IETF Logo Mail Archive

Re: [mile] Working group last call for ROLIE

"Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov> Thu, 20 April 2017 15:57 UTC

Return-Path: <stephen.banghart@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5391129513 for <mile@ietfa.amsl.com>; Thu, 20 Apr 2017 08:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLvJpTo4WSRP for <mile@ietfa.amsl.com>; Thu, 20 Apr 2017 08:57:55 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0119.outbound.protection.outlook.com [23.103.201.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60FEA129494 for <mile@ietf.org>; Thu, 20 Apr 2017 08:57:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=jdx7p7J7XOUAdMtycgIdlG4Hsi3LLEZhsZrVzOhQ4SU=; b=bybGlUF5oV+cKAi1MBSHyBubk/IqniYda4OHgGSp2XS8uiC6rM3BTD07AP5N9oi7Gu7pm/KTlHJmQZEuP7+zTFdkhTB+Y9Wja0n8xNkZQhqqMKvQXZQWEqs+cRo2iQbpzNXOa7POCG/Bl+0CO7KIBzA6jVu5T1BVIB9jv912ZVo=
Received: from DM5PR09MB1307.namprd09.prod.outlook.com (10.172.34.141) by DM5PR09MB1306.namprd09.prod.outlook.com (10.172.34.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Thu, 20 Apr 2017 15:57:53 +0000
Received: from DM5PR09MB1307.namprd09.prod.outlook.com ([10.172.34.141]) by DM5PR09MB1307.namprd09.prod.outlook.com ([10.172.34.141]) with mapi id 15.01.1034.018; Thu, 20 Apr 2017 15:57:53 +0000
From: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
To: Adam Montville <adam.w.montville@gmail.com>, "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [mile] Working group last call for ROLIE
Thread-Index: AQHSqBrX3wNPiZjeRUuG2OC1scqiSqHNIUEAgAFlU4A=
Date: Thu, 20 Apr 2017 15:57:53 +0000
Message-ID: <DM5PR09MB1307253E0E2F0707B83A06DCF01B0@DM5PR09MB1307.namprd09.prod.outlook.com>
References: <CC7AB8C2-66EC-4B75-9CFA-F9A1D7A9C46D@cisco.com> <CACknUNWg=1ZCtaajq8HzFtMboiZ8L7W1jiUvnDf+n9EuUr3gYw@mail.gmail.com>
In-Reply-To: <CACknUNWg=1ZCtaajq8HzFtMboiZ8L7W1jiUvnDf+n9EuUr3gYw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.227.79]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR09MB1306; 7:fXqGdZB3v94b2Vw9snuicNU1jE9FDJ5KLph7i42z5I0X6q3sS9c1JdwTNr5UlAgSPsKpNwOaFOid6QjOTCQ7FVXeUI5fgwWKASHT1g/djnSAcpAd/k16WcdJIzjGJnFAw+lQjCbu5sZmtPFHPsVC5csbEVZgyZeairlYq2oQAlynO0/61r7Sl+mwPvrInStBpFRM+Lqa76O49m/0HR3ICDrlf922C2SmAFNCtQ2eiFvycEh+g8s0cyhzJMC71Kr0MizGfVQogbB3Qj9BobLQuspS0S8IJFMJ453KpdDvgeql7v2hBHjQPYz3WunXbNmTHXoNAVf+YvK98foRb8KcMw==
x-ms-office365-filtering-correlation-id: 57fe420c-d6bb-4083-287e-08d488060107
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:DM5PR09MB1306;
x-microsoft-antispam-prvs: <DM5PR09MB13068651078B408D3284B727F01B0@DM5PR09MB1306.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(72170088055959)(131327999870524)(95692535739014)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123562025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(6072148); SRVR:DM5PR09MB1306; BCL:0; PCL:0; RULEID:; SRVR:DM5PR09MB1306;
x-forefront-prvs: 02830F0362
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39450400003)(39850400002)(39410400002)(39400400002)(39860400002)(39840400002)(24454002)(189002)(377454003)(199003)(51914003)(53754006)(189998001)(53936002)(86362001)(6436002)(606005)(9686003)(2950100002)(99286003)(76176999)(50986999)(2501003)(7696004)(55016002)(19609705001)(6506006)(6246003)(54356999)(54896002)(229853002)(6306002)(2906002)(236005)(77096006)(790700001)(102836003)(3846002)(3280700002)(6116002)(5660300001)(33656002)(74316002)(122556002)(39060400002)(81166006)(7906003)(7736002)(8676002)(4326008)(25786009)(8936002)(66066001)(38730400002)(53546009)(2900100001)(3660700001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR09MB1306; H:DM5PR09MB1307.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR09MB1307253E0E2F0707B83A06DCF01B0DM5PR09MB1307namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Apr 2017 15:57:53.1878 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR09MB1306
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/lVe3KzbzFsQYUc9dlQmT0OrBMWQ>
Subject: Re: [mile] Working group last call for ROLIE
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 15:57:59 -0000

Hey Adam,

Thanks for the review, responses inline.

-Stephen

From: mile [mailto:mile-bounces@ietf.org] On Behalf Of Adam Montville
Sent: Wednesday, April 19, 2017 2:14 PM
To: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>; mile@ietf.org
Subject: Re: [mile] Working group last call for ROLIE

Hi all.

