Re: [Panic] Scope Draft is Available
Jessica Fitzgerald-McKay <jmfmckay@gmail.com> Mon, 26 June 2017 14:47 UTC
Return-Path: <jmfmckay@gmail.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EB86124217 for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 07:47:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.987
X-Spam-Level:
X-Spam-Status: No, score=-1.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93icBsqTRxXw for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 07:47:24 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 695A212EACA for <Panic@ietf.org>; Mon, 26 Jun 2017 07:47:24 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id j53so2191306uaa.2 for <Panic@ietf.org>; Mon, 26 Jun 2017 07:47:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WVkyweDzCqw4u9u2dl8Wu9oBDJufm6nny/OmcMvdQF0=; b=Ig8MwsibFVEC2JAhJNfwRhJc2q0e2yzPwetQKqjEw9jky8H67uEWPWX5zL8xav2Qyi 9kpO6xz3VAK00PrUW2NdhqPIXEUHK+P2H0H+ITVJppIY51YTZgG0amFO4OPuMTIMJ7z/ KZEJbxN0tCuI8d5QemX1b4vOHWEgf0YmZegfEMv1iifIKX+9Xm0jmBuK3Gav43sb56qV 4CvnuoWeDNbQQTZF7oV/zEm6uDTpKEXC+UfwrdYW/ROyptNqGVyZ5DfrYXgCLC8zyYGu invrq+vyxTAPOLDa9chPYr3i99YVTmnWLSOzv4kJxwk8x4nFKqSOxplceZ2Kr/vR7iAF NRdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WVkyweDzCqw4u9u2dl8Wu9oBDJufm6nny/OmcMvdQF0=; b=iZ7VYQ0pEmwVOwflgvt/HmaaZg22+2qZ+Vzl+WMTeu7FBwcRmH1sadFAWhZ83QYhAS 37F1VXFiutp83yZTKKuGY4aCzoMgBF0CoO2zPZJDa/IP85myjuZLZZzI797fo/12Ex7k NUTUF6L/E85cvqJOiLpTOhIUVo5LmdVrQpVhRyCJwPbs2FEnvd2iUkz11Z9P/0VImXhR GNosY0NflFg1XNTz7UG7wA3cITsHP4ax25IosKKCQM4YFYkB+qoXdu0JJXSk0pvS0PAj KPZTvlxf9M9X6H0Hn3dVV8+WA/eKEQmrLWRxIAXlBzc6odusZ/BeynCexZsO/JqpGubY w3Lw==
X-Gm-Message-State: AKS2vOyp9HtLBJTwlgOk1vlDlo8mD1N25NCzCALN9Od9CPghYcy9dy1q Zuu89/+8PJO5RJFiWwEExPr7vQRwLA==
X-Received: by 10.176.67.98 with SMTP id k89mr314568uak.103.1498488443306; Mon, 26 Jun 2017 07:47:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.83.93 with HTTP; Mon, 26 Jun 2017 07:47:22 -0700 (PDT)
In-Reply-To: <MWHPR09MB1440989ACF09FB9BADB8747EF0C10@MWHPR09MB1440.namprd09.prod.outlook.com>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com> <MWHPR09MB14406D7D3B3505F6DD476366F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <D4EE3E29-4B4D-4B64-8328-2755E1E17353@telefonica.com> <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com> <3c2c18cd-90a5-ed7f-d803-f2906f3d116b@htt-consult.com> <MWHPR09MB1440989ACF09FB9BADB8747EF0C10@MWHPR09MB1440.namprd09.prod.outlook.com>
From: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>
Date: Mon, 26 Jun 2017 10:47:22 -0400
Message-ID: <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Cc: Robert Moskowitz <rgm-sec@htt-consult.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>, "Panic@ietf.org" <Panic@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
Content-Type: multipart/alternative; boundary="94eb2c0b8d5e5d0bdd0552de07ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/eMcMkVpCl8EXDzraQJAgHz72hQA>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 14:47:28 -0000
All, I have posted an updated draft scope here: https://datatracker.ietf.org/doc/html/draft-waltermire-panic-scope-02. I think we have addressed most of the issues brought up on list. I do not feel I adequately addressed making NAT out of scope (per Daniel's request) and would like some help on that. Bob, to your questions on the relationship between our work and netconf, I think that we could best focus our time on extending YANG to meet the requirements we derive from this scoping statement. So, I stated that explicitly in this draft. I'd like to get feedback from the group on that approach, so please chime in if you like/dislike/love/loathe that idea. Thanks, Jess On Fri, Jun 16, 2017 at 3:11 PM, Waltermire, David A. (Fed) < david.waltermire@nist.gov> wrote: > Hi Bob, > > > > Thanks for asking. We have been working on an update. We hope to post it > soon addressing the feedback we have received so far, including addressing > the comments from your other email today. > > > > Thanks, > > Dave > > > > *From:* Robert Moskowitz [mailto:rgm-sec@htt-consult.com] > *Sent:* Thursday, June 15, 2017 4:38 PM > *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov>; Diego R. > Lopez <diego.r.lopez@telefonica.com> > > *Cc:* Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com> > *Subject:* Re: [Panic] Scope Draft is Available > > > > David, > > Do you have an update to your draft? > > I don't see anything past the Apr 11 01.txt draft. > > thanks > > On 05/19/2017 10:09 AM, Waltermire, David A. (Fed) wrote: > > Diego, thanks for the edits. > > > > All, > > > I am going to drop this text into an update of the scope draft. I’ll