Re: [mile] [sacm] Fwd: New Version Notification for draft-mandm-sacm-rolie-configuration-checklist-00.txt
"Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov> Wed, 28 June 2017 16:00 UTC
Return-Path: <stephen.banghart@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8470B12EC4D for <mile@ietfa.amsl.com>; Wed, 28 Jun 2017 09:00:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UVG-VB6fa3s6 for <mile@ietfa.amsl.com>; Wed, 28 Jun 2017 09:00:26 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0097.outbound.protection.outlook.com [23.103.200.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C407912EC5A for <mile@ietf.org>; Wed, 28 Jun 2017 09:00:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QveOOn314/gz3KjjaWmhsY1LBKT3KQg+D8+2KIJz8NM=; b=oFksii4OmRdmKY+z0/jyCqwdz9Es3lHbAzdjtGj8T57XSjBFtw2dmwq2rRUACrOiM3yYLsVehMtISbs28evEQ6Ur8KpLQf/S4NiVbn03N+G3JiL18cMQ5CMWsJ8VOfL5ZmfIChcH2KqX7kUmX/J19Ku3uZy/FL5lPJ8ksvdSenc=
Received: from DM5PR09MB1307.namprd09.prod.outlook.com (10.172.34.141) by DM5PR09MB1306.namprd09.prod.outlook.com (10.172.34.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1199.15; Wed, 28 Jun 2017 16:00:22 +0000
Received: from DM5PR09MB1307.namprd09.prod.outlook.com ([10.172.34.141]) by DM5PR09MB1307.namprd09.prod.outlook.com ([10.172.34.141]) with mapi id 15.01.1199.019; Wed, 28 Jun 2017 16:00:22 +0000
From: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
To: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [sacm] Fwd: New Version Notification for draft-mandm-sacm-rolie-configuration-checklist-00.txt
Thread-Index: AQHS5rQS7l6/Wl8HBU6Ybkl/tSUp1qI6c7MA
Date: Wed, 28 Jun 2017 16:00:21 +0000
Message-ID: <DM5PR09MB1307894D9221B0497441BF96F0DD0@DM5PR09MB1307.namprd09.prod.outlook.com>
References: <149762565589.572.11869428600141425823.idtracker@ietfa.amsl.com> <CACknUNVyMWSmF=gpjwEsyPdyTtNBmJnRfSLMmMGAgMc4=8Dg_A@mail.gmail.com>
In-Reply-To: <CACknUNVyMWSmF=gpjwEsyPdyTtNBmJnRfSLMmMGAgMc4=8Dg_A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.251.1]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR09MB1306; 7:85+Q3uzhX9xzvtvHYpHIpL+A42+3hv+F2q2lvkb+KGWEwkaJk5t+w2FS40mOm8BJKTXktq0bK6hcVfK61Ol/t154Sni2mn8ZxCJpUQawsuLCpTJN7Z0lNmz1jd1vfF9eePYFUs6rC/VTfHyrqSnZy3zQutJd6ybyDsbFs3n/mNKoZg3iyVSSdIIELtD8GdbEwUvlaKifCgya8TZSr3/QWDpeERI4mbbl3viAVah+NuMb3IPjKP/wp65kzsJ7f2TAeuYSuBysvWqnL/n3OfqeTpxO8A8Pgi6EL0d6T37AncglGjeXcNXaiy6sv02S6enSKWxaFVfKS2QJTAnRK75UIYgLckbXprLQH2BrsJvBNSDDaqZ/9472KKOo9NULqsmztC/Ndmnmv5a4K9wsnbwjXPZ+mH4gOh1RUEiLoZhlIPQeFvqzeCjNwuN4cumOfWpLWPVoD4+tTL7ihMBA/R94L/J8JwaarKLa0fTE4U4UQA5zDoTj/PeAWxuPrNG7XJHORiqUKbKCm5Ss/pYtw4JFuQOKzzWowmctyStsk7BPh+cxfbSWn7WxZ1lkjWAxjy1iEESqkgXgz3M5/oEaCNlvHS8Cv5m5/0NFqYPG0tPj2A0vCkIHj7RzoG29zXlECBycyAbUJw9U6/WmJcEXjLhu12PbavHo0j23eU1FHZc5oOvRMEh2i330Oqon8ygNOd82aV8a6s1HMtnvMI/iambQRNJQzut+T/yCZ5BTtV8SdiAPYiTd7A+TZXfydgleVKseV7/76zHWtvgJ92TW4orgHWjLMCxeyaVJx8jBAMMEw7w=
x-ms-office365-filtering-correlation-id: 4b22a517-108b-4d4b-a486-08d4be3ec818
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM5PR09MB1306;
x-ms-traffictypediagnostic: DM5PR09MB1306:
x-microsoft-antispam-prvs: <DM5PR09MB1306E79A82B6E3084CEE09F3F0DD0@DM5PR09MB1306.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(151999592597050)(278178393323532)(120809045254105)(26388249023172)(236129657087228)(192374486261705)(788757137089)(48057245064654)(148574349560750)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123555025)(20161123564025)(20161123562025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR09MB1306; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR09MB1306;
