[Panic] notes on Panic Draft
Guy Fedorkow <gfedorkow@juniper.net> Fri, 21 July 2017 21:19 UTC
Return-Path: <gfedorkow@juniper.net>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C554128A32 for <panic@ietfa.amsl.com>; Fri, 21 Jul 2017 14:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XNEpfGyhEvRm for <panic@ietfa.amsl.com>; Fri, 21 Jul 2017 14:19:02 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0122.outbound.protection.outlook.com [104.47.32.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 882B112420B for <panic@ietf.org>; Fri, 21 Jul 2017 14:18:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dILM/i/ukFmW97Can5sVxDY0COrXJknHWeBjOwDr7Qs=; b=JCJRNEDS2mKCSvY3BfMZKUmRjUUjyxr7E/c6dKEJNMOXv3v/sxaXUsbqFqfwYmDUC8UhZXbNNF2YlNNk7NWgMq25fzac9+8Fw77iqU8E0Iqdapy2k6HMnJQFJ00UNU8yR6w2UIs4PKfyhGOi8sdjjWwhZN2fnpBUiCBvZaV6Pas=
Received: from BN1PR05MB309.namprd05.prod.outlook.com (10.141.63.139) by BN1PR05MB139.namprd05.prod.outlook.com (10.255.205.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1240.6; Fri, 21 Jul 2017 21:18:57 +0000
Received: from BN1PR05MB309.namprd05.prod.outlook.com ([10.141.63.139]) by BN1PR05MB309.namprd05.prod.outlook.com ([10.141.63.139]) with mapi id 15.01.1282.016; Fri, 21 Jul 2017 21:18:57 +0000
From: Guy Fedorkow <gfedorkow@juniper.net>
To: "panic@ietf.org" <panic@ietf.org>
CC: Guy Fedorkow <gfedorkow@juniper.net>
Thread-Topic: notes on Panic Draft
Thread-Index: AdMCY8IYY6zBEz8yT9uERQZ0qXAFnQ==
Date: Fri, 21 Jul 2017 21:18:57 +0000
Message-ID: <BN1PR05MB309E68BF47317CB858B8B40BAA40@BN1PR05MB309.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=gfedorkow@juniper.net;
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN1PR05MB139; 7:M2ne6Ro1/TG+sduVuzHjTj2vRfhdpwBKZVY+o/yDG2SrMcewzRbfvQOOtoKdq9xlMqzN06i+cl4H+MhQCiTPxqzA3b1oBrtW8qp+1upTlBIYy9kmwNe6NrFyaFs1Nj0c6qwIyVX0VcwN1oZNz0/iVKxDPVSJWEgoq9Dbl31glhmcbGkXlEjz0EDBuFi7mdkHHUZmEsbI8hHHmxkaytvwFYv13MJRK3Azk+jE/U5ILG49YN9ysyyWMjNsChA6VRsGUC9/VkP7GOjf59jbT1WCWFaOhb6Z0Bfa22gwSKfH9UtBLoMpWIHfXF3jKHd1/nENt/N7GRVTDOnxEs6olOqyA+kzi19xtMkvryyE9ZYeUgtoeNjkGNmS/29CvChcuGS/kDj6wOBfd8WEil4jNoXiVXtR6AHQj7kqKA+sUaR00wVzC+C5aR/jUDOLKLgpSK78bZGeQXA/KXoFMWel1ZSftFuuz6H5GddhTQmlvkLTqaNoY/I/lHWrO+GvDHSDLFHodNmraSL0qmN9BpJHE6UD3Bcg1fKG2bW22Win+GLHKbDb95qIzsEiEkqy7xdU3GkG7ihJ+LvSJxLBOZTcbJHSoPLNvdUKUBnoKyKj9RkMNUOojht6RqxxyGJJsUYB/+QLJJ+lM2Ms312f7p+37F5fRA9+LtM8qwCPK/LxFe/BqBkKNxYcgqLYbMuX9uHDryU8Kq+r3VSO3jJCHta9dF8k/uwvI7rDH2RtVO8SyQNRNzEAalT47QFFG2XqQc/Czpnd8fisOI5BTn4JWLbwjsMZ/U28M9l/OLdQQRFdL19yI8o=
x-ms-office365-filtering-correlation-id: 81eebb39-53ca-4b8f-990f-08d4d07e1941
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254075)(300000503095)(300135400095)(48565401081)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN1PR05MB139;
x-ms-traffictypediagnostic: BN1PR05MB139:
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(21748063052155);
x-microsoft-antispam-prvs: <BN1PR05MB1391368C13A7BC3BEC0F99CBAA40@BN1PR05MB139.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123558100)(20161123562025)(20161123560025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN1PR05MB139; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN1PR05MB139;
x-forefront-prvs: 0375972289
