Re: [Panic] Scope Draft is Available

Robert Moskowitz <rgm-sec@htt-consult.com> Mon, 26 June 2017 18:57 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AACAD12EB45 for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 11:57:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.742
X-Spam-Level:
X-Spam-Status: No, score=-2.742 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1L8kvV9GiQE for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 11:57:36 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB4B012EB39 for <Panic@ietf.org>; Mon, 26 Jun 2017 11:57:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 8C46A62251; Mon, 26 Jun 2017 14:57:32 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 0zhx3qvcegae; Mon, 26 Jun 2017 14:57:15 -0400 (EDT)
Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 7D25162250; Mon, 26 Jun 2017 14:57:14 -0400 (EDT)
To: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com> <MWHPR09MB14406D7D3B3505F6DD476366F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <D4EE3E29-4B4D-4B64-8328-2755E1E17353@telefonica.com> <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com> <3c2c18cd-90a5-ed7f-d803-f2906f3d116b@htt-consult.com> <MWHPR09MB1440989ACF09FB9BADB8747EF0C10@MWHPR09MB1440.namprd09.prod.outlook.com> <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
Cc: "Panic@ietf.org" <Panic@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <82f03907-617c-3317-7386-ff35008f50c6@htt-consult.com>
Date: Mon, 26 Jun 2017 14:57:12 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------74E4240DC38512EDF784BF6D"
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/4wGHr-DbjAlvjkMAkl52UZcyC5Y>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 18:57:41 -0000

Jessica,

Thanksfor updating the draft.  I will give it a read.  Along with dozen 
others I have to get done!  :)

Deadlines.  You have to love 'em.

