IETF Logo Mail Archive

Re: [Panic] Scope Draft is Available

Jessica Fitzgerald-McKay <jmfmckay@gmail.com> Mon, 26 June 2017 19:08 UTC

Return-Path: <jmfmckay@gmail.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FB9C12EB4D for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 12:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.987
X-Spam-Level:
X-Spam-Status: No, score=-1.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFrByQGVtZQr for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 12:08:07 -0700 (PDT)
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5F6F126C3D for <Panic@ietf.org>; Mon, 26 Jun 2017 12:08:06 -0700 (PDT)
Received: by mail-vk0-x229.google.com with SMTP id 191so5599007vko.2 for <Panic@ietf.org>; Mon, 26 Jun 2017 12:08:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=a0p4CVVXNudhD0McOOozJiarcIKJFy73HOvTYDnMOQU=; b=k5k4f6DRc4MKPNP6c+9fH1Q1zQoP9gfNnCagcW9D3lDIUdqNPlZqgmhTaxlkO6wdJj hbtDt7miZIrXqPiZKLBbZL4aO+b0s+Hd+a2YwrqschfNSQbXD8yMiFtpSA6deKxI2tir 6rSMTl4Z8O+UcLQXTzApBSRC/mG1cuY8k7V9b2XRjHfQqIgl5o2P93KFRxf6EKCfZ17w eYZOBf9DMdISUFEfgKlmh10Gids7qjK7PhJa2px9nEdKp1WRwLXWYgLBJfEj/Vy9j2n/ rFoqKYlaP5e7dldAp458NEposLiJ2qu6/Iczt5qPdFkn1c3uo0ztNLy5fyQRUUv9YG2j 3pwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=a0p4CVVXNudhD0McOOozJiarcIKJFy73HOvTYDnMOQU=; b=JEhm8qr8agHRX3Ora9j0E91GDk6or5WbpA/qg5Oguu+OJhZDTw09lIQLnuPT/PyMKc AwT+4ufRizQeX+lm7ayjJQlQr3Rlgg/RHiBtgJbyHw680Z1X+Wl9vzwdMVd4GS6Sr807 5Q9/ecEnyt2beLYNciTP04F06E0RFWD24Q1rM40ID4117kRBI9JQHMxrqoOODsNZGmLz fsIQKaYhFFWe5RTR5nFD3cgP9m/IjB5vw6gI9Iw3df02iNs0NyG9q3P/SwKtCuPmBy+i hy/IYzR+x22wwRp2PspdmVK3ALIUbIGyApFeNPupb+Iy9OeI7Q9//kBTiGZLX22IfE3j lT4g==
X-Gm-Message-State: AKS2vOx7N4DjM6OGlb5aXl9PpmoEzzzG6sWTGBB7Da23HTTjMHqIuCzK S1iUk3u9sNaW77cSN+4/RQeXsfuvRg==
X-Received: by 10.31.179.143 with SMTP id c137mr745311vkf.127.1498504085435; Mon, 26 Jun 2017 12:08:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.83.93 with HTTP; Mon, 26 Jun 2017 12:08:04 -0700 (PDT)
In-Reply-To: <82f03907-617c-3317-7386-ff35008f50c6@htt-consult.com>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com> <MWHPR09MB14406D7D3B3505F6DD476366F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <D4EE3E29-4B4D-4B64-8328-2755E1E17353@telefonica.com> <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com> <3c2c18cd-90a5-ed7f-d803-f2906f3d116b@htt-consult.com> <MWHPR09MB1440989ACF09FB9BADB8747EF0C10@MWHPR09MB1440.namprd09.prod.outlook.com> <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com> <82f03907-617c-3317-7386-ff35008f50c6@htt-consult.com>
From: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>
Date: Mon, 26 Jun 2017 15:08:04 -0400
Message-ID: <CAM+R6NUFfxNQTLWgMMOweajrdavbOFA0E7Crt7ALCUjBMKG-SA@mail.gmail.com>
To: Robert Moskowitz <rgm-sec@htt-consult.com>
Cc: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "Panic@ietf.org" <Panic@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>
Content-Type: multipart/alternative; boundary="001a1143b752b4fcdb0552e1ab58"
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/SzU37gQkj3ANDtW9q4cfN_f7fJA>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 19:08:09 -0000

Completely hear you, Bob. Thanks for finding the time for feedback, we (and
all the other authors/editors whose work you are reviewing) appreciate it!