x-forefront-prvs: 03524FBD26
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39410400002)(39850400002)(39450400003)(39860400002)(39840400002)(39400400002)(377424004)(22974007)(377454003)(3660700001)(6246003)(6436002)(76176999)(50986999)(2351001)(74316002)(54356999)(478600001)(5630700001)(966005)(19609705001)(2950100002)(15650500001)(2501003)(38730400002)(236005)(55016002)(14454004)(110136004)(53936002)(5640700003)(54906002)(9686003)(7696004)(6916009)(33656002)(6506006)(53386004)(39060400002)(99286003)(6306002)(54896002)(53546010)(5660300001)(4326008)(8936002)(7110500001)(189998001)(2906002)(6116002)(14971765001)(25786009)(3280700002)(2900100001)(81166006)(1730700003)(8676002)(230783001)(77096006)(3846002)(229853002)(2420400007)(102836003)(7736002)(790700001)(10710500007)(86362001)(66066001)(606006); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR09MB1306; H:DM5PR09MB1307.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR09MB1307894D9221B0497441BF96F0DD0DM5PR09MB1307namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jun 2017 16:00:21.8670 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR09MB1306
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/UcEEuIYmoLstzFiUe-wlElCZ_O8>
Subject: Re: [mile] [sacm] Fwd: New Version Notification for draft-mandm-sacm-rolie-configuration-checklist-00.txt
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jun 2017 16:00:30 -0000
All,
I finished my review of this document and had some personal feedback/would like to start some discussion. I’d also like to pose a question to the group/authors: would it be valuable to produce a standard template for ROLIE Extensions? We could create a template that would enumerate the required and optional sections, and discuss the intended content of each section. If this would provide value to anyone I’d be willing to put it together.
Introduction:
How would ROLIE fit into the checklist ecosystem you describe here? I understood your explanation of how these checklists may be used in general, but not how they may be used/published/downloaded from a ROLIE repository.
New information-types
I had a hard time trying to pin down what exactly would fall under the “configuration-checklist” information type given the description here. I think the list of configuration checklist components threw me off. For example: ‘ A “Value” ’. What is the definition of value here? Is a standalone “Value” a valid configuration-checklist information type? Some of these things seem like valid checklist content, like rules and profiles, but I didn’t see where the rest fit the definition given at the head of the section.
In ROLIE SWD and ROLIE CSIRT, we provide a list of example information that could be, if placed into <content> by themselves, classified as the information type in question, rather than the components that make up that information type. That approach may make it easier for me to understand the configuration checklist information type at a higher level.
Usage of Configuration Checklist Information in the Atom Publishing
Protocol
The first paragraph talks about “these requirements” but no requirements are listed in this section. I may have misunderstood the XML snippet at the bottom of this section, however.
The 'atom:content' Element
The serialization type is provided as a MIME type in the content element, so it doesn’t need to be declared in the specification. If a serialization has some bearing on other requirements, the MIME type should probably be referenced so that your requirement is machine enforceable.