Bob


On 06/26/2017 10:47 AM, Jessica Fitzgerald-McKay wrote:
> All,
> I have posted an updated draft scope here: 
> https://datatracker.ietf.org/doc/html/draft-waltermire-panic-scope-02.
>
> I think we have addressed most of the issues brought up on list. I do 
> not feel I adequately addressed making NAT out of scope (per Daniel's 
> request) and would like some help on that.
>
> Bob, to your questions on the relationship between our work and 
> netconf, I think that we could best focus our time on extending YANG 
> to meet the requirements we derive from this scoping statement. So, I 
> stated that explicitly in this draft. I'd like to get feedback from 
> the group on that approach, so please chime in if you 
> like/dislike/love/loathe that idea.
>
> Thanks,
> Jess
>
> On Fri, Jun 16, 2017 at 3:11 PM, Waltermire, David A. (Fed) 
> <david.waltermire@nist.gov <mailto:david.waltermire@nist.gov>> wrote:
>
>     Hi Bob,
>
>     Thanks for asking. We have been working on an update. We hope to
>     post it soon addressing the feedback we have received so far,
>     including addressing the comments from your other email today.
>
>     Thanks,
>
>     Dave
>
>     *From:*Robert Moskowitz [mailto:rgm-sec@htt-consult.com
>     <mailto:rgm-sec@htt-consult.com>]
>     *Sent:* Thursday, June 15, 2017 4:38 PM
>     *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov
>     <mailto:david.waltermire@nist.gov>>; Diego R. Lopez
>     <diego.r.lopez@telefonica.com <mailto:diego.r.lopez@telefonica.com>>
>
>
>     *Cc:* Panic@ietf.org <mailto:Panic@ietf.org>; Panos Kampanakis
>     (pkampana) <pkampana@cisco.com <mailto:pkampana@cisco.com>>
>     *Subject:* Re: [Panic] Scope Draft is Available
>
>     David,
>
>     Do you have an update to your draft?
>
>     I don't see anything past the Apr 11 01.txt draft.
>
>     thanks
>
>     On 05/19/2017 10:09 AM, Waltermire, David A. (Fed) wrote:
>
>         Diego, thanks for the edits.
>
>         All,
>
>
>         I am going to drop this text into an update of the scope
>         draft. I’ll wait until Monday to work on posting the draft
>         update. Please let me know if any other changes to the draft
>         are desired.
>
>         Thanks,
>
>         Dave
>
>         *From:*Panic [mailto:panic-bounces@ietf.org] *On Behalf Of
>         *Diego R. Lopez
>         *Sent:* Friday, May 19, 2017 2:23 AM
>         *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov>;
>         <mailto:david.waltermire@nist.gov>
>         *Cc:* Panic@ietf.org <mailto:Panic@ietf.org>; Panos Kampanakis
>         (pkampana) <pkampana@cisco.com>; <mailto:pkampana@cisco.com>
>         *Subject:* Re: [Panic] Scope Draft is Available
>
>         Hi,
>
>         I agree with David’s proposal, with just a few minor changes
>         with respect to the original text, to make it more general,
>         completely covering the virtual cases (NFV) and eliminating
>         the term “device” to avoid too many equivalences...
>
>         Network operators need to know what is connected to their
>         organization's networks so that they can properly manage those
>         network elements. Managing these network endpoints, consisting
>         of physical and virtual network infrastructure, requires
>         access to information pertaining to them, including endpoint
>         identity, the identity of software installed on the element,
>         and the configuration setting values for the installed
>         software. This information can be collected from different
>         classes of elements over different protocols and using
>         different data models. PANIC will identify a standardized
>         solution to collect posture information for network element,
>         and allow that information to be shared with authorized users
>         and elements on the network supporting security automation.
>         PANIC aims to reuse available standards for posture assessment
>         where possible. The PANIC effort will avoid redefining
>         information exchange technologies for use cases that have
>         already been defined.
>
>         Be goode,
>
>             On 18 May 2017, at 20:01 , Waltermire, David A. (Fed)
>             <david.waltermire@nist.gov
>             <mailto:david.waltermire@nist.gov>> wrote:
>
>             Panos, thanks for providing text.
>
>             We have participants that are approaching this problem
>             space that are accustomed to using endpoint and network
>             element. How about the following introduction text to draw
>             an equivalence between these terms?
>
>             Network operators need to know what is connected to their
>             organization's networks so that they can properly manage
>             those network elements. Managing these network elements,
>             consisting of physical and virtual network infrastructure
>             devices, requires access to information pertaining to
>             these endpoint devices, including device identity, the
>             identity of software installed on the endpoint, and the
>             configuration setting values for the installed software.
>             This information can be collected from different classes
>             of endpoints over different protocols and using different
>             data models. PANIC will identify a standardized solution
>             to collect posture information for network devices, and
>             allow that information to be shared with authorized users
>             and devices on the network supporting security automation.
>             PANIC aims to reuse available standards for posture
>             assessment where possible. The PANIC effort will avoid
>             redefining information exchange technologies for use cases
>             that have already been defi
>             ned.
>
>             Also, I added your text to the security considerations
>             section. I will post this in the -02 revision once we sort
>             out the Introduction.
>
>             Thanks,
>             Dave
>
>
>
>                 -----Original Message-----
>                 From: Panos Kampanakis (pkampana)
>                 [mailto:pkampana@cisco.com]
>                 Sent: Thursday, May 18, 2017 12:30 PM
>                 To: Waltermire, David A. (Fed)
>                 <david.waltermire@nist.gov
>                 <mailto:david.waltermire@nist.gov>>; Panic@ietf.org
>                 <mailto:Panic@ietf.org>
>                 Subject: RE: Scope Draft is Available
>
>                 ACK. Below some proposed text:
>
>                 For the Security Considerations Section:
>                   Further discussion here will address the threat
>                 introduced to the network
>                 elements by the posture information collection. There
>                 should be protections
>                 implemented to prevent the element from being
>                 vulnerable to DoS attacks
>                 by frequent polling or pushing of posture data.
>
>                 For the Introduction Section:
>                   ...automation. PANIC aims to reuse available
>                 standards for posture
>                 assessment where possible. It will avoid redefining
>                 info exchange
>                 technologies for usecases that have already been defined.
>
>                 For the Introduction Section:
>                   ...manage those
>                   endpoints. Endpoints / Elements include hardware,
>                 software of virtual
>                 network infrastructure devices.
>
>
>
>
>
>                 hardware, software or virtual (NFV fails in this
>
>
>                     category)
>
>
>
>                 -----Original Message-----
>                 From: Waltermire, David A. (Fed)
>                 [mailto:david.waltermire@nist.gov
>                 <mailto:david.waltermire@nist.gov>]
>                 Sent: Thursday, May 18, 2017 10:59 AM
>                 To: Panos Kampanakis (pkampana) <pkampana@cisco.com
>                 <mailto:pkampana@cisco.com>>; Panic@ietf.org
>                 <mailto:Panic@ietf.org>
>                 Subject: RE: Scope Draft is Available
>
>                 Panos,
>
>                 Thank you for providing feedback on the PANIC scope draft.
>
