edu (pawpaw.sei.cmu.edu [10.64.21.22]) by plainfield.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id t2PAXYCZ004628; Wed, 25 Mar 2015 06:33:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1427279614; bh=IcDiwCMSg+Foc2Kr7TO9i9rykR7MnfvV6rB4S+Gcicc=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version:Sender: Reply-To; b=Q1BzmvYXnkSKs5wUoewX+kv2pF2VDZJewIose0CVGlGGlJTlq3jeYObefKiCYIz+q z3j+IACbCQNrphMBTLp74VQRYlX48JNtVnfP8yyeMzS5CCjNPRU0fw6Gc2dIehAsQe bpMJD6kxx/WgA0PKufXjZkw4XlKNXCHu+9s7nkjM=
Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by pawpaw.sei.cmu.edu (8.14.4/8.14.4/1456) with ESMTP id t2PAXaPj030603; Wed, 25 Mar 2015 06:33:36 -0400
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.03.0210.002; Wed, 25 Mar 2015 06:33:31 -0400
From: "Roman D. Danyliw" <rdd@cert.org>
To: Sean Turner <turners@ieca.com>
Thread-Topic: [mile] Clarifying iodef:SoftwareType (Issue #47)
Thread-Index: AdBmbGlfVRNHm8nqQ0imwwEEfCYTdQAP7vsAAA6/crE=
Date: Wed, 25 Mar 2015 10:33:30 +0000
Message-ID: <D040ACC8-0537-4D01-AC1A-75DA67EAF512@cert.org>
References: <359EC4B99E040048A7131E0F4E113AFCD93D2DE8@marathon>, <A7CB3F92-1F1E-4203-A241-88CE84F9F75E@ieca.com>
In-Reply-To: <A7CB3F92-1F1E-4203-A241-88CE84F9F75E@ieca.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/0EpOott6mP_LffDdOBjT9CmsgcE>
Cc: "mile@ietf.org" <mile@ietf.org>
Subject: Re: [mile] Clarifying iodef:SoftwareType (Issue #47)
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 10:33:39 -0000

Hello Sean!

Response inline ...

> On Mar 24, 2015, at 6:31 PM, Sean Turner <turners@ieca.com> wrote:
> 
> Roman,
> 
> Clarifying questions:
> 1. Can you get a SWID for free?

Yes.

> 2. Is there a mapping between CPE <-> SWID?

There isn't one of which I am aware. Does anyone know differently?

Roman

> spt
> 
>> On Mar 24, 2015, at 14:55, Roman D. Danyliw <rdd@cert.org> wrote:
>> 
>> Good afternoon!
>> 
>> One of the remaining issues with rfc5070bis is to clarify the iodef:SoftwareType.  See Issue #47 [1].  We discussed this impasse in Honolulu [2].
>> 
>> --[ snip discussion from IETF 91 ]--
>> Q1: (Roman Danyliw) Last mailing list discussion on clarifying iodef:Software produced no result.  What does the group want to do?
>> A: (David Waltermire) Extensibility is key dimension.  Consider just using swid and reference the ISO standard.  Alternatively, redefine the class to be AdditionalData.
>> A: (Adam Monteville) Reiterated the importance of extensibility
>> A: Isn't swid support already in the spec?
>> A: (Roman Danyliw) There is an attribute named "swid" but this comes from RFC5070 which just happened to use this name without reference to the ISO standard.
>> A: (Takeshi Takahashi) IODEF-SCI can embed SWID and CPE as well, but the context is different; it is added under AdditionalData. If we need the data here, we could make a model here like the SCI draft does.
>> --[ end snip ]--
>> 
>> The four options mentioned to date (not just at IETF 91) are:
>> 
>> (1) Use OVAL [3]
>> 
>> (2) Use swid referencing ISO/IEC 19770-2:2009 (with XML schema at [4])
>> 
>> (3) Don't define it and use AdditionalData
>> 
>> (4) Support mutiple techniques to reference software in the same way  (like IODEF-SCI and ENUM)
>> 
>> Approach (1) and (2) are require little further explanation.  Hence, let me describe (3) in more detail.
>> 
>> The thinking would be to create an IANA registry to maintain a list of external references, in this case application reference techniques (e.g., swid and CPE), just like IODEF-SCI and ENUM current do.  The class using this technique might look as follows:
>>            +---------------------+
>>            | Application         |
>>            +---------------------+
>>            | ENUM SpecID         |<>--(0..*)-[ SpecData ]
>>            | STRING ext-SpecID   |
>>            |                     |
>>            +---------------------+
>> 
>> ** SpecID would map to an IANA registry of application reference techniques
>> ** ext-SpecID would allow for private enumerated value extensions as currently done in the draft
>> ** SpecData would be defined as follows allowing both XML or atomic data types such as a string.
>>    <xs:complexType name="AppIdType" mixed="true">  
>>     <xs:sequence>
>>       <xs:any namespace="##any" processContents="lax"
>>               minOccurs="0" maxOccurs="unbounded"/>
>>     </xs:sequence>
>> 
>> In the same way that the general purpose ENUM approach was useful to SACM and MILE, SACM has also expressed interest in a common approach on this class too.
>> 
>> What does the community feel is the correct approach?
>> 
>> Roman
>> 
>> [1] http://trac.tools.ietf.org/wg/mile/trac/ticket/47
>> [2] http://www.ietf.org/proceedings/91/minutes/minutes-91-mile
>> [3] https://nvd.nist.gov/cpe.cfm
>> [4] http://standards.iso.org/iso/19770/-2/2009/schema.xsd
>> _______________________________________________
>> mile mailing list
>> mile@ietf.org
>> https://www.ietf.org/mailman/listinfo/mile
>

v2.23.0 | Report a Bug | By Email