IETF Logo Mail Archive

Re: [mile] Clarifying iodef:SoftwareType (Issue #47)

Sean Turner <turners@ieca.com> Wed, 25 March 2015 11:50 UTC

Return-Path: <turners@ieca.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 589C61ACE52 for <mile@ietfa.amsl.com>; Wed, 25 Mar 2015 04:50:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JSDDlC9kSS_Q for <mile@ietfa.amsl.com>; Wed, 25 Mar 2015 04:50:47 -0700 (PDT)
Received: from gateway04.websitewelcome.com (gateway04.websitewelcome.com [64.5.38.14]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 082821ACE50 for <mile@ietf.org>; Wed, 25 Mar 2015 04:50:47 -0700 (PDT)
Received: by gateway04.websitewelcome.com (Postfix, from userid 5007) id 5BCB3994A7CBA; Wed, 25 Mar 2015 06:50:46 -0500 (CDT)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway04.websitewelcome.com (Postfix) with ESMTP id 3F250994A7C69 for <mile@ietf.org>; Wed, 25 Mar 2015 06:50:46 -0500 (CDT)
Received: from [173.200.48.34] (port=50462 helo=[10.111.111.9]) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <turners@ieca.com>) id 1Yajpd-0007aN-Li; Wed, 25 Mar 2015 06:50:45 -0500
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Sean Turner <turners@ieca.com>
In-Reply-To: <D040ACC8-0537-4D01-AC1A-75DA67EAF512@cert.org>
Date: Wed, 25 Mar 2015 06:50:44 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <25CCFBDD-02E8-4A29-9700-6144EC7647B3@ieca.com>
References: <359EC4B99E040048A7131E0F4E113AFCD93D2DE8@marathon>, <A7CB3F92-1F1E-4203-A241-88CE84F9F75E@ieca.com> <D040ACC8-0537-4D01-AC1A-75DA67EAF512@cert.org>
To: "Roman D. Danyliw" <rdd@cert.org>
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 173.200.48.34
X-Exim-ID: 1Yajpd-0007aN-Li
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([10.111.111.9]) [173.200.48.34]:50462
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 1
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/8i1HDtiQ44NXuObw8JzsNy0RsQM>
Cc: "mile@ietf.org" <mile@ietf.org>
Subject: Re: [mile] Clarifying iodef:SoftwareType (Issue #47)
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 11:50:49 -0000

On Mar 25, 2015, at 05:33, Roman D. Danyliw <rdd@cert.org> wrote:

> Hello Sean!
> 
> Response inline ...
> 
>> On Mar 24, 2015, at 6:31 PM, Sean Turner <turners@ieca.com> wrote:
>> 
>> Roman,
>> 
>> Clarifying questions:
>> 1. Can you get a SWID for free?
> 
> Yes.
> 
>> 2. Is there a mapping between CPE <-> SWID?
> 
> There isn't one of which I am aware. Does anyone know differently?
> 
> Roman

Thanks, my thinking then is:

1. It seems kind of odd to force all of those folks with CPEs already to switch, i.e., it’s too onerous and frankly unlikely to happen.

2. It seems odd to force new folks to a USG site, even if it is a defacto standard in some sense, especially when there’s a “free” alternative.

3. We could do a mapping, but if there’s a away to avoid it then maybe we should.

Seems like of the options you listed below #3 or #4 with a slant towards #4, because it’s already defined, is the way to go here.

spt

>> spt
>> 
>>> On Mar 24, 2015, at 14:55, Roman D. Danyliw <rdd@cert.org> wrote:
>>> 
>>> Good afternoon!
>>> 
>>> One of the remaining issues with rfc5070bis is to clarify the iodef:SoftwareType.  See Issue #47 [1].  We discussed this impasse in Honolulu [2].
>>> 
>>> --[ snip discussion from IETF 91 ]--
>>> Q1: (Roman Danyliw) Last mailing list discussion on clarifying iodef:Software produced no result.  What does the group want to do?
>>> A: (David Waltermire) Extensibility is key dimension.  Consider just using swid and reference the ISO standard.  Alternatively, redefine the class to be AdditionalData.
>>> A: (Adam Monteville) Reiterated the importance of extensibility
>>> A: Isn't swid support already in the spec?
>>> A: (Roman Danyliw) There is an attribute named "swid" but this comes from RFC5070 which just happened to use this name without reference to the ISO standard.
>>> A: (Takeshi Takahashi) IODEF-SCI can embed SWID and CPE as well, but the context is different; it is added under AdditionalData. If we need the data here, we could make a model here like the SCI draft does.
>>> --[ end snip ]--
>>> 
>>> The four options mentioned to date (not just at IETF 91) are:
>>> 
>>> (1) Use OVAL [3]
>>> 
>>> (2) Use swid referencing ISO/IEC 19770-2:2009 (with XML schema at [4])
>>> 
>>> (3) Don't define it and use AdditionalData
>>> 
>>> (4) Support mutiple techniques to reference software in the same way  (like IODEF-SCI and ENUM)
>>> 
>>> Approach (1) and (2) are require little further explanation.  Hence, let me describe (3) in more detail.
>>> 
>>> The thinking would be to create an IANA registry to maintain a list of external references, in this case application reference techniques (e.g., swid and CPE), just like IODEF-SCI and ENUM current do.  The class using this technique might look as follows:
>>>           +---------------------+
>>>           | Application         |
>>>           +---------------------+
>>>           | ENUM SpecID         |<>--(0..*)-[ SpecData ]
>>>           | STRING ext-SpecID   |
>>>           |                     |
>>>           +---------------------+
>>> 
>>> ** SpecID would map to an IANA registry of application reference techniques
>>> ** ext-SpecID would allow for private enumerated value extensions as currently done in the draft
>>> ** SpecData would be defined as follows allowing both XML or atomic data types such as a string.
>>>   <xs:complexType name="AppIdType" mixed="true">  
>>>    <xs:sequence>
>>>      <xs:any namespace="##any" processContents="lax"
>>>              minOccurs="0" maxOccurs="unbounded"/>
>>>    </xs:sequence>
>>> 
>>> In the same way that the general purpose ENUM approach was useful to SACM and MILE, SACM has also expressed interest in a common approach on this class too.
>>> 
>>> What does the community feel is the correct approach?
>>> 
>>> Roman
>>> 
>>> [1] http://trac.tools.ietf.org/wg/mile/trac/ticket/47
>>> [2] http://www.ietf.org/proceedings/91/minutes/minutes-91-mile
>>> [3] https://nvd.nist.gov/cpe.cfm
>>> [4] http://standards.iso.org/iso/19770/-2/2009/schema.xsd
>>> _______________________________________________
>>> mile mailing list
>>> mile@ietf.org
>>> https://www.ietf.org/mailman/listinfo/mile
>>

v2.23.0 | Report a Bug | By Email