wait > until Monday to work on posting the draft update. Please let me know if any > other changes to the draft are desired. > > > > Thanks, > > Dave > > > > *From:* Panic [mailto:panic-bounces@ietf.org <panic-bounces@ietf.org>] *On > Behalf Of *Diego R. Lopez > *Sent:* Friday, May 19, 2017 2:23 AM > *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov> > <david.waltermire@nist.gov> > *Cc:* Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com> > <pkampana@cisco.com> > *Subject:* Re: [Panic] Scope Draft is Available > > > > Hi, > > > > I agree with David’s proposal, with just a few minor changes with respect > to the original text, to make it more general, completely covering the > virtual cases (NFV) and eliminating the term “device” to avoid too many > equivalences... > > > > Network operators need to know what is connected to their organization's > networks so that they can properly manage those network elements. Managing > these network endpoints, consisting of physical and virtual network > infrastructure, requires access to information pertaining to them, > including endpoint identity, the identity of software installed on the > element, and the configuration setting values for the installed software. > This information can be collected from different classes of elements over > different protocols and using different data models. PANIC will identify a > standardized solution to collect posture information for network element, > and allow that information to be shared with authorized users and elements > on the network supporting security automation. PANIC aims to reuse > available standards for posture assessment where possible. The PANIC effort > will avoid redefining information exchange technologies for use cases that > have already been defined. > > > > Be goode, > > > > On 18 May 2017, at 20:01 , Waltermire, David A. (Fed) < > david.waltermire@nist.gov> wrote: > > > > Panos, thanks for providing text. > > We have participants that are approaching this problem space that are > accustomed to using endpoint and network element. How about the following > introduction text to draw an equivalence between these terms? > > Network operators need to know what is connected to their organization's > networks so that they can properly manage those network elements. Managing > these network elements, consisting of physical and virtual network > infrastructure devices, requires access to information pertaining to these > endpoint devices, including device identity, the identity of software > installed on the endpoint, and the configuration setting values for the > installed software. This information can be collected from different > classes of endpoints over different protocols and using different data > models. PANIC will identify a standardized solution to collect posture > information for network devices, and allow that information to be shared > with authorized users and devices on the network supporting security > automation. PANIC aims to reuse available standards for posture assessment > where possible. The PANIC effort will avoid redefining information exchange > technologies for use cases that have already been defi > ned. > > Also, I added your text to the security considerations section. I will > post this in the -02 revision once we sort out the Introduction. > > Thanks, > Dave > > > > -----Original Message----- > From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com > <pkampana@cisco.com>] > Sent: Thursday, May 18, 2017 12:30 PM > To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>; Panic@ietf.org > Subject: RE: Scope Draft is Available > > ACK. Below some proposed text: > > For the Security Considerations Section: > Further discussion here will address the threat introduced to the network > elements by the posture information collection. There should be protections > implemented to prevent the element from being vulnerable to DoS attacks > by frequent polling or pushing of posture data. > > For the Introduction Section: > ...automation. PANIC aims to reuse available standards for posture > assessment where possible. It will avoid redefining info exchange > technologies for usecases that have already been defined. > > For the Introduction Section: > ...manage those > endpoints. Endpoints / Elements include hardware, software of virtual > network infrastructure devices. > > > > > > hardware, software or virtual (NFV fails in this > > > category) > > > > -----Original Message----- > From: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov > <david.waltermire@nist.gov>] > Sent: Thursday, May 18, 2017 10:59 AM > To: Panos Kampanakis (pkampana) <pkampana@cisco.com>; Panic@ietf.org > Subject: RE: Scope Draft is Available > > Panos, > > Thank you for providing feedback on the PANIC scope draft. > > Comments are inline below. > > > > -----Original Message----- > From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com > <pkampana@cisco.com>] > Sent: Thursday, May 18, 2017 10:37 AM > To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>; > Panic@ietf.org > Subject: RE: Scope Draft is Available > > Hi David, > > The document is clear. > > One semantic objection I have is about the use of the word endpoint. I > believe the term is commonly used for user machines (laptops, cells, > tablets) . Network element or element is a little clearer. > > > I don't have a dog in this fight. I am happy to go either way (e.g., > endpoint, > network element) if there is a preference in the group for one term or the > other. I'd like to hear other opinions on this. > > > > A susggestion: The security section could mention the importance of > not introducing security concerns with the posture info collection. > For example a device should not be DoSable by too many polls, or it > should not push often enough that would introduce performance concerns > > etc. > > I think this is a good idea. Do you have some text in mind to drop in? > > > > I think it will also be beneficial to be explicit about the types of > network elements. In the broad technologies that exist today, these > elements could be hardware, software or virtual (NFV fails in this > category). All of those should be in scope for this work. > > > All of these are in scope in my view. > > > > Side comment: I would like this standardization effort to try to reuse > data formats and transports wherever possible and not come up with new > posture information descriptions. I think this is a common goal that > SACM has as well. > > > I share this goal as well. Should we document this in the draft? > > > > Thanks, > Panos > > > Regards, > Dave > > > > -----Original Message----- > From: Panic [mailto:panic-bounces@ietf.org <panic-bounces@ietf.org>] On > Behalf Of Waltermire, > David A. (Fed) > Sent: Monday, May 15, 2017 11:03 AM > To: Panic@ietf.org > Subject: [Panic] Scope Draft is Available > > Welcome to the posture assessment through network information > collection > (PANIC) email list. At the side meeting on March 29th, we started > discussing the problem of how to measure the health of network > devices. We discussed the need to collect posture information from > network devices to support asset, software, vulnerability, and > configuration management use cases. We were asked by the group to > share a more detailed description of the intended scope for the PANIC > effort. The follow draft is an attempt to do > so: > > https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/ > > We would appreciate review of and comments on this draft. At this > point, we want to know if the this scope clearly defines the problem to be > > solved. > > > Please let us know if you have any questions or concerns, or if you > think the scope draft is adequate. > > Regards, > David Waltermire > > _______________________________________________ > Panic mailing list > Panic@ietf.org > https://www.ietf.org/mailman/listinfo/panic > > > _______________________________________________ > Panic mailing list > Panic@ietf.org > https://www.ietf.org/mailman/listinfo/panic > > > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > > e-mail: diego.r.lopez@telefonica.com > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ---------------------------------- > > > > > ------------------------------ > > > Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, > puede contener información privilegiada o confidencial y es para uso > exclusivo de la persona o entidad de destino. Si no es usted. el > destinatario indicado, queda notificado de que la lectura, utilización, > divulgación y/o copia sin autorización puede estar prohibida en virtud de > la legislación vigente. Si ha recibido este mensaje por error, le rogamos > que nos lo comunique inmediatamente por esta misma vía y proceda a su > destrucción. > > The information contained in this transmission is privileged and > confidential information intended only for the use of the individual or > entity named above. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have received > this transmission in error, do not read it. Please immediately reply to the > sender that you have received this communication in error and then delete > it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, > pode conter informação privilegiada ