Re: [mile] some comments on the xmpp-grid draft

"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Thu, 18 October 2018 09:10 UTC

Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08EE912D4E7 for <mile@ietfa.amsl.com>; Thu, 18 Oct 2018 02:10:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id um6UoRfqkHCf for <mile@ietfa.amsl.com>; Thu, 18 Oct 2018 02:10:19 -0700 (PDT)
Received: from ns2.nict.go.jp (ns2.nict.go.jp [IPv6:2001:df0:232:300::2]) by ietfa.amsl.com (Postfix) with ESMTP id D395D12D4EF for <mile@ietf.org>; Thu, 18 Oct 2018 02:10:18 -0700 (PDT)
Received: from gw2.nict.go.jp (gw2.nict.go.jp [133.243.18.251]) by ns2.nict.go.jp with ESMTP id w9I9AFFh006300; Thu, 18 Oct 2018 18:10:15 +0900 (JST)
Received: from mail2.nict.go.jp (mail2.nict.go.jp [133.243.18.15]) by gw2.nict.go.jp with ESMTP id w9I9AFhh006293; Thu, 18 Oct 2018 18:10:15 +0900 (JST)
Received: from LAPTOP9DLCDU5S (ssh1.nict.go.jp [133.243.3.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.nict.go.jp (NICT Mail Spool Server2) with ESMTPS id CE1D713F12; Thu, 18 Oct 2018 18:10:14 +0900 (JST)
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: "'Nancy Cam-Winget (ncamwing)'" <ncamwing@cisco.com>, 'MILE IETF' <mile@ietf.org>
References: <018e01d45b9f$ffaa8540$feff8fc0$@nict.go.jp> <140527B3-88F1-463D-9695-93A1B07E2475@cisco.com>
In-Reply-To: <140527B3-88F1-463D-9695-93A1B07E2475@cisco.com>
Date: Thu, 18 Oct 2018 18:10:15 +0900
Message-ID: <1388601d466c2$632d78c0$29886a40$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQK152qVmvjuXfLJ1vQoJYD1R2R5TgI8QHkpo0/TM5A=
Content-Language: ja
X-Virus-Scanned: clamav-milter 0.100.1 at zenith2
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/QuraM_z-BCbuo7OGu6zWFIEUw7g>
Subject: Re: [mile] some comments on the xmpp-grid draft
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2018 09:10:23 -0000

HI Nancy,

Thank you for your clear explanations.
I am happy with all the answers you kindly provided here.

Kind regards,
Take


-----Original Message-----
From: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com> 
Sent: Thursday, October 18, 2018 11:48 AM
To: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>; 'MILE IETF' <mile@ietf.org>
Subject: Re: [mile] some comments on the xmpp-grid draft

Hi Takeshi,
Many thanks for providing these comments!  Please see further responses below:

On 10/3/18, 22:06, "mile on behalf of Takeshi Takahashi" <mile-bounces@ietf.org on behalf of takeshi_takahashi@nict.go.jp> wrote:

    Hello authors of draft-appala-mile-xmpp-grid,
    
    Before working on the shepherd-writeup, there are several issues I (as an
    individual without any hat) would like to comment on.
    I know that the WG last call has already completed, but hopefully you could
    consider reflecting these comments.
    These comments are more-or-less editorial.
    
    1. Current xmpp-draft talks about the delivery of only IODEF document, but
    the charter will be changed so that MILE transport protocols can deliver not
    only IODEF documents but also various security-related information
    (currently, the charter is under review by our AD). Moreover, by reading the
    draft, I could not find any IODEF-specific definitions. Therefore, wouldn't
    it be better to change the sentences so that xmpp-grid can deliver not only
    IODEF documents but also various security-related information, including
    STIX documents?
[NCW] True, as our charter grows we can demonstrate how other namespaces can be used.  I am not sure the draft is restricted to only IODEF, though it uses that as the (or one) example for how security information can be shared using XMPP.  I think the only normative aspect to IODEF is its use and reference in namespace.
I am amenable to making it wider, but I think the only suitable place could be in The introduction.  I could add a sentence at the end to state "While many other Security information formats can be shared using XMPP, this document uses IODEF as one such exchange format that can be published And consumed using XMPP."
Would that satisfy this comment?
    
