Re: [mile] SACM/MILE at IETF 101
Adam Montville <adam.w.montville@gmail.com> Sun, 18 February 2018 12:10 UTC
Return-Path: <adam.w.montville@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34C14124B17; Sun, 18 Feb 2018 04:10:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WqCYInqMXyau; Sun, 18 Feb 2018 04:10:48 -0800 (PST)
Received: from mail-ot0-x22f.google.com (mail-ot0-x22f.google.com [IPv6:2607:f8b0:4003:c0f::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 560BB120724; Sun, 18 Feb 2018 04:10:48 -0800 (PST)
Received: by mail-ot0-x22f.google.com with SMTP id e64so6387992ote.4; Sun, 18 Feb 2018 04:10:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=tkwFIHb3j3Jh6igyqhPkiyHyIbgNI3E+UmiXO+q9Lf8=; b=oB9en8eZH4sOXnEL2jXq1EqJywggzMaYHrxxhFjP7Bz8IY10ihkS8n1NNqDQPW0Fsj oUwdz0evkp5FFT5p/Pz/VAshdf4gzIoXWXueM92tjUqmSHB9JLPXIvzasocN9T054EsC OZSuiFQnNJsktgeUWVWrFEOL5Uc976r39+yO+R8X09riEuF5hKS7T0dTxKTu+WhfIK0f jZggMaqdnCi8P0daMEhtkyRCtHG7C2XTZB/feghI2F2L9huYTTvcMsRUSGSRovJGOcch toUDXPr55EkFkZoUtfHa+PqHjJOjmMPc6Qu6tZoy1c7JmgsE72EIVS6rORPOIGWYPPAD 8BEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=tkwFIHb3j3Jh6igyqhPkiyHyIbgNI3E+UmiXO+q9Lf8=; b=afWRlVvJ499KY39m7zFiaB0WH8EwZORHLPqnaF7LSaNO5LRUAYRZF+KpAQPCxYThE3 jjLV6xsYXJ29yUsCLN6SEZ80YLB5yEzaMzOVD34lp7Is3iO6urwr16bdUpnX8mF4d/SD CrPMTMPpfBsW6hRAPjUn3N9rSdAnAR9ADVTny6HKzoi5V8Vfo+xztn6wmJBQ2XZ5CQuG vpiK+H0B9L7SDvsqQgtKv2KQt5f+SsPsrEquBx/LLZb09HrKdSvbz9lX/qrhlKgqg0FC Ol1fXQQXHTC5c9hG6jkIwFAYUTj9DCEEoFsMkDQAsZGokW+jpGQ8zSOxxIOsDvhz7jdj /joA==
X-Gm-Message-State: APf1xPDIPytbqV/7/XU/+JE9U/FUVcAvwiOyqPnaXWlWpzQmg/tZa7UT cfVR52fgm1U1F2W3mHcSByqmKvJS
X-Google-Smtp-Source: AH8x224Im2E+B6njt4m8akb0dD3VUbPNekJeTbSGDlxvNDpA8ZpuZS205ymEsNJf5n5xIgEngqstbw==
X-Received: by 10.157.29.228 with SMTP id w33mr8506933otw.97.1518955847360; Sun, 18 Feb 2018 04:10:47 -0800 (PST)
Received: from macbook.lan (99-64-100-131.lightspeed.austtx.sbcglobal.net. [99.64.100.131]) by smtp.gmail.com with ESMTPSA id y2sm11442044otg.79.2018.02.18.04.10.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 18 Feb 2018 04:10:45 -0800 (PST)
From: Adam Montville <adam.w.montville@gmail.com>
Message-Id: <CC054DB6-4B6F-4536-AD37-A6C33F83BB8C@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0F6D279F-166C-4FF9-827F-7A80DCD7C8F0"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Sun, 18 Feb 2018 06:10:43 -0600
In-Reply-To: <CAC0wChHZUbRiyEk=dqt6hzixOyrgD9d5h03R1OkqGOuhxOf+og@mail.gmail.com>
Cc: hackathon@ietf.org, MILE IETF <mile@ietf.org>, "<sacm@ietf.org>" <sacm@ietf.org>
To: John Field <jfield@pivotal.io>
References: <F2284577-98CD-47B4-BDA1-FD58AAE11FA3@gmail.com> <CAC0wChHZUbRiyEk=dqt6hzixOyrgD9d5h03R1OkqGOuhxOf+og@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/2Iw7HW8uoiZ5XKIpwESkIIEHeds>
Subject: Re: [mile] SACM/MILE at IETF 101
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Feb 2018 12:10:51 -0000
