Re: [Panic] Scope Draft is Available
Robert Moskowitz <rgm-sec@htt-consult.com> Mon, 26 June 2017 18:57 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AACAD12EB45 for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 11:57:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.742
X-Spam-Level:
X-Spam-Status: No, score=-2.742 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1L8kvV9GiQE for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 11:57:36 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB4B012EB39 for <Panic@ietf.org>; Mon, 26 Jun 2017 11:57:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 8C46A62251; Mon, 26 Jun 2017 14:57:32 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 0zhx3qvcegae; Mon, 26 Jun 2017 14:57:15 -0400 (EDT)
Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 7D25162250; Mon, 26 Jun 2017 14:57:14 -0400 (EDT)
To: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com> <MWHPR09MB14406D7D3B3505F6DD476366F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <D4EE3E29-4B4D-4B64-8328-2755E1E17353@telefonica.com> <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com> <3c2c18cd-90a5-ed7f-d803-f2906f3d116b@htt-consult.com> <MWHPR09MB1440989ACF09FB9BADB8747EF0C10@MWHPR09MB1440.namprd09.prod.outlook.com> <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
Cc: "Panic@ietf.org" <Panic@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <82f03907-617c-3317-7386-ff35008f50c6@htt-consult.com>
Date: Mon, 26 Jun 2017 14:57:12 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------74E4240DC38512EDF784BF6D"
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/4wGHr-DbjAlvjkMAkl52UZcyC5Y>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 18:57:41 -0000
Jessica, Thanksfor updating the draft. I will give it a read. Along with dozen others I have to get done! :) Deadlines. You have to love 'em. Bob On 06/26/2017 10:47 AM, Jessica Fitzgerald-McKay wrote: > All, > I have posted an updated draft scope here: > https://datatracker.ietf.org/doc/html/draft-waltermire-panic-scope-02. > > I think we have addressed most of the issues brought up on list. I do > not feel I adequately addressed making NAT out of scope (per Daniel's > request) and would like some help on that. > > Bob, to your questions on the relationship between our work and > netconf, I think that we could best focus our time on extending YANG > to meet the requirements we derive from this scoping statement. So, I > stated that explicitly in this draft. I'd like to get feedback from > the group on that approach, so please chime in if you > like/dislike/love/loathe that idea. > > Thanks, > Jess > > On Fri, Jun 16, 2017 at 3:11 PM, Waltermire, David A. (Fed) > <david.waltermire@nist.gov <mailto:david.waltermire@nist.gov>> wrote: > > Hi Bob, > > Thanks for asking. We have been working on an update. We hope to > post it soon addressing the feedback we have received so far, > including addressing the comments from your other email today. > > Thanks, > > Dave > > *From:*Robert Moskowitz [mailto:rgm-sec@htt-consult.com > <mailto:rgm-sec@htt-consult.com>] > *Sent:* Thursday, June 15, 2017 4:38 PM > *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov > <mailto:david.waltermire@nist.gov>>; Diego R. Lopez > <diego.r.lopez@telefonica.com <mailto:diego.r.lopez@telefonica.com>> > > > *Cc:* Panic@ietf.org <mailto:Panic@ietf.org>; Panos Kampanakis > (pkampana) <pkampana@cisco.com <mailto:pkampana@cisco.com>> > *Subject:* Re: [Panic] Scope Draft is Available > > David, > > Do you have an update to your draft? > > I don't see anything past the Apr 11 01.txt draft. > > thanks > > On 05/19/2017 10:09 AM, Waltermire, David A. (Fed) wrote: > > Diego, thanks for the edits. > > All, > > > I am going to drop this text into an update of the scope > draft. I’ll wait until Monday to work on posting the draft > update. Please let me know if any other changes to the draft > are desired. > > Thanks, > > Dave > > *From:*Panic [mailto:panic-bounces@ietf.org] *On Behalf Of > *Diego R. Lopez > *Sent:* Friday, May 19, 2017 2:23 AM > *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov> > <mailto:david.waltermire@nist.gov> > *Cc:* Panic@ietf.org <mailto:Panic@ietf.org>; Panos Kampanakis > (pkampana) <pkampana@cisco.com> <mailto:pkampana@cisco.com> > *Subject:* Re: [Panic] Scope Draft is Available > > Hi, > > I agree with David’s proposal, with just a few minor changes > with respect to the original text, to make it more general, > completely covering the virtual cases (NFV) and eliminating > the term “device” to avoid too many equivalences... > > Network operators need to know what is connected to their > organization's networks so that they can properly manage those > network elements. Managing these network endpoints, consisting > of physical and virtual network infrastructure, requires > access to information pertaining to them, including endpoint > identity, the identity of software installed on the element, > and the configuration setting values for the installed > software. This information can be collected from different > classes of elements over different protocols and using > different data models. PANIC will identify a standardized > solution to collect posture information for network element, > and allow that information to be shared with authorized users > and elements on the network supporting security automation. > PANIC aims to reuse available standards for posture assessment > where possible. The PANIC effort will avoid redefining > information exchange technologies for use cases that have > already been defined. > > Be goode, > > On 18 May 2017, at 20:01 , Waltermire, David A. (Fed) > <david.waltermire@nist.gov > <mailto:david.waltermire@nist.gov>> wrote: > > Panos, thanks for providing text. > > We have participants that are approaching this problem > space that are accustomed to using endpoint and network > element. How about the following introduction text to draw > an equivalence between these terms? > > Network operators need to know what is connected to their > organization's networks so that they can properly manage > those network elements. Managing these network elements, > consisting of physical and virtual network infrastructure > devices, requires access to information pertaining to > these endpoint devices, including device identity, the > identity of software installed on the endpoint, and the > configuration setting values for the installed software. > This information can be collected from different classes > of endpoints over different protocols and using different > data models. PANIC will identify a standardized solution > to collect posture information for network devices, and > allow that information to be shared with authorized users > and devices on the network supporting security automation. > PANIC aims to reuse available standards for posture > assessment where possible. The PANIC effort will avoid > redefining information exchange technologies for use cases > that have already been defi > ned. > > Also, I added your text to the security considerations > section. I will post this in the -02 revision once we sort > out the Introduction. > > Thanks, > Dave > > > > -----Original Message----- > From: Panos Kampanakis (pkampana) > [mailto:pkampana@cisco.com] > Sent: Thursday, May 18, 2017 12:30 PM > To: Waltermire, David A. (Fed) > <david.waltermire@nist.gov > <mailto:david.waltermire@nist.gov>>; Panic@ietf.org > <mailto:Panic@ietf.org> > Subject: RE: Scope Draft is Available > > ACK. Below some proposed text: > > For the Security Considerations Section: > Further discussion here will address the threat > introduced to the network > elements by the posture information collection. There > should be protections > implemented to prevent the element from being > vulnerable to DoS attacks > by frequent polling or pushing of posture data. > > For the Introduction Section: > ...automation. PANIC aims to reuse available > standards for posture > assessment where possible. It will avoid redefining > info exchange > technologies for usecases that have already been defined. > > For the Introduction Section: > ...manage those > endpoints. Endpoints / Elements include hardware, > software of virtual > network infrastructure devices. > > > > > > hardware, software or virtual (NFV fails in this > > > category) > > > > -----Original Message----- > From: Waltermire, David A. (Fed) > [mailto:david.waltermire@nist.gov > <mailto:david.waltermire@nist.gov>] > Sent: Thursday, May 18, 2017 10:59 AM > To: Panos Kampanakis (pkampana) <pkampana@cisco.com > <mailto:pkampana@cisco.com>>; Panic@ietf.org > <mailto:Panic@ietf.org> > Subject: RE: Scope Draft is Available > > Panos, > > Thank you for providing feedback on the PANIC scope draft. > > Comments are inline below. > > > > -----Original Message----- > From: Panos Kampanakis (pkampana) > [mailto:pkampana@cisco.com] > Sent: Thursday, May 18, 2017 10:37 AM > To: Waltermire, David A. (Fed) > <david.waltermire@nist.gov > <mailto:david.waltermire@nist.gov>>; > Panic@ietf.org <mailto:Panic@ietf.org> > Subject: RE: Scope Draft is Available > > Hi David, > > The document is clear. > > One semantic objection I have is about the use of > the word endpoint. I > believe the term is commonly used for user > machines (laptops, cells, > tablets) . Network element or element is a little > clearer. > > > I don't have a dog in this fight. I am happy to go > either way (e.g., endpoint, > network element) if there is a preference in the group > for one term or the > other. I'd like to hear other opinions on this. > > > > A susggestion: The security section could mention > the importance of > not introducing security concerns with the posture > info collection. > For example a device should not be DoSable by too > many polls, or it > should not push often enough that would introduce > performance concerns > > etc. > > I think this is a good idea. Do you have some text in > mind to drop in? > > > > I think it will also be beneficial to be explicit > about the types of > network elements. In the broad technologies that > exist today, these > elements could be hardware, software or virtual > (NFV fails in this > category). All of those should be in scope for > this work. > > > All of these are in scope in my view. > > > > Side comment: I would like this standardization > effort to try to reuse > data formats