    2. The document is intended to be a Standard-track RFC. Readers of the
    current draft may think it is a draft designed to be an Informational RFC
    because it is not clear to the readers what is newly defined in this
    document. The document could be seen as a guidancde on how to use
    XMPP-related techniques. Therefore, these new definitions should be
    addressed in the introduction section. In my understanding, the three
    values, i.e., disco#items, disco#info, and pubsub#type, were newly defined
    in this document.
    [NCW] Ah yes, we had discussed this but never concluded as to whether it is Standards or informational.  The reference to the use of the IODEF namespace May allow this to be standards track; but in general, it is more of a guidance document So we could make this an informational draft. 

    3. The terminology definition sentences begin with "In SACM", but I think we
    can omit that part of the sentences.
[NCW]  Will do.
    
    4. We could delete the defitions of "Publisher", "Publish-Subscribe
    Service", and "Subscriber" from the Terminology definition section, because
      - these terms are not used in this document, and 
      - you have already said that "Provider", "Broker", and "Consumer" are the
    terms that us used within this document for them [NCW]  Will do.
    
    5. in section 3 "Architecture", there is a sentence: "Platforms cannot ...
    and relationships (e.g., Provider or Consumer) at the Broker.
    Is it correct to read like this: "Platforms cannot ... and relationships
    among entities, (e.g., Provider or Consumer) at the Broker" ?
[NCW] Actually they have to obtain the appropriate authorization to either or both Be a provider or consumer; the authorization is done thru the broker.  I will clean that Sentence; somehow it got munged in version 4 of the draft.
    
    6. in the same sentence discussed above, you have written "(e.g., Provider
    or Consumer)". However, are there indeed any other entities other that
    Provider and Consuer? If not, we could change it to "(i.e., Provider or
    Consumer)
[NCW] Actually, a platform can be a provider for some formats (say IODEF) and A consumer of others (say STIX or some other namespaces).  But in general, There are only providers and consumers.
    
    7. In section 3 "Architecture", "thru"->"through"
[NCW] Thanks, will update.
    
    8. in Section 4 (workflow), "Controller (XMPP server)" -> "Controller"
       Because you have already defined the term (and because you have already
    clarified that these terms are equivalent), I am not sure whether we need
    both terms listed here or not.
[NCW] Fair point.
    
    9. you have a term "Topic". In section 2, Topic is defined to be a channel,
    but in other places, it seems to be treated as a data or information.
      - ex1: "A Provider unicasts its Topic updates to the Grid.... The Broker
    handles replication and distribution of the Topic to Consumers"
      - ex2: "discover thbe available information (Topics) to be published or
    Consumes
[NCW] I will have to go through and ensure they are consistant.  A Topic Is a type of information (effectively a namespace).
    
    10. in item f of section 4, I am not sure whether "as" in  "and as Consumers
    will then receive ... " is a typo or not. Would it be "the" or something
    else?
    
    11. in item f of section 4, "from the Topics to which it is subscribed"
    could be "from the Topics to which they subscribe" ???
[NCW] How about:
Any Platform on the Grid may subscribe to any Topics published to
       the Grid (as permitted by authorization policy), and (as
      Consumers) will then receive a continuous, real-time stream of
       updates from the Topics to which they are subscribed.
    
    12, in section 4, "(Topics) to bepublished or consumes" -> "(Topics) to
    bepublished or consumed"
[NCW] Thanks for catching this....will update
    
    13. in section 5: I believe this section is the basis for making this draft
    a standard track RFC. The draft seems to be defining these three
    values---disco#items, disco#info, and pubsub#type.
        If it is newly defined in this draft, I hope the authors could say so
    somewhere in this draft. Or, is it defined elsewhere?
[NCW] No, these are extended XMPP constructs in XEP-0030, but I think for the "Grid"
To allow for service discovery, XEP-0030 SHOULD be implemented And for asynchronous sharing XEP-0060 MUST be implemented.  So these I also thought is what made it standard or stronger than a guidance.
    
    14. Sectuion 8 "Security Considerations" have lots of information. I am
    wondering which of these are issues brought by the original xmpp and which
    of these are newly added issues brought by xmpp-grid.
        If there are already existing texts on the security considerations of
    xmpp, referencing these text would be helpful.
[NCW] These are all new considerations we believed are needed beyond what is Defined in the XMPP RFC's as they go to the establishment of the "Grid"
and the communications between the consumers and producers.
    
    Kind regards,
    Take
    
    
    _______________________________________________
    mile mailing list
    mile@ietf.org
    https://www.ietf.org/mailman/listinfo/mile