>                 Comments are inline below.
>
>
>
>                     -----Original Message-----
>                     From: Panos Kampanakis (pkampana)
>                     [mailto:pkampana@cisco.com]
>                     Sent: Thursday, May 18, 2017 10:37 AM
>                     To: Waltermire, David A. (Fed)
>                     <david.waltermire@nist.gov
>                     <mailto:david.waltermire@nist.gov>>;
>                     Panic@ietf.org <mailto:Panic@ietf.org>
>                     Subject: RE: Scope Draft is Available
>
>                     Hi David,
>
>                     The document is clear.
>
>                     One semantic objection I have is about the use of
>                     the word endpoint. I
>                     believe the term is commonly used for user
>                     machines (laptops, cells,
>                     tablets) . Network element or element is a little
>                     clearer.
>
>
>                 I don't have a dog in this fight. I am happy to go
>                 either way (e.g., endpoint,
>                 network element) if there is a preference in the group
>                 for one term or the
>                 other. I'd like to hear other opinions on this.
>
>
>
>                     A susggestion: The security section could mention
>                     the importance of
>                     not introducing security concerns with the posture
>                     info collection.
>                     For example a device should not be DoSable by too
>                     many polls, or it
>                     should not push often enough that would introduce
>                     performance concerns
>
>                 etc.
>
>                 I think this is a good idea. Do you have some text in
>                 mind to drop in?
>
>
>
>                     I think it will also be beneficial to be explicit
>                     about the types of
>                     network elements. In the broad technologies that
>                     exist today, these
>                     elements could be hardware, software or virtual
>                     (NFV fails in this
>                     category). All of those should be in scope for
>                     this work.
>
>
>                 All of these are in scope in my view.
>
>
>
>                     Side comment: I would like this standardization
>                     effort to try to reuse
>                     data formats and transports wherever possible and
>                     not come up with new
>                     posture information descriptions. I think this is
>                     a common goal that
>                     SACM has as well.
>
>
>                 I share this goal as well. Should we document this in
>                 the draft?
>
>
>
>                     Thanks,
>                     Panos
>
>
>                 Regards,
>                 Dave
>
>
>
>                     -----Original Message-----
>                     From: Panic [mailto:panic-bounces@ietf.org] On
>                     Behalf Of Waltermire,
>                     David A. (Fed)
>                     Sent: Monday, May 15, 2017 11:03 AM
>                     To: Panic@ietf.org <mailto:Panic@ietf.org>
>                     Subject: [Panic] Scope Draft is Available
>
>                     Welcome to the posture assessment through network
>                     information
>                     collection
>                     (PANIC) email list. At the side meeting on March
>                     29th, we started
>                     discussing the problem of how to measure the
>                     health of network
>                     devices. We discussed the need to collect posture
>                     information from
>                     network devices to support asset, software,
>                     vulnerability, and
>                     configuration management use cases. We were asked
>                     by the group to
>                     share a more detailed description of the intended
>                     scope for the PANIC
>                     effort. The follow draft is an attempt to do
>                     so:
>
>                     https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/
>                     <https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/>
>
>                     We would appreciate review of and comments on this
>                     draft. At this
>                     point, we want to know if the this scope clearly
>                     defines the problem to be
>
>                 solved.
>
>
>                     Please let us know if you have any questions or
>                     concerns, or if you
>                     think the scope draft is adequate.
>
>                     Regards,
>                     David Waltermire
>
>                     _______________________________________________
>                     Panic mailing list
>                     Panic@ietf.org <mailto:Panic@ietf.org>
>                     https://www.ietf.org/mailman/listinfo/panic
>                     <https://www.ietf.org/mailman/listinfo/panic>
>
>
>             _______________________________________________
>             Panic mailing list
>             Panic@ietf.org <mailto:Panic@ietf.org>
>             https://www.ietf.org/mailman/listinfo/panic
>             <https://www.ietf.org/mailman/listinfo/panic>
>
>         --
>         "Esta vez no fallaremos, Doctor Infierno"
>
>         Dr Diego R. Lopez
>         Telefonica I+D
>         http://people.tid.es/diego.lopez/
>         <http://people.tid.es/diego.lopez/>
>
>         e-mail: diego.r.lopez@telefonica.com
>         <mailto:diego.r.lopez@telefonica.com>
>         Tel:    +34 913 129 041
>         Mobile: +34 682 051 091
>         ----------------------------------
>
>         ------------------------------------------------------------------------
>
>
>         Este mensaje y sus adjuntos se dirigen exclusivamente a su
>         destinatario, puede contener información privilegiada o
>         confidencial y es para uso exclusivo de la persona o entidad
>         de destino. Si no es usted. el destinatario indicado, queda
>         notificado de que la lectura, utilización, divulgación y/o
>         copia sin autorización puede estar prohibida en virtud de la
>         legislación vigente. Si ha recibido este mensaje por error, le
>         rogamos que nos lo comunique inmediatamente por esta misma vía
>         y proceda a su destrucción.
>
>         The information contained in this transmission is privileged
>         and confidential information intended only for the use of the
>         individual or entity named above. If the reader of this
>         message is not the intended recipient, you are hereby notified
>         that any dissemination, distribution or copying of this
>         communication is strictly prohibited. If you have received
>         this transmission in error, do not read it. Please immediately
>         reply to the sender that you have received this communication
>         in error and then delete it.
>
>         Esta mensagem e seus anexos se dirigem exclusivamente ao seu
>         destinatário, pode conter informação privilegiada ou
>         confidencial e é para uso exclusivo da pessoa ou entidade de
>         destino. Se não é vossa senhoria o destinatário indicado, fica
>         notificado de que a leitura, utilização, divulgação e/ou cópia
>         sem autorização pode estar proibida em virtude da legislação
>         vigente. Se recebeu esta mensagem por erro, rogamos-lhe que
>         nos o comunique imediatamente por esta mesma via e proceda a
>         sua destruição
>
>
>
>
>         _______________________________________________
>
>         Panic mailing list
>
>         Panic@ietf.org <mailto:Panic@ietf.org>
>
>         https://www.ietf.org/mailman/listinfo/panic
>         <https://www.ietf.org/mailman/listinfo/panic>
>
>     _______________________________________________ Panic mailing list
>     Panic@ietf.org <mailto:Panic@ietf.org>
>     https://www.ietf.org/mailman/listinfo/panic
>     <https://www.ietf.org/mailman/listinfo/panic> 
>
> _______________________________________________
> Panic mailing list
> Panic@ietf.org
> https://www.ietf.org/mailman/listinfo/panic