IETF Logo Mail Archive

Re: [mile] Working group last call for XMPP-grid

Adam Montville <adam.w.montville@gmail.com> Sun, 30 July 2017 13:04 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4607124207 for <mile@ietfa.amsl.com>; Sun, 30 Jul 2017 06:04:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YpByrJEb6EUr for <mile@ietfa.amsl.com>; Sun, 30 Jul 2017 06:04:26 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 089BD1241F5 for <mile@ietf.org>; Sun, 30 Jul 2017 06:04:25 -0700 (PDT)
Received: by mail-io0-x234.google.com with SMTP id c74so102783669iod.4 for <mile@ietf.org>; Sun, 30 Jul 2017 06:04:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=4fbixpbT0QW/LG1OaMLspNdhs/FCM0ZyxTGdCo3C+9U=; b=g91AU4jMdRlz3FBQw5qVzWfgHE8yNI9PrOM8nuYxNPbKtgobS7IYLvqPuLAfL0xdSx QUmCT2G71B7gCJIs+ZvgcaOFcCxAunAU95uLZ4d2xixMmRn9WSIQ2JviZt1/gf2VOE8g u/ngfOaLzS3EPhM1nLADSaCDza0UOa0k+hlum60vYiDFR6aDL7R5OJPekzIU743wrNIY XYjYPuhFcgZyAChuHnQbnLjj6TwAqnHTjuTLKdc1DoI071KPOI9dO3crLG3lHwR+VWDl 54BMfr+JoFHWekhlkh1UaMSG7e/1gzp2Mwsb/J6w424ZQbKq2ooP4/g62CvIJ1ehozFg R6vQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=4fbixpbT0QW/LG1OaMLspNdhs/FCM0ZyxTGdCo3C+9U=; b=Yy9AXW8Bb4P/lvDGZ5NM2n548FHQa/YC8D9w1znSROO1wM3sf6foa+Tb2d3+Ta3z47 cg13LxOU91WbdutuUpCuePrzbtR7aunNtxeU3VhnDGP0mhOk2+kBU3Be/QnFiD/GI1D4 8K23INEiyD3srZl13qFhYtDUZFkbDyEj4doAxlPBFTtrIZzXMAQPh6ETjEjkms1pS+13 tl7vXVVrCw/Qlv6A68yyJThz1VGXCUOXBIMhp872jvy94EPx7avfoGWhJrEOjKOKtx26 qMDdwGAGxIl+je49e1g5rS2MZShfSxVo9Ri4UcQCmKG/QwUyFn9/UAp2tEJyqNAnclVK 8nJQ==
X-Gm-Message-State: AIVw110H6cAASBZTuImDOWJfmrDW8TUObNg5Ot1fkvwvg/GZ25gdQf2l cl6Ov2bnwTa5HNvVvDoKRd6SHCkPYQ==
X-Received: by 10.107.153.65 with SMTP id b62mr12385608ioe.142.1501419864995; Sun, 30 Jul 2017 06:04:24 -0700 (PDT)
MIME-Version: 1.0
References: <001a01d2ff15$5f6ed1e0$1e4c75a0$@nict.go.jp>
In-Reply-To: <001a01d2ff15$5f6ed1e0$1e4c75a0$@nict.go.jp>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Sun, 30 Jul 2017 13:04:14 +0000
Message-ID: <CACknUNXPDfJR5YoaEPjWNQ9eH=Hp946L4Utt6hA7onWNdXD0OQ@mail.gmail.com>
To: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>, mile@ietf.org
Content-Type: multipart/alternative; boundary="001a1140f3c0b6454b0555888db8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/Q9pjqTcRKeKYhBYes30OlVyjBF0>
Subject: Re: [mile] Working group last call for XMPP-grid
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Jul 2017 13:04:29 -0000

Take (and everyone),

I have read through this latest revision of the draft and find that I am
still somewhat confused - not about the intent of the draft, I think, but
of how it qualifies as something that is standards track (I could be
speaking from ignorance here, so please educate me where necessary).

To me, the draft is at heart an XMPP configuration guide, to put it simply.
For example, I don't see too much I would need to implement (aside from a
deferred XEP for IODEF - see my last comment below), but I do see many
requirements pertaining to the configuration/operation of, say, ejabberd in
my enterprise.

