IETF Logo Mail Archive

Re: [mile] Working group last call for XMPP-grid

Adam Montville <adam.w.montville@gmail.com> Fri, 04 August 2017 10:48 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B38F2131FC7 for <mile@ietfa.amsl.com>; Fri, 4 Aug 2017 03:48:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NIkM4sgbQZgS for <mile@ietfa.amsl.com>; Fri, 4 Aug 2017 03:48:05 -0700 (PDT)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B7E2131D22 for <mile@ietf.org>; Fri, 4 Aug 2017 03:48:05 -0700 (PDT)
Received: by mail-io0-x229.google.com with SMTP id o9so4668840iod.1 for <mile@ietf.org>; Fri, 04 Aug 2017 03:48:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=nct1zhPL7YAIBMVFSteigELQmbLvWDEmSrtCuJvODX8=; b=GBm0s3snKM9va1obvYxZdqnSe+lnv5cvCcqySqDs8Mvdq4bIT2cDgVjHhCxwQ8H5DH qY7X8zppUkrbsPHjtjrDsf0EsYiYwNSno1p9ZORd/3OSiLHN14gvlaKpE/BNmAJsdLBD 6zDFzqtoSUIW5SCrVA8wttUl7NLNfmcftRZhr2vyrixsulwHGJSPfv0xmsJWV58d3FyX 9Ty7ogZJbeq5E1+J5dTDCInLyom4y1DR7Fqm1CUjD9u1WJVhrb3Mp1ObGQ+vgmDyDhQ+ r3gOuzjYr7R7HbHQufw7FUK7jrBgFQ3jC0DXWK5tCGL2dDHxq9O+Y1m2fmvOjgo7qs+e 6JJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=nct1zhPL7YAIBMVFSteigELQmbLvWDEmSrtCuJvODX8=; b=VMvdMKof1JAWG6Qdlif3sS8DbQ+IOug6K8NuZ/Z827EsBlYG5knLkKxKkQPkkpsoUW byCfXgIhgi3VQyzLXgBrpY+v8ExB4NTp/Vo1k0unWnFJCo/EycmP3tOvJFTni/ml9yba xgpqzum4n6wJ7+QI6QUUJWiMsT4gEdPm78N8zcQW3GH8FxxygSKKFGhoMu1KVyNMcXeg oRC+ElYOvgYxsexXYycOwotv+O/6e0r7GtK50OfhmlunCUYVPCljt1tuSCWVhHuQ25wk I/Mz7BhzXmgGtObasbz0K+XRIePE1Hghr3SzXsJWD1m2IaDlhrANMXbXi3M7zL0H+hbR O6Hg==
X-Gm-Message-State: AIVw113f9LDhkoxjyVHyWoJkVFJxgRbFInbRI9Cxa5yAa5fASR/vLw30 42R8VWKoAJ6i7crqMwq0bXtsDeN/Qw==
X-Received: by 10.107.153.65 with SMTP id b62mr2246954ioe.142.1501843684437; Fri, 04 Aug 2017 03:48:04 -0700 (PDT)
MIME-Version: 1.0
References: <001a01d2ff15$5f6ed1e0$1e4c75a0$@nict.go.jp> <CACknUNXPDfJR5YoaEPjWNQ9eH=Hp946L4Utt6hA7onWNdXD0OQ@mail.gmail.com> <B93890F4-1629-4621-B882-FFA8D97420EE@cisco.com>
In-Reply-To: <B93890F4-1629-4621-B882-FFA8D97420EE@cisco.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Fri, 04 Aug 2017 10:47:53 +0000
Message-ID: <CACknUNXef=6T4EzbJWEP074Aw41RHhV5fbr=YGPT9V7orEOmbw@mail.gmail.com>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, Takeshi Takahashi <takeshi_takahashi@nict.go.jp>, "mile@ietf.org" <mile@ietf.org>
Content-Type: multipart/alternative; boundary="001a1140f3c051b39a0555eb3b3c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/4lFixAK677lFICsvm9TGcx7qBLg>
Subject: Re: [mile] Working group last call for XMPP-grid
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 10:48:09 -0000

:-) No worries. I'll try responses inline. Note that I'm about to head on
vacation for two weeks. I'll be paying attention, but response times may
lag.