and transports wherever possible and > not come up with new > posture information descriptions. I think this is > a common goal that > SACM has as well. > > > I share this goal as well. Should we document this in > the draft? > > > > Thanks, > Panos > > > Regards, > Dave > > > > -----Original Message----- > From: Panic [mailto:panic-bounces@ietf.org] On > Behalf Of Waltermire, > David A. (Fed) > Sent: Monday, May 15, 2017 11:03 AM > To: Panic@ietf.org <mailto:Panic@ietf.org> > Subject: [Panic] Scope Draft is Available > > Welcome to the posture assessment through network > information > collection > (PANIC) email list. At the side meeting on March > 29th, we started > discussing the problem of how to measure the > health of network > devices. We discussed the need to collect posture > information from > network devices to support asset, software, > vulnerability, and > configuration management use cases. We were asked > by the group to > share a more detailed description of the intended > scope for the PANIC > effort. The follow draft is an attempt to do > so: > > https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/ > <https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/> > > We would appreciate review of and comments on this > draft. At this > point, we want to know if the this scope clearly > defines the problem to be > > solved. > > > Please let us know if you have any questions or > concerns, or if you > think the scope draft is adequate. > > Regards, > David Waltermire > > _______________________________________________ > Panic mailing list > Panic@ietf.org <mailto:Panic@ietf.org> > https://www.ietf.org/mailman/listinfo/panic > <https://www.ietf.org/mailman/listinfo/panic> > > > _______________________________________________ > Panic mailing list > Panic@ietf.org <mailto:Panic@ietf.org> > https://www.ietf.org/mailman/listinfo/panic > <https://www.ietf.org/mailman/listinfo/panic> > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > <http://people.tid.es/diego.lopez/> > > e-mail: diego.r.lopez@telefonica.com > <mailto:diego.r.lopez@telefonica.com> > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ---------------------------------- > > ------------------------------------------------------------------------ > > > Este mensaje y sus adjuntos se dirigen exclusivamente a su > destinatario, puede contener información privilegiada o > confidencial y es para uso exclusivo de la persona o entidad > de destino. Si no es usted. el destinatario indicado, queda > notificado de que la lectura, utilización, divulgación y/o > copia sin autorización puede estar prohibida en virtud de la > legislación vigente. Si ha recibido este mensaje por error, le > rogamos que nos lo comunique inmediatamente por esta misma vía > y proceda a su destrucción. > > The information contained in this transmission is privileged > and confidential information intended only for the use of the > individual or entity named above. If the reader of this > message is not the intended recipient, you are hereby notified > that any dissemination, distribution or copying of this > communication is strictly prohibited. If you have received > this transmission in error, do not read it. Please immediately > reply to the sender that you have received this communication > in error and then delete it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu > destinatário, pode conter informação privilegiada ou > confidencial e é para uso exclusivo da pessoa ou entidade de > destino. Se não é vossa senhoria o destinatário indicado, fica > notificado de que a leitura, utilização, divulgação e/ou cópia > sem autorização pode estar proibida em virtude da legislação > vigente. Se recebeu esta mensagem por erro, rogamos-lhe que > nos o comunique imediatamente por esta mesma via e proceda a > sua destruição > > > > > _______________________________________________ > > Panic mailing list > > Panic@ietf.org <mailto:Panic@ietf.org> > > https://www.ietf.org/mailman/listinfo/panic > <https://www.ietf.org/mailman/listinfo/panic> > > _______________________________________________ Panic mailing list > Panic@ietf.org <mailto:Panic@ietf.org> > https://www.ietf.org/mailman/listinfo/panic > <https://www.ietf.org/mailman/listinfo/panic> > > _______________________________________________ > Panic mailing list > Panic@ietf.org > https://www.ietf.org/mailman/listinfo/panic
- [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Panos Kampanakis (pkampana)
- Re: [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Panos Kampanakis (pkampana)
- Re: [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Diego R. Lopez
- Re: [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Daniel Migault
- Re: [Panic] Scope Draft is Available Robert Moskowitz
- Re: [Panic] Scope Draft is Available Robert Moskowitz
- Re: [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Jessica Fitzgerald-McKay
- Re: [Panic] Scope Draft is Available Robert Moskowitz
- Re: [Panic] Scope Draft is Available Jessica Fitzgerald-McKay
- Re: [Panic] Scope Draft is Available Robert Moskowitz
- Re: [Panic] Scope Draft is Available Panos Kampanakis (pkampana)
- Re: [Panic] Scope Draft is Available Diego R. Lopez