On Mon, Jun 26, 2017 at 2:57 PM, Robert Moskowitz <rgm-sec@htt-consult.com>
wrote:

> Jessica,
>
> Thanksfor updating the draft.  I will give it a read.  Along with dozen
> others I have to get done!  :)
>
> Deadlines.  You have to love 'em.
>
> Bob
>
>
>
> On 06/26/2017 10:47 AM, Jessica Fitzgerald-McKay wrote:
>
> All,
> I have posted an updated draft scope here:  https://datatracker.ietf.org/
> doc/html/draft-waltermire-panic-scope-02.
>
> I think we have addressed most of the issues brought up on list. I do not
> feel I adequately addressed making NAT out of scope (per Daniel's request)
> and would like some help on that.
>
> Bob, to your questions on the relationship between our work and netconf, I
> think that we could best focus our time on extending YANG to meet the
> requirements we derive from this scoping statement. So, I stated that
> explicitly in this draft. I'd like to get feedback from the group on that
> approach, so please chime in if you like/dislike/love/loathe that idea.
>
> Thanks,
> Jess
>
> On Fri, Jun 16, 2017 at 3:11 PM, Waltermire, David A. (Fed) <
> david.waltermire@nist.gov> wrote:
>
>> Hi Bob,
>>
>>
>>
>> Thanks for asking. We have been working on an update. We hope to post it
>> soon addressing the feedback we have received so far, including addressing
>> the comments from your other email today.
>>
>>
>>
>> Thanks,
>>
>> Dave
>>
>>
>>
>> *From:* Robert Moskowitz [mailto:rgm-sec@htt-consult.com]
>> *Sent:* Thursday, June 15, 2017 4:38 PM
>> *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov>; Diego R.
>> Lopez <diego.r.lopez@telefonica.com>
>>
>> *Cc:* Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com>
>> *Subject:* Re: [Panic] Scope Draft is Available
>>
>>
>>
>> David,
>>
>> Do you have an update to your draft?
>>
>> I don't see anything past the Apr 11 01.txt draft.
>>
>> thanks
>>
>> On 05/19/2017 10:09 AM, Waltermire, David A. (Fed) wrote:
>>
>> Diego, thanks for the edits.
>>
>>
>>
>> All,
>>
>>
>> I am going to drop this text into an update of the scope draft. I’ll wait
>> until Monday to work on posting the draft update. Please let me know if any
>> other changes to the draft are desired.
>>
>>
>>
>> Thanks,
>>
>> Dave
>>
>>
>>
>> *From:* Panic [mailto:panic-bounces@ietf.org <panic-bounces@ietf.org>] *On
>> Behalf Of *Diego R. Lopez
>> *Sent:* Friday, May 19, 2017 2:23 AM
>> *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov>
>> <david.waltermire@nist.gov>
>> *Cc:* Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com>
>> <pkampana@cisco.com>
>> *Subject:* Re: [Panic] Scope Draft is Available
>>
>>
>>
>> Hi,
>>
>>
>>
>> I agree with David’s proposal, with just a few minor changes with respect
>> to the original text, to make it more general, completely covering the
>> virtual cases (NFV) and eliminating the term “device” to avoid too many
>> equivalences...
>>
>>
>>
>> Network operators need to know what is connected to their organization's
>> networks so that they can properly manage those network elements. Managing
>> these network endpoints, consisting of physical and virtual network
>> infrastructure, requires access to information pertaining to them,
>> including endpoint identity, the identity of software installed on the
>> element, and the configuration setting values for the installed software.
>> This information can be collected from different classes of elements over
>> different protocols and using different data models. PANIC will identify a
>> standardized solution to collect posture information for network element,
>> and allow that information to be shared with authorized users and elements
>> on the network supporting security automation. PANIC aims to reuse
>> available standards for posture assessment where possible. The PANIC effort
>> will avoid redefining information exchange technologies for use cases that
>> have already been defined.
>>
>>
>>
>> Be goode,
>>
>>
>>
>> On 18 May 2017, at 20:01 , Waltermire, David A. (Fed) <
>> david.waltermire@nist.gov> wrote:
>>
>>
>>
>> Panos, thanks for providing text.
>>
>> We have participants that are approaching this problem space that are
>> accustomed to using endpoint and network element. How about the following