The 'rolie:format' Element’
The format element describes the data model in use, not the serialization. If I understand correctly (I may not), at it stands today the relevant data model for this information-type is XCCDF and maybe OVAL, which could be serialized in XML, JSON, and if you’re really creative, even Excel, Word, and PDF. Discussing these data models would probably help me pin down what the configuration checklist information type entails as well.
Configuration checklist metadata included in the 'rolie:property'
Element
So after looking through these we’ve realized that some of them would be valuable to include in the ROLIE core specification. I’ve sent an email to the MILE list to request the addition of “content-version”, “content-id”, and “content-published-date”. These would replace your “checklist version”, ”title”, and “publication date” properties, respectively. We also already have a “content-author” property, so you needn’t register “author”.
For the rest of the properties, I would note that property names can’t have spaces in them, as they form a URN (e.g. urn:ietf:params:rolie:property:content-author-name).
Is the product category property intended for human or machine consumption? A non-standardized open world plain text description seems dangerously vague for machine consumption. If this is something that is important to this extension, a new IANA table where each of these categories are enumerated and described would be a good solution.
Depending on how these product categories are used, also consider registering them as categories instead of properties. I’m not sure if these values are more commonly used as organizing buckets or just as additional identifying information.
Atom:link Registrations
You can have 0..n of any given link element.
These registrations would take place at https://www.iana.org/assignments/link-relations/link-relations.xhtml, which is designed to hold general purpose link relations. As described in the ROLIE core link extension point section, domain specific link relations shouldn’t be registered to this table.
It would be helpful for me if you explicitly defined what you mean by “conformance”. Is this implementation or usage conformance?
IANA Considerations
I’m unclear on what the “New IANA table for "ROLIE Entry Format"” block of text is meant to be. Is this a new table registration? ROLIE core doesn’t establish a table for registering formats. CVRF and CVE are probably not relevant formats for configuration checklists regardless right? I would imagine those are formats used to describe some future “vulnerability” information type.
The reference field of the information type registration should contain a reference to “this document”, to satisfy the registration requirement. The registrations for links, properties, and categories will have to be listed here at some point as well.
Thanks,
Stephen Banghart
From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Adam Montville
Sent: Friday, June 16, 2017 11:20 AM
To: sacm@ietf.org
Subject: [sacm] Fwd: New Version Notification for draft-mandm-sacm-rolie-configuration-checklist-00.txt
Not necessarily for immediate review, but we've submitted a ROLIE extension for configuration checklists. This is intended to get the conversation started at some point.
---------- Forwarded message ---------
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Fri, Jun 16, 2017 at 10:07 AM
Subject: New Version Notification for draft-mandm-sacm-rolie-configuration-checklist-00.txt
To: Bill Munyan <bill.munyan.ietf@gmail.com<mailto:bill.munyan.ietf@gmail.com>>, Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>>
A new version of I-D, draft-mandm-sacm-rolie-configuration-checklist-00.txt
has been successfully submitted by Adam Montville and posted to the
IETF repository.
Name: draft-mandm-sacm-rolie-configuration-checklist
Revision: 00
Title: Definition of the ROLIE configuration checklist Extension
Document date: 2017-06-16
Group: Individual Submission
Pages: 10
URL: https://www.ietf.org/internet-drafts/draft-mandm-sacm-rolie-configuration-checklist-00.txt
Status: https://datatracker.ietf.org/doc/draft-mandm-sacm-rolie-configuration-checklist/
Htmlized: https://tools.ietf.org/html/draft-mandm-sacm-rolie-configuration-checklist-00
Htmlized: https://datatracker.ietf.org/doc/html/draft-mandm-sacm-rolie-configuration-checklist-00
Abstract:
This document extends the Resource-Oriented Lightweight Information
Exchange (ROLIE) core by defining a new information-type to ROLIE's
atom:category pertaining to security configuration checklists.
Additional supporting requirements are also defined which describe
the use of specific formats and link relations pertaining to the new
information-type.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.
The IETF Secretariat
- Re: [mile] [sacm] Fwd: New Version Notification f… Banghart, Stephen A. (Fed)
- Re: [mile] [sacm] Fwd: New Version Notification f… Adam Montville
- Re: [mile] [sacm] Fwd: New Version Notification f… Adam Montville