I feel like the real meat of the problem is punted, and perhaps that is
intentional given the narrow IODEF-specific scope. To me, the harder
problem is gaining industry-wide understanding of the discoverable
capabilities within the ecosystem XMPP-grid (I presume) seeks to enable.
Without this, there's very little hope of "plug and play" security
infrastructure in a given enterprise.

The following are my current specific comments on this draft (more may
follow, but this seems like a bit for now):

   - At several points the draft talks about "telemetry", and I remember
   someone (I think it may have been Henk) describing to me that this has
   special meaning avoiding real-time-ish or event-ish information. First, is
   there a need to define what is meant by "telemetry"? Second, is there a
   reason to limit to "telemetry" given this is a draft seeking to establish
   the communications infrastructure for a security program's ecosystem?
   (Maybe that's not the intent of the draft, but if it's not, then there's a
   whole front-end of activities on the orchestration or command and control
   fronts that still need to be addressed in this space, and I would question
   the utility of any approach unconcerned with the full breadth of security
   program communications needs.)
   - Is there a reason we couldn't replace "transport and communication"
   for "messaging"? This seems cleaner, and removes any of the ambiguity
   around "transport" when we're at a context that may sometimes be on the
   network level and sometimes not. (See, for example, the first sentence of
   the first paragraph of the Introduction.)
   - In the terminology, the way "capability provider" and "publisher" are
   defined, they seem synonymous. It's clear that "publisher" is being set up
   as a subclass of "capability provider" (i.e. "publisher is a capability
   provider that..."), but beyond that there's no clear qualification that
   would make an instance "publisher" distinct from some other instance of
   "capability provider". I'm not sure how to fix this, but recommend that you
   ask what would come after "that" in the following sentence fragment: "A
   publisher is a capability provider that..."
   - Proposed text for "subscriber" definition: An entity participating in
   XMPP-Grid by consuming information on a subscription basis from one or more
   publishers also participating in the XMPP-Grid.
   - The XMPP-Grid Controller is simply an XMPP Server by my read. Is there
   a compelling reason not to simply call it such?
   - This is a draft about communicating IODEF information over an XMPP
   infrastructure, and as such it points to (as a normative reference)
   XEP-0268 (see https://xmpp.org/extensions/xep-0268.html). Unfortunately,
   that normatively references a XEP containing a clear warning: "WARNING:
   This document has been automatically Deferred after 12 months of inactivity
   in its previous Experimental state. Implementation of the protocol
   described herein is not recommended for production systems. However,
   exploratory implementations are encouraged to resume the standards
   process." I'm not an expert, but I wouldn't want this draft to proceed by
   effectively standardizing something that was experimental, but has been
   deferred for inactivity, which tells me that it's effectively dead (XSF
   folks may have a different opinion, and I'll obviously defer to them, as
   I'm not too knowledgable of the XSF process).


I want to see standardization of a communications infrastructure supporting
an ecosystem of software and tools commonly used in the implementation of a
security program. It's not clear to me how this draft furthers that goal.
Either the draft simply doesn't accomplish that for lack of specification,
or it's not clear enough (to me) to see how that enablement happens (even
for IODEF given the "non-normative normative" reference to XEP-0268).

Therefore, it's not clear to me how this draft could proceed as standards
track, though I hope there is a way we can see this happen (I'm not sure an
informational draft would be as well-received nor helpful).


Kind regards,

Adam



On Mon, Jul 17, 2017 at 10:57 AM Takeshi Takahashi <
takeshi_takahashi@nict.go.jp> wrote:

> Hello all,
>
> Based on the discussion at the MILE session in Prague, let us re-initiate
> the WGLC for draft-ietf-mile-xmpp-grid.
> The version to be reviewed is
> https://tools.ietf.org/id/draft-ietf-mile-xmpp-grid-03.txt
>
> We will have 1 month for this call.
> Please provide comments before August 18th and provide your support and/ or
> raise any issue you feel are yet to be addressed.
>
> Thank you.
> Take
>
>
> _______________________________________________
> mile mailing list
> mile@ietf.org
> https://www.ietf.org/mailman/listinfo/mile
>

v2.23.0 | Report a Bug | By Email