>> introduction text to draw an equivalence between these terms?
>>
>> Network operators need to know what is connected to their organization's
>> networks so that they can properly manage those network elements. Managing
>> these network elements, consisting of physical and virtual network
>> infrastructure devices, requires access to information pertaining to these
>> endpoint devices, including device identity, the identity of software
>> installed on the endpoint, and the configuration setting values for the
>> installed software. This information can be collected from different
>> classes of endpoints over different protocols and using different data
>> models. PANIC will identify a standardized solution to collect posture
>> information for network devices, and allow that information to be shared
>> with authorized users and devices on the network supporting security
>> automation. PANIC aims to reuse available standards for posture assessment
>> where possible. The PANIC effort will avoid redefining information exchange
>> technologies for use cases that have already been defi
>> ned.
>>
>> Also, I added your text to the security considerations section. I will
>> post this in the -02 revision once we sort out the Introduction.
>>
>> Thanks,
>> Dave
>>
>>
>>
>> -----Original Message-----
>> From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com
>> <pkampana@cisco.com>]
>> Sent: Thursday, May 18, 2017 12:30 PM
>> To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>;
>> Panic@ietf.org
>> Subject: RE: Scope Draft is Available
>>
>> ACK. Below some proposed text:
>>
>> For the Security Considerations Section:
>>   Further discussion here will address the threat introduced to the
>> network
>> elements by the posture information collection. There should be
>> protections
>> implemented to prevent the element from being vulnerable to DoS attacks
>> by frequent polling or pushing of posture data.
>>
>> For the Introduction Section:
>>   ...automation. PANIC aims to reuse available standards for posture
>> assessment where possible. It will avoid redefining info exchange
>> technologies for usecases that have already been defined.
>>
>> For the Introduction Section:
>>   ...manage those
>>   endpoints. Endpoints / Elements include hardware, software of virtual
>> network infrastructure devices.
>>
>>
>>
>>
>>
>> hardware, software or virtual (NFV fails in this
>>
>>
>> category)
>>
>>
>>
>> -----Original Message-----
>> From: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov
>> <david.waltermire@nist.gov>]
>> Sent: Thursday, May 18, 2017 10:59 AM
>> To: Panos Kampanakis (pkampana) <pkampana@cisco.com>; Panic@ietf.org
>> Subject: RE: Scope Draft is Available
>>
>> Panos,
>>
>> Thank you for providing feedback on the PANIC scope draft.
>>
>> Comments are inline below.
>>
>>
>>
>> -----Original Message-----
>> From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com
>> <pkampana@cisco.com>]
>> Sent: Thursday, May 18, 2017 10:37 AM
>> To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>;
>> Panic@ietf.org
>> Subject: RE: Scope Draft is Available
>>
>> Hi David,
>>
>> The document is clear.
>>
>> One semantic objection I have is about the use of the word endpoint. I
>> believe the term is commonly used for user machines (laptops, cells,
>> tablets) . Network element or element is a little clearer.
>>
>>
>> I don't have a dog in this fight. I am happy to go either way (e.g.,
>> endpoint,
>> network element) if there is a preference in the group for one term or the
>> other. I'd like to hear other opinions on this.
>>
>>
>>
>> A susggestion: The security section could mention the importance of
>> not introducing security concerns with the posture info collection.
>> For example a device should not be DoSable by too many polls, or it
>> should not push often enough that would introduce performance concerns
>>
>> etc.
>>
>> I think this is a good idea. Do you have some text in mind to drop in?
>>
>>
>>
>> I think it will also be beneficial to be explicit about the types of
>> network elements. In the broad technologies that exist today, these
>> elements could be hardware, software or virtual (NFV fails in this
>> category). All of those should be in scope for this work.