John, Looking forward to at least getting your feedback and any guidance you might be able to offer along the way. We're working within the GitHub repository (reference [2] in the original email), which is now starting to be populated with documentation and some code projects. Feel free to submit issues to that repository, reach out on this (or a new) thread on one of these lists, or (of course) directly. Perhaps you'll be able to attend 102. Our "plans" include iterating over our progress for each hackathon to continue discovering. It's quite possible that the next hackathon might investigate an event-based approach to assessment and add to our interfaces the necessary communications for establishing watch lists and triggering criteria, etc. Kind regards, Adam > On Feb 16, 2018, at 9:55 AM, John Field <jfield@pivotal.io> wrote: > > Adam, > > Thanks, this sounds like it could be very productive. Unfortunately due to scheduling concerns I won't be able to attend IETF 101. It's possible I could attend 102, but I won't know until the date draws nearer. > > John > > On Thu, Feb 15, 2018 at 4:43 PM, Adam Montville <adam.w.montville@gmail.com <mailto:adam.w.montville@gmail.com>> wrote: > Hello all... > > As mentioned in a previous note, a couple of us are getting together to work a fairly simple configuration assessment scenario using disparate components connected to an XMPP-Grid. We have received some interest off-list in the XMPP-Grid side of things (per the latest draft [1], it seems that XMPP-Grid is an XMPP server running a few XEP extensions), and we are hopeful that we will be able to simply use a grid as clients and not have to implement the grid itself or spend time configuring one. > > Assuming that works out the way we hope, we will mock up an assessment policy publisher and modify an existing assessor and dashboard, so that four interfaces must be defined: 1) publisher interface for assessment guidance, 2) subscriber interface for assessment guidance, 3) publisher interface for assessment results, 4) subscriber interface for assessment results. > > What we hope to learn is twofold. First we hope to learn more about the nuances of working with XMPP-Grid for something other than IODEF payloads. Second, we hope to learn more about how we would need to structure drafts to specify capability interfaces and then bind them to XMPP-Grid. > > Our plan is to share our experience (success/failure) at the hackathon itself, but also (at the chairs' pleasure) in the SACM session, whenever that may be. We would be happy to do the same for MILE, if that makes sense. There's really nothing there yet, but we've got a GitHub repository set up at [2]. Caveat: Not all code will be available in the repository, and we intend to use it primarily for the integration pieces and documentation. > > Kind regards, > > Adam (and Bill) > > > [1] https://datatracker.ietf.org/doc/draft-ietf-mile-xmpp-grid/ <https://datatracker.ietf.org/doc/draft-ietf-mile-xmpp-grid/> > [2] https://github.com/CISecurity/Integration <https://github.com/CISecurity/Integration> > _______________________________________________ > mile mailing list > mile@ietf.org <mailto:mile@ietf.org> > https://www.ietf.org/mailman/listinfo/mile <https://www.ietf.org/mailman/listinfo/mile> > > > > > -- > John P. Field | Security PM | Pivotal > > Direct: (908) 962-3394 | jfield@ <mailto:jfield@gopivotal.com>pivotal.io <http://pivotal.io/> >
- [mile] SACM/MILE at IETF 101 Adam Montville
- Re: [mile] SACM/MILE at IETF 101 John Field
- Re: [mile] SACM/MILE at IETF 101 Adam Montville