I've read through the entire draft and found it to be a decent draft. Keep in mind that I've not attempted an implementation, and must rely on implementers to pick out any technical impacts from this specification. That said, I have two broad categories of feedback. The first includes suggestions and concerns that are something more than nits. The second are really just nits and stylistic (i.e. take them or leave them) types of concerns.

Suggestions/Concerns More Than Nits...

Page 6: There are two similar terms in the second paragraph of section 4.2: "endpoint management system" and "endpoint monitoring system". Are they intended to be distinct, or interchangeable in this context? I could conclude either way, but if they are intended to be interchangeable, then I recommend picking and using one.

They were originally meant to be interchangeable, I’ve changed them both to “endpoint management system” to avoid confusion.

Page 10: I've probably missed something along the way -- perhaps out of a secdir lunch or other discussion -- but it really seems like section 5.3 could be dramatically reduced by saying, follow RFC7589. There are a lot of non-ROLIE-specific things happening in this section, which mostly amount to good practice overall (so I don't necessarily mind having the information in here), but imagine this information being available in every draft intended to be, in part, secured using TLS. That sounds like a nightmare for managing requirements.

We’ve selectively chosen pieces out of RFC7589 to put into ROLIE, so referencing the whole document may include unintended requirements. That said, there may be a way to shorten this section slightly if you are concerned about section length.

Page 11: First paragraph at the top of that page (part of section 5.3) says, "The server MUST support certificate-based client authentication..." Why is this not a SHOULD? Yes, we'd like them to, but there are perfectly valid cases where they needn't support client authentication. Of course, if a proper TLS server implementation does this already, then my previous comment applies here as well.

Page 11: First pargraph of section 5.4. A similar concern to the previous, the first sentence reads, "Implementations MUST support user authentication." Why not SHOULD? Again, there are valid cases where authentication is not, strictly speaking, needed.

We decided that implementations MUST support the authentication in both of these cases to maintain secure interoperability between implementations. A given ROLIE repo does not have to actually use the authentication. Panos had similar comments to these two as well, so I’ve added a paragraph in section 2 that clarifies that all requirements in the ROLIE specification are conformance requirements for implementations, and are not usage requirements.

Page 12: Section 5.5 treats GET and POST, but ignores the other methods that may be treated similarly by stating, in section 5.6, "Servers MAY accept request methods beyond those specified in this document." Do we really want to leave those undefined? PUT? DELETE? I'm not an expert in this area, but PUT could be treated similarly to POST. DELETE is probably something that SHOULD be implemented only for user agents properly authenticated and authorized, etc.

Section 5.5 only applies to requests sent to the “/” resource to maintain RID compatibility. GET,POST,PUT,DELETE,etc are all defined for general usage in the Atom Publishing Protocol specification

Sections 6.1 and 6.2 and maybe others I can't recall: These sections provide an informative syntax for a given element that is a "stricter representation" than the original RFC, but they don't ever really state which part of that element is stricter, which forces the reader out to that original RFC. If there is a way to make the statement right there, please do so.

The definitions for elements we’ve provided in ROLIE are full definitions, so a reader shouldn’t need to flip back to RFC4287 in order to get the whole picture. Any element defined in ROLIE does a full override of the 4287 element, and any element not defined in ROLIE fully inherits from 4287. Would it help if I added some text describing that relationship in more detail somewhere?

Page 15: First sentence of section 6.1.3 indicates that "the atom:updated element MUST be populated with the current time at the instant the Feed representation was last updated..." Is "instant" sufficient definition?

Time being the beast that it is I’m not sure how to better describe the requirement. Do you have any suggestions/recommendations on how to define it?

Nits and Such...

Page 5: Second sentence of section 3.2. Strike "However, " from the beginning.

Changed

Page 5: Last sentence of section 3.2. Proposed change: "A non-normative RELAX NG Compact Schema..." or "An informative RELAX NG Compact Schema..."

Added

Page 5: Last sentence of only paragraph in Section 4 (proper). Proposed change: "...human-in-the-loop sharing arise...". It just reads funny (to me) using "become apparent" followed by something else that "becomes apparent".

Agreed, changed the sentence to avoid the repetition.

Page 19: First sentence of first bullet point in section 6.2.5. Proposed change: "...have an atom:link element...".

Changed

Page 26: Last sentence in first paragraph of section 9. Proposed change: "...All that follows is guidance.  More specific instruction is out of scope for this document."

Changed

Page 26: The term CSIRT is used in the last paragraph on this page. Not sure whether we would prefer to use a more generalized example, as CSIRTs may not be the only type of sharing consortium.

Agreed, changed to “consortium”.

Kind regards,

Adam

On Tue, Mar 28, 2017 at 6:27 PM Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>> wrote:
Colleagues,

Given the significant changes made to the last draft, we are doing another 30day WGLC for
https://tools.ietf.org/html/draft-ietf-mile-rolie-06

Please provide comments before May 1st and provide your support and/ or raise any issue you feel are yet to be addressed.

Regards, Nancy
_______________________________________________
mile mailing list
mile@ietf.org<mailto:mile@ietf.org>
https://www.ietf.org/mailman/listinfo/mile

v2.23.0 | Report a Bug | By Email