>>
>>
>> All of these are in scope in my view.
>>
>>
>>
>> Side comment: I would like this standardization effort to try to reuse
>> data formats and transports wherever possible and not come up with new
>> posture information descriptions. I think this is a common goal that
>> SACM has as well.
>>
>>
>> I share this goal as well. Should we document this in the draft?
>>
>>
>>
>> Thanks,
>> Panos
>>
>>
>> Regards,
>> Dave
>>
>>
>>
>> -----Original Message-----
>> From: Panic [mailto:panic-bounces@ietf.org <panic-bounces@ietf.org>] On
>> Behalf Of Waltermire,
>> David A. (Fed)
>> Sent: Monday, May 15, 2017 11:03 AM
>> To: Panic@ietf.org
>> Subject: [Panic] Scope Draft is Available
>>
>> Welcome to the posture assessment through network information
>> collection
>> (PANIC) email list. At the side meeting on March 29th, we started
>> discussing the problem of how to measure the health of network
>> devices. We discussed the need to collect posture information from
>> network devices to support asset, software, vulnerability, and
>> configuration management use cases. We were asked by the group to
>> share a more detailed description of the intended scope for the PANIC
>> effort. The follow draft is an attempt to do
>> so:
>>
>> https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/
>>
>> We would appreciate review of and comments on this draft. At this
>> point, we want to know if the this scope clearly defines the problem to be
>>
>> solved.
>>
>>
>> Please let us know if you have any questions or concerns, or if you
>> think the scope draft is adequate.
>>
>> Regards,
>> David Waltermire
>>
>> _______________________________________________
>> Panic mailing list
>> Panic@ietf.org
>> https://www.ietf.org/mailman/listinfo/panic
>>
>>
>> _______________________________________________
>> Panic mailing list
>> Panic@ietf.org
>> https://www.ietf.org/mailman/listinfo/panic
>>
>>
>>
>> --
>> "Esta vez no fallaremos, Doctor Infierno"
>>
>> Dr Diego R. Lopez
>> Telefonica I+D
>> http://people.tid.es/diego.lopez/
>>
>> e-mail: diego.r.lopez@telefonica.com
>> Tel:    +34 913 129 041
>> Mobile: +34 682 051 091
>> ----------------------------------
>>
>>
>>
>>
>> ------------------------------
>>
>>
>> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
>> puede contener información privilegiada o confidencial y es para uso
>> exclusivo de la persona o entidad de destino. Si no es usted. el
>> destinatario indicado, queda notificado de que la lectura, utilización,
>> divulgación y/o copia sin autorización puede estar prohibida en virtud de
>> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
>> que nos lo comunique inmediatamente por esta misma vía y proceda a su
>> destrucción.
>>
>> The information contained in this transmission is privileged and
>> confidential information intended only for the use of the individual or
>> entity named above. If the reader of this message is not the intended
>> recipient, you are hereby notified that any dissemination, distribution or
>> copying of this communication is strictly prohibited. If you have received
>> this transmission in error, do not read it. Please immediately reply to the
>> sender that you have received this communication in error and then delete
>> it.
>>
>> Esta mensagem e seus anexos se dirigem exclusivamente ao seu
>> destinatário, pode conter informação privilegiada ou confidencial e é para
>> uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o
>> destinatário indicado, fica notificado de que a leitura, utilização,
>> divulgação e/ou cópia sem autorização pode estar proibida em virtude da
>> legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos
>> o comunique imediatamente por esta mesma via e proceda a sua destruição
>>
>>
>>
>>
>> _______________________________________________
>>
>> Panic mailing list
>>
>> Panic@ietf.org
>>
>> https://www.ietf.org/mailman/listinfo/panic
>>
>>
>> _______________________________________________ Panic mailing list
>> Panic@ietf.org https://www.ietf.org/mailman/listinfo/panic
>
> _______________________________________________
> Panic mailing listPanic@ietf.orghttps://www.ietf.org/mailman/listinfo/panic
>
>

v2.23.0 | Report a Bug | By Email