On Thu, Aug 3, 2017 at 11:27 AM Nancy Cam-Winget (ncamwing) <
ncamwing@cisco.com> wrote:

> Hi Adam,
>
>
>
> Many thanks for a prompt review!  And it appears that I culled too much so
> please see further comments/questions below:
>
>
>
> *From: *mile <mile-bounces@ietf.org> on behalf of Adam Montville <
> adam.w.montville@gmail.com>
> *Date: *Sunday, July 30, 2017 at 6:04 AM
> *To: *Takeshi Takahashi <takeshi_takahashi@nict.go.jp>, "mile@ietf.org" <
> mile@ietf.org>
>
>
> *Subject: *Re: [mile] Working group last call for XMPP-grid
>
>
>
> Take (and everyone),
>
>
>
> I have read through this latest revision of the draft and find that I am
> still somewhat confused - not about the intent of the draft, I think, but
> of how it qualifies as something that is standards track (I could be
> speaking from ignorance here, so please educate me where necessary).
>
>
>
> To me, the draft is at heart an XMPP configuration guide, to put it
> simply. For example, I don't see too much I would need to implement (aside
> from a deferred XEP for IODEF - see my last comment below), but I do see
> many requirements pertaining to the configuration/operation of, say,
> ejabberd in my enterprise.
>
>
>
> [NCW] Perhaps I did indeed cut too much in my endeavor for simplicity,
> readability and presumptions of XMPP knowledge.  It has been a while since
> I saw the XEP 268, so was remiss in keep abreast its status.  I can pull
> out the considerations for this and how IODEF would be defined as an XMPP
> “topic” that can be discoverable and shared (perhaps using the IODEF
> Guidance guidelines too).  I can check with David and Peter on XMPP
> guidelines on this matter as well.
>

[AWM] This seems reasonable. Mostly, I'm trying to wrap my head around how
I would (hypothetically) go about operating such a service, and it's not
super clear to me.


>
>
>
>
> I feel like the real meat of the problem is punted, and perhaps that is
> intentional given the narrow IODEF-specific scope. To me, the harder
> problem is gaining industry-wide understanding of the discoverable
> capabilities within the ecosystem XMPP-grid (I presume) seeks to enable.
> Without this, there's very little hope of "plug and play" security
> infrastructure in a given enterprise.
>
> [NCW] Yea, so the intent was to be able to show the broader notion, but I
> thought I was responding to other comments for readability with the
> understanding that the discovery extension (XEP-0030) would be sufficient.
> Would it help to bring back some of the XMPP XML samples (some are cited in
> XEP-0030 but I can make them relevant to IODEF discovery)?
>

[AWM] The broader notion is important! I'm not sure that XML samples would
help in this regard, but perhaps some additional language about what
IODEF-specific capabilities would be expected to be discovered?


>
>
> The following are my current specific comments on this draft (more may
> follow, but this seems like a bit for now):
>
>    - At several points the draft talks about "telemetry", and I remember
>    someone (I think it may have been Henk) describing to me that this has
>    special meaning avoiding real-time-ish or event-ish information. First, is
>    there a need to define what is meant by "telemetry"? Second, is there a
>    reason to limit to "telemetry" given this is a draft seeking to establish
>    the communications infrastructure for a security program's ecosystem?
>    (Maybe that's not the intent of the draft, but if it's not, then there's a
>    whole front-end of activities on the orchestration or command and control
>    fronts that still need to be addressed in this space, and I would question
>    the utility of any approach unconcerned with the full breadth of security
>    program communications needs.)
>
> [NCW] The intent is really to say that we want to share measured
> (observed?) information relevant to security.  Would it simplify to just
> remove the term?  Or state it as “observed information”?
>

[AWM] I think I like the direction of "observed information", but please
note that this particular comment isn't a strenuous objection, but more of
a probe for deeper understanding.

>
>    - Is there a reason we couldn't replace "transport and communication"
>    for "messaging"? This seems cleaner, and removes any of the ambiguity
>    around "transport" when we're at a context that may sometimes be on the
>    network level and sometimes not. (See, for example, the first sentence of
>    the first paragraph of the Introduction.)
>
> [NCW] Ah, I think it is likely to be “transfer” as that is what I was
> asked to remoniker in the Requirements draft.
>

[AWM] Fair enough.