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39450400003)(39860400002)(39850400002)(39410400002)(39400400002)(199003)(54094003)(189002)(40224003)(3280700002)(2900100001)(4326008)(50986999)(8936002)(101416001)(8676002)(81166006)(74316002)(1730700003)(5640700003)(54896002)(7696004)(25786009)(54356999)(9686003)(3846002)(3660700001)(102836003)(6116002)(55016002)(790700001)(99286003)(5630700001)(81156014)(6306002)(6436002)(5660300001)(68736007)(33656002)(6506006)(3480700004)(7736002)(66066001)(2906002)(97736004)(77096006)(6916009)(53936002)(107886003)(14454004)(106356001)(86362001)(2351001)(478600001)(189998001)(110136004)(2501003)(38730400002)(105586002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR05MB139; H:BN1PR05MB309.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN1PR05MB309E68BF47317CB858B8B40BAA40BN1PR05MB309namprd_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jul 2017 21:18:57.3487 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR05MB139
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/PjqbTkONk6GE04s-n_TRa24uyWE>
Subject: [Panic] notes on Panic Draft
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 21:19:04 -0000
Hi Dave, Jessica, Thanks for updating the PANIC draft... I think it's starting to take shape! It seems that the next step in moving this forward might be to outline the kind of information we want to retrieve from the endpoints. I'd assume you'd want some kind of info to identify the device - manufacturer, serial number, etc, plus something that shows the software revision of the relevant modules. Could that be something like a set of SWID tags? It might be good to pattern the device information on IEEE 802.1AR. Using a cryptographic ID might not be a 'must', but it's probably a desirable option, so making sure it would fit might be helpful. It might be good to add a note saying whether the draft should extend to virtualized devices, e.g., NFV instances. I'd assume that it should, but that might make identity a bit more complicated. On the topic of scope, I suppose it might be good to say if "Things", as in IoT, are in scope or not. I can't guess if that has an impact on the technical spec, but there certainly could be an impact on implied scaling needs, and it might help remind readers that figuring out what's running in the IoT is a getting to be a big problem. The diagram in the front of the draft shows an interconnect between Posture Server and Data Store... seems like there could be some complicated transactions across that link... Do you think there's existing practice that could be used for this? The draft also mentions methods that Endpoints can use to find Posture servers. I wonder if Zeroconf or some kind of DHCP trick might work for this? Finally, in Security Considerations, I wonder if there should be something about how much we do or don't trust the endpoint to report its Information truthfully. The combination of 802.1AR and signed SWID tags might help with a way to assess the reliability of the information. Great start, let's try to start breaking down some of the top-level topics to get to the next level of requirements. Thx, /guy
- [Panic] notes on Panic Draft Guy Fedorkow
- Re: [Panic] notes on Panic Draft Jessica Fitzgerald-McKay
- Re: [Panic] notes on Panic Draft Adam Montville
- Re: [Panic] notes on Panic Draft Guy Fedorkow
- Re: [Panic] notes on Panic Draft Jessica Fitzgerald-McKay
- Re: [Panic] notes on Panic Draft Adam Montville
- Re: [Panic] notes on Panic Draft Panos Kampanakis (pkampana)
- [Panic] 答复: notes on Panic Draft Xialiang (Frank)
- Re: [Panic] notes on Panic Draft Diego R. Lopez
- Re: [Panic] notes on Panic Draft Waltermire, David A. (Fed)
- Re: [Panic] notes on Panic Draft Guy Fedorkow
- Re: [Panic] notes on Panic Draft Waltermire, David A. (Fed)