Re: [mile] Clarifying iodef:SoftwareType (Issue #47)
Jerome Athias <athiasjerome@gmail.com> Wed, 25 March 2015 08:10 UTC
Return-Path: <athiasjerome@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90EB41ACE0C for <mile@ietfa.amsl.com>; Wed, 25 Mar 2015 01:10:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bxC6a3J7oRTo for <mile@ietfa.amsl.com>; Wed, 25 Mar 2015 01:10:22 -0700 (PDT)
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3E1C1A1B39 for <mile@ietf.org>; Wed, 25 Mar 2015 01:10:21 -0700 (PDT)
Received: by wgdm6 with SMTP id m6so17901686wgd.2 for <mile@ietf.org>; Wed, 25 Mar 2015 01:10:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=yzynv9Tzup4NO4mlHYSlHt9/DGT0SNhouSye57xnf94=; b=00+vVpqKj3X3AZUe4Hm7yKh9of6cD2NFLGSDWXcgtDhjCRo/dgvjUzy0RgtzM5QaKX B5Jl7Vdl+VGgmrhdxqbt1B77i2N2UUiIXy+GhaI/6ck0vviqHutu+ftHXzJh/zRF1U1w kyRjZ4jAuFTn0oKWzwQxV5fWHAB2rCmxNbQkx3q7X7N87eVKUUAi+d9i7ej2ZyY9+D4v oPCbkKQVhCXX/iF7zmtnJWPNyOgdBVCpiIyXTQTt3+baiKLR1LffOqDw2BQeO/Z5yPLc Ijc5eCYDGriAF7OMuHpgasYkDgbZq3vUA7sRZ8wPOY4iZzWrx07uDuQuYTfw325VynKJ 2JbA==
MIME-Version: 1.0
X-Received: by 10.180.24.233 with SMTP id x9mr36426985wif.9.1427271020765; Wed, 25 Mar 2015 01:10:20 -0700 (PDT)
Received: by 10.28.218.73 with HTTP; Wed, 25 Mar 2015 01:10:20 -0700 (PDT)
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFCD93D2DE8@marathon>
References: <359EC4B99E040048A7131E0F4E113AFCD93D2DE8@marathon>
Date: Wed, 25 Mar 2015 09:10:20 +0100
Message-ID: <CAA=AuEdi+G=ML67NGvmkEzV34D0YEFjQ3MEb6NJ_Rc2PnmzvQg@mail.gmail.com>
From: Jerome Athias <athiasjerome@gmail.com>
To: "Roman D. Danyliw" <rdd@cert.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/tXwO-zi_4B2_lNf9xA6hRsHoXCk>
Cc: "mile@ietf.org" <mile@ietf.org>
Subject: Re: [mile] Clarifying iodef:SoftwareType (Issue #47)
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 08:10:27 -0000
Hi (4) seems the best approach IMHO for now (would allow use of OVAL/CPE, SWID, or any others. And the "any others" is needed.) Warning regarding OVAL vs IODEF-SCI (4.5.2.) for the -Platform- definition and use: different Little warning regarding "Application" vs "Software" Note: a IANA registry tentative would be difficult, IMHO, and not flexible enough (potentially too restrictive) IF the extension mechanism is not allowing others (e.g. own organisation classification/categories). Furthermore, I'm not sure a IANA registry with just 2 entries would need effort put in it. Cristal clear recommandations/guidances for use of CPE or SWID could be enough. (2) is not free Any stats on real/current usage rate of SWID? PS: SWID->CPE mapping is possible My 2c for now Best regards 2015-03-24 20:55 GMT+01:00 Roman D. Danyliw <rdd@cert.org>: > Good afternoon! > > One of the remaining issues with rfc5070bis is to clarify the iodef:SoftwareType. See Issue #47 [1]. We discussed this impasse in Honolulu [2]. > > --[ snip discussion from IETF 91 ]-- > Q1: (Roman Danyliw) Last mailing list discussion on clarifying iodef:Software produced no result. What does the group want to do? > A: (David Waltermire) Extensibility is key dimension. Consider just using swid and reference the ISO standard. Alternatively, redefine the class to be AdditionalData. > A: (Adam Monteville) Reiterated the importance of extensibility > A: Isn't swid support already in the spec? > A: (Roman Danyliw) There is an attribute named "swid" but this comes from RFC5070 which just happened to use this name without reference to the ISO standard. > A: (Takeshi Takahashi) IODEF-SCI can embed SWID and CPE as well, but the context is different; it is added under AdditionalData. If we need the data here, we could make a model here like the SCI draft does. > --[ end snip ]-- > > The four options mentioned to date (not just at IETF 91) are: > > (1) Use OVAL [3] > > (2) Use swid referencing ISO/IEC 19770-2:2009 (with XML schema at [4]) > > (3) Don't define it and use AdditionalData > > (4) Support mutiple techniques to reference software in the same way (like IODEF-SCI and ENUM) > > Approach (1) and (2) are require little further explanation. Hence, let me describe (3) in more detail. > > The thinking would be to create an IANA registry to maintain a list of external references, in this case application reference techniques (e.g., swid and CPE), just like IODEF-SCI and ENUM current do. The class using this technique might look as follows: > +---------------------+ > | Application | > +---------------------+ > | ENUM SpecID |<>--(0..*)-[ SpecData ] > | STRING ext-SpecID | > | | > +---------------------+ > > ** SpecID would map to an IANA registry of application reference techniques > ** ext-SpecID would allow for private enumerated value extensions as currently done in the draft > ** SpecData would be defined as follows allowing both XML or atomic data types such as a string. > <xs:complexType name="AppIdType" mixed="true"> > <xs:sequence> > <xs:any namespace="##any" processContents="lax" > minOccurs="0" maxOccurs="unbounded"/> > </xs:sequence> > > In the same way that the general purpose ENUM approach was useful to SACM and MILE, SACM has also expressed interest in a common approach on this class too. > > What does the community feel is the correct approach? > > Roman > > [1] http://trac.tools.ietf.org/wg/mile/trac/ticket/47 > [2] http://www.ietf.org/proceedings/91/minutes/minutes-91-mile > [3] https://nvd.nist.gov/cpe.cfm > [4] http://standards.iso.org/iso/19770/-2/2009/schema.xsd > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile
- [mile] Clarifying iodef:SoftwareType (Issue #47) Roman D. Danyliw
- Re: [mile] Clarifying iodef:SoftwareType (Issue #… Adam W. Montville
- Re: [mile] Clarifying iodef:SoftwareType (Issue #… Tony Rutkowski
- Re: [mile] Clarifying iodef:SoftwareType (Issue #… Sean Turner
- Re: [mile] Clarifying iodef:SoftwareType (Issue #… Jerome Athias
- Re: [mile] Clarifying iodef:SoftwareType (Issue #… Takeshi Takahashi
- Re: [mile] Clarifying iodef:SoftwareType (Issue #… Roman D. Danyliw
- Re: [mile] Clarifying iodef:SoftwareType (Issue #… Sean Turner
- Re: [mile] Clarifying iodef:SoftwareType (Issue #… Cheikes, Brant A.