Re: [Panic] Scope Draft is Available

Robert Moskowitz <rgm-sec@htt-consult.com> Thu, 15 June 2017 20:38 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BF6A129455 for <panic@ietfa.amsl.com>; Thu, 15 Jun 2017 13:38:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jmnlgKvOxjco for <panic@ietfa.amsl.com>; Thu, 15 Jun 2017 13:38:18 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DD70129445 for <Panic@ietf.org>; Thu, 15 Jun 2017 13:38:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id E500A623A8; Thu, 15 Jun 2017 16:38:13 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id D4BR5DnPr3ra; Thu, 15 Jun 2017 16:37:58 -0400 (EDT)
Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id EB715622AD; Thu, 15 Jun 2017 16:37:57 -0400 (EDT)
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com> <MWHPR09MB14406D7D3B3505F6DD476366F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <D4EE3E29-4B4D-4B64-8328-2755E1E17353@telefonica.com> <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com>
Cc: "Panic@ietf.org" <Panic@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <3c2c18cd-90a5-ed7f-d803-f2906f3d116b@htt-consult.com>
Date: Thu, 15 Jun 2017 16:37:46 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------4F254326E6457B5F70B0ADC6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/AysxTABztFeZ-uR-WvjmMOxMMqk>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2017 20:38:33 -0000

David,

Do you have an update to your draft?

I don't see anything past the Apr 11 01.txt draft.

