IETF Logo Mail Archive

Re: [mile] Clarifying iodef:SoftwareType (Issue #47)

"Adam W. Montville" <adam.w.montville@gmail.com> Tue, 24 March 2015 21:47 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3AD11AC3EF for <mile@ietfa.amsl.com>; Tue, 24 Mar 2015 14:47:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zIiTMs5kF5UI for <mile@ietfa.amsl.com>; Tue, 24 Mar 2015 14:47:07 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5256A1AC400 for <mile@ietf.org>; Tue, 24 Mar 2015 14:46:51 -0700 (PDT)
Received: by wibgn9 with SMTP id gn9so11176797wib.1 for <mile@ietf.org>; Tue, 24 Mar 2015 14:46:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=lk0Fq1CRs5FfnXv5C7G/Gt9LfML94LGWq/nkU3/dSGY=; b=nugyqyey5OHfSpJjeIw/aVft+SwFfUveIiqFpfDmt6xwOxrVPU0eIMHLANdKEgWQ3W 0FpwyalVvWoTMGv7Q6OX0pjD7srvuofn3u7q/pgyZWFz9CHfl+V+HTuftV4I1y2lCbnB WAJBwQyNLtiPCBntY2ckuWKuCrlxbSJMQ5AfcXVTGRUFjhx5/gqQYebNCx8kzXI1ksEy eeULJ2fmT50+C34y2r+P0uzGEKw+RXjM8JP+NTk++VCeXfUSm3U+ZYsnmQdUC07gx4lM oMYqjB0E2qdwJ6TgRzHlr/0Zfl0AfiB/pxKg+SRj91U3PxZ1/1soXhWwYdaszlhHwGHf qfIQ==
X-Received: by 10.180.84.3 with SMTP id u3mr32370297wiy.38.1427233610011; Tue, 24 Mar 2015 14:46:50 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:136:b8e3:79c6:2d0b:cf61? ([2001:67c:370:136:b8e3:79c6:2d0b:cf61]) by mx.google.com with ESMTPSA id pm6sm5195786wic.20.2015.03.24.14.46.49 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 24 Mar 2015 14:46:49 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: "Adam W. Montville" <adam.w.montville@gmail.com>
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFCD93D2DE8@marathon>
Date: Tue, 24 Mar 2015 16:46:47 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <DCAF646F-2A6F-4EB0-9060-7BB40CF11C1A@gmail.com>
References: <359EC4B99E040048A7131E0F4E113AFCD93D2DE8@marathon>
To: "Roman D. Danyliw" <rdd@cert.org>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/LGWyLSPurBgFLuBgo-IdTCYkHcA>
Cc: "mile@ietf.org" <mile@ietf.org>
Subject: Re: [mile] Clarifying iodef:SoftwareType (Issue #47)
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2015 21:47:09 -0000

> On Mar 24, 2015, at 2:55 PM, Roman D. Danyliw <rdd@cert.org> wrote:
> 
> Good afternoon!
> 
> One of the remaining issues with rfc5070bis is to clarify the iodef:SoftwareType.  See Issue #47 [1].  We discussed this impasse in Honolulu [2].
> 
> --[ snip discussion from IETF 91 ]--
> Q1: (Roman Danyliw) Last mailing list discussion on clarifying iodef:Software produced no result.  What does the group want to do?
> A: (David Waltermire) Extensibility is key dimension.  Consider just using swid and reference the ISO standard.  Alternatively, redefine the class to be AdditionalData.
> A: (Adam Monteville) Reiterated the importance of extensibility
> A: Isn't swid support already in the spec?
> A: (Roman Danyliw) There is an attribute named "swid" but this comes from RFC5070 which just happened to use this name without reference to the ISO standard.
> A: (Takeshi Takahashi) IODEF-SCI can embed SWID and CPE as well, but the context is different; it is added under AdditionalData. If we need the data here, we could make a model here like the SCI draft does.
> --[ end snip ]--
> 
> The four options mentioned to date (not just at IETF 91) are:
> 
> (1) Use OVAL [3]
> 
> (2) Use swid referencing ISO/IEC 19770-2:2009 (with XML schema at [4])
> 
> (3) Don't define it and use AdditionalData
> 
> (4) Support mutiple techniques to reference software in the same way  (like IODEF-SCI and ENUM)
> 
> Approach (1) and (2) are require little further explanation.  Hence, let me describe (3) in more detail.
> 
> The thinking would be to create an IANA registry to maintain a list of external references, in this case application reference techniques (e.g., swid and CPE), just like IODEF-SCI and ENUM current do.  The class using this technique might look as follows:
>             +---------------------+
>             | Application         |
>             +---------------------+
>             | ENUM SpecID         |<>--(0..*)-[ SpecData ]
>             | STRING ext-SpecID   |
>             |                     |
>             +---------------------+
> 
> ** SpecID would map to an IANA registry of application reference techniques
> ** ext-SpecID would allow for private enumerated value extensions as currently done in the draft
> ** SpecData would be defined as follows allowing both XML or atomic data types such as a string.
>     <xs:complexType name="AppIdType" mixed="true">  
>      <xs:sequence>
>        <xs:any namespace="##any" processContents="lax"
>                minOccurs="0" maxOccurs="unbounded"/>
>      </xs:sequence>
> 
> In the same way that the general purpose ENUM approach was useful to SACM and MILE, SACM has also expressed interest in a common approach on this class too.
> 
> What does the community feel is the correct approach?

The SACM working group will indeed have the same problem to solve shortly.  Enabling the use of multiple software identification mechanisms, (simply because it’s unlikely just one will suffice), *seems* to be the better choice.  

> 
> Roman
> 
> [1] http://trac.tools.ietf.org/wg/mile/trac/ticket/47
> [2] http://www.ietf.org/proceedings/91/minutes/minutes-91-mile
> [3] https://nvd.nist.gov/cpe.cfm
> [4] http://standards.iso.org/iso/19770/-2/2009/schema.xsd
> _______________________________________________
> mile mailing list
> mile@ietf.org
> https://www.ietf.org/mailman/listinfo/mile

v2.23.0 | Report a Bug | By Email