>
>    - In the terminology, the way "capability provider" and "publisher"
>    are defined, they seem synonymous. It's clear that "publisher" is being set
>    up as a subclass of "capability provider" (i.e. "publisher is a capability
>    provider that..."), but beyond that there's no clear qualification that
>    would make an instance "publisher" distinct from some other instance of
>    "capability provider". I'm not sure how to fix this, but recommend that you
>    ask what would come after "that" in the following sentence fragment: "A
>    publisher is a capability provider that..."
>
> [NCW] I can just converge and use “publisher” only, would that help?
>

[AWM] I'm not sure (and I'm curious as to what others think about this. To
me, the discovery features of this solution would allow my ecosystem to
discover components capable of performing specific tasks (i.e. those
components that provide capabilities). Those capability providers would, in
turn, publish specific information using specific data models and
serializations. So, there seems to be a distinction, though I'm not sure
how important it is to call out. How about "A publisher is a capability
provider that contributes information pertaining to its capability to the
XMPP grid" or something like that? I'm not sure if that's helpful or makes
things more confusing.

>
>    - Proposed text for "subscriber" definition: An entity participating
>    in XMPP-Grid by consuming information on a subscription basis from one or
>    more publishers also participating in the XMPP-Grid.
>
> [NCW] OK, will update in the next revision.
>
>    - The XMPP-Grid Controller is simply an XMPP Server by my read. Is
>    there a compelling reason not to simply call it such?
>
> [NCW] You are correct, I can simplify
>
>    - This is a draft about communicating IODEF information over an XMPP
>    infrastructure, and as such it points to (as a normative reference)
>    XEP-0268 (see https://xmpp.org/extensions/xep-0268.html).
>    Unfortunately, that normatively references a XEP containing a clear
>    warning: "WARNING: This document has been automatically Deferred after 12
>    months of inactivity in its previous Experimental state. Implementation of
>    the protocol described herein is not recommended for production systems.
>    However, exploratory implementations are encouraged to resume the standards
>    process." I'm not an expert, but I wouldn't want this draft to proceed by
>    effectively standardizing something that was experimental, but has been
>    deferred for inactivity, which tells me that it's effectively dead (XSF
>    folks may have a different opinion, and I'll obviously defer to them, as
>    I'm not too knowledgable of the XSF process).
>
> [NCW] Admittedly, I had not seen the note (as its been a while since I
> looked at the XEP-0268), so I can make adjustments to not use it but
> incorporate its intent in this draft.
>
>
>
> I want to see standardization of a communications infrastructure
> supporting an ecosystem of software and tools commonly used in the
> implementation of a security program. It's not clear to me how this draft
> furthers that goal. Either the draft simply doesn't accomplish that for
> lack of specification, or it's not clear enough (to me) to see how that
> enablement happens (even for IODEF given the "non-normative normative"
> reference to XEP-0268).
>
>
>
> Therefore, it's not clear to me how this draft could proceed as standards
> track, though I hope there is a way we can see this happen (I'm not sure an
> informational draft would be as well-received nor helpful).
>
> [NCW]  The intent is to show the IODEF as a data model that can be shared
> in a publish/subscribe ecosystem such as XMPP.  Given the scope of IODEF, I
> did remove the notion of how the discovery works based on the notion that
> XEP-0030 can be used.  I can put those samples back, as well as
> incorporating more details of the IODEF as its own namespace and
> “capability” that can be discovered and then shared.  I believe that is
> what makes it normative (e.g. standards based) along with the notion of
> having IANA be a registry for the data models that can be conveyed thru
> XMPP for information sharing.
>
>
>
>
>
> Kind regards,
>
>
>
> Adam
>
>
>
>
>
> On Mon, Jul 17, 2017 at 10:57 AM Takeshi Takahashi <
> takeshi_takahashi@nict.go.jp> wrote:
>
> Hello all,
>
> Based on the discussion at the MILE session in Prague, let us re-initiate
> the WGLC for draft-ietf-mile-xmpp-grid.
> The version to be reviewed is
> https://tools.ietf.org/id/draft-ietf-mile-xmpp-grid-03.txt
>
> We will have 1 month for this call.
> Please provide comments before August 18th and provide your support and/ or
> raise any issue you feel are yet to be addressed.
>
> Thank you.
> Take
>
>
> _______________________________________________
> mile mailing list
> mile@ietf.org
> https://www.ietf.org/mailman/listinfo/mile
>
>

v2.23.0 | Report a Bug | By Email