thanks

On 05/19/2017 10:09 AM, Waltermire, David A. (Fed) wrote:
>
> Diego, thanks for the edits.
>
> All,
>
> I am going to drop this text into an update of the scope draft. I’ll 
> wait until Monday to work on posting the draft update. Please let me 
> know if any other changes to the draft are desired.
>
> Thanks,
>
> Dave
>
> *From:*Panic [mailto:panic-bounces@ietf.org] *On Behalf Of *Diego R. Lopez
> *Sent:* Friday, May 19, 2017 2:23 AM
> *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov>;
> *Cc:* Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com>;
> *Subject:* Re: [Panic] Scope Draft is Available
>
> Hi,
>
> I agree with David’s proposal, with just a few minor changes with 
> respect to the original text, to make it more general, completely 
> covering the virtual cases (NFV) and eliminating the term “device” to 
> avoid too many equivalences...
>
> Network operators need to know what is connected to their 
> organization's networks so that they can properly manage those network 
> elements. Managing these network endpoints, consisting of physical and 
> virtual network infrastructure, requires access to information 
> pertaining to them, including endpoint identity, the identity of 
> software installed on the element, and the configuration setting 
> values for the installed software. This information can be collected 
> from different classes of elements over different protocols and using 
> different data models. PANIC will identify a standardized solution to 
> collect posture information for network element, and allow that 
> information to be shared with authorized users and elements on the 
> network supporting security automation. PANIC aims to reuse available 
> standards for posture assessment where possible. The PANIC effort will 
> avoid redefining information exchange technologies for use cases that 
> have already been defined.
>
> Be goode,
>
>     On 18 May 2017, at 20:01 , Waltermire, David A. (Fed)
>     <david.waltermire@nist.gov <mailto:david.waltermire@nist.gov>> wrote:
>
>     Panos, thanks for providing text.
>
>     We have participants that are approaching this problem space that
>     are accustomed to using endpoint and network element. How about
>     the following introduction text to draw an equivalence between
>     these terms?
>
>     Network operators need to know what is connected to their
>     organization's networks so that they can properly manage those
>     network elements. Managing these network elements, consisting of
>     physical and virtual network infrastructure devices, requires
>     access to information pertaining to these endpoint devices,
>     including device identity, the identity of software installed on
>     the endpoint, and the configuration setting values for the
>     installed software. This information can be collected from
>     different classes of endpoints over different protocols and using
>     different data models. PANIC will identify a standardized solution
>     to collect posture information for network devices, and allow that
>     information to be shared with authorized users and devices on the
>     network supporting security automation. PANIC aims to reuse
>     available standards for posture assessment where possible. The
>     PANIC effort will avoid redefining information exchange
>     technologies for use cases that have already been defi
>     ned.
>
>     Also, I added your text to the security considerations section. I
>     will post this in the -02 revision once we sort out the Introduction.
>
>     Thanks,
>     Dave
>
>
>         -----Original Message-----
>         From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com]
>         Sent: Thursday, May 18, 2017 12:30 PM
>         To: Waltermire, David A. (Fed) <david.waltermire@nist.gov
>         <mailto:david.waltermire@nist.gov>>; Panic@ietf.org
>         <mailto:Panic@ietf.org>
>         Subject: RE: Scope Draft is Available
>
>         ACK. Below some proposed text:
>
>         For the Security Considerations Section:
>           Further discussion here will address the threat introduced
>         to the network
>         elements by the posture information collection. There should
>         be protections
>         implemented to prevent the element from being vulnerable to
>         DoS attacks
>         by frequent polling or pushing of posture data.
>
>         For the Introduction Section:
>           ...automation. PANIC aims to reuse available standards for
>         posture
>         assessment where possible. It will avoid redefining info exchange
>         technologies for usecases that have already been defined.
>
>         For the Introduction Section:
>           ...manage those
>           endpoints. Endpoints / Elements include hardware, software
>         of virtual
>         network infrastructure devices.
>
>
>
>
>
>         hardware, software or virtual (NFV fails in this
>
>             category)
>
>
>
>         -----Original Message-----
>         From: Waltermire, David A. (Fed)
>         [mailto:david.waltermire@nist.gov]
>         Sent: Thursday, May 18, 2017 10:59 AM
>         To: Panos Kampanakis (pkampana) <pkampana@cisco.com
>         <mailto:pkampana@cisco.com>>; Panic@ietf.org
>         <mailto:Panic@ietf.org>
>         Subject: RE: Scope Draft is Available
>
>         Panos,
>
>         Thank you for providing feedback on the PANIC scope draft.
>
>         Comments are inline below.
>
>
>             -----Original Message-----
>             From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com]
>             Sent: Thursday, May 18, 2017 10:37 AM
>             To: Waltermire, David A. (Fed) <david.waltermire@nist.gov
>             <mailto:david.waltermire@nist.gov>>;
>             Panic@ietf.org <mailto:Panic@ietf.org>
>             Subject: RE: Scope Draft is Available
>
>             Hi David,
>
>             The document is clear.
>
>             One semantic objection I have is about the use of the word
>             endpoint. I
>             believe the term is commonly used for user machines
>             (laptops, cells,
>             tablets) . Network element or element is a little clearer.
>
>
>         I don't have a dog in this fight. I am happy to go either way
>         (e.g., endpoint,
>         network element) if there is a preference in the group for one
>         term or the
>         other. I'd like to hear other opinions on this.
>
>
>             A susggestion: The security section could mention the
>             importance of
>             not introducing security concerns with the posture info
>             collection.
>             For example a device should not be DoSable by too many
>             polls, or it
>             should not push often enough that would introduce
>             performance concerns
>
>         etc.
>
>         I think this is a good idea. Do you have some text in mind to
>         drop in?
>
>
>             I think it will also be beneficial to be explicit about
>             the types of
>             network elements. In the broad technologies that exist
>             today, these
>             elements could be hardware, software or virtual (NFV fails
>             in this
>             category). All of those should be in scope for this work.
>
>
>         All of these are in scope in my view.
>
>
>             Side comment: I would like this standardization effort to
>             try to reuse
>             data formats and transports wherever possible and not come
>             up with new
>             posture information descriptions. I think this is a common
>             goal that
>             SACM has as well.
>
>
>         I share this goal as well. Should we document this in the draft?
>
>
>             Thanks,
>             Panos
>
>
>         Regards,
>         Dave
>
>
>             -----Original Message-----
>             From: Panic [mailto:panic-bounces@ietf.org] On Behalf Of
>             Waltermire,
>             David A. (Fed)
>             Sent: Monday, May 15, 2017 11:03 AM
>             To: Panic@ietf.org <mailto:Panic@ietf.org>
>             Subject: [Panic] Scope Draft is Available
>
>             Welcome to the posture assessment through network information
>             collection
>             (PANIC) email list. At the side meeting on March 29th, we
>             started
>             discussing the problem of how to measure the health of network
>             devices. We discussed the need to collect posture
>             information from
>             network devices to support asset, software, vulnerability, and
>             configuration management use cases. We were asked by the
>             group to
>             share a more detailed description of the intended scope
>             for the PANIC
>             effort. The follow draft is an attempt to do
>             so:
>
>             https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/
>
>             We would appreciate review of and comments on this draft.
>             At this
>             point, we want to know if the this scope clearly defines
>             the problem to be
>
>         solved.
>
>             Please let us know if you have any questions or concerns,
>             or if you
>             think the scope draft is adequate.
>
>             Regards,
>             David Waltermire
>
>             _______________________________________________
>             Panic mailing list
>             Panic@ietf.org <mailto:Panic@ietf.org>
>             https://www.ietf.org/mailman/listinfo/panic
>
>
>     _______________________________________________
>     Panic mailing list
>     Panic@ietf.org <mailto:Panic@ietf.org>
>     https://www.ietf.org/mailman/listinfo/panic
>
> --
> "Esta vez no fallaremos, Doctor Infierno"
>
> Dr Diego R. Lopez
> Telefonica I+D
> http://people.tid.es/diego.lopez/
>
> e-mail: diego.r.lopez@telefonica.com <mailto:diego.r.lopez@telefonica.com>
> Tel:    +34 913 129 041
> Mobile: +34 682 051 091
> ----------------------------------
>
> ------------------------------------------------------------------------
>
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su 
> destinatario, puede contener información privilegiada o confidencial y 
> es para uso exclusivo de la persona o entidad de destino. Si no es 
> usted. el destinatario indicado, queda notificado de que la lectura, 
> utilización, divulgación y/o copia sin autorización puede estar 
> prohibida en virtud de la legislación vigente. Si ha recibido este 
> mensaje por error, le rogamos que nos lo comunique inmediatamente por 
> esta misma vía y proceda a su destrucción.
>
> The information contained in this transmission is privileged and 
> confidential information intended only for the use of the individual 
> or entity named above. If the reader of this message is not the 
> intended recipient, you are hereby notified that any dissemination, 
> distribution or copying of this communication is strictly prohibited. 
> If you have received this transmission in error, do not read it. 
> Please immediately reply to the sender that you have received this 
> communication in error and then delete it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu 
> destinatário, pode conter informação privilegiada ou confidencial e é 
> para uso exclusivo da pessoa ou entidade de destino. Se não é vossa 
> senhoria o destinatário indicado, fica notificado de que a leitura, 
> utilização, divulgação e/ou cópia sem autorização pode estar proibida 
> em virtude da legislação vigente. Se recebeu esta mensagem por erro, 
> rogamos-lhe que nos o comunique imediatamente por esta mesma via e 
> proceda a sua destruição
>
>
>
> _______________________________________________
> Panic mailing list
> Panic@ietf.org
> https://www.ietf.org/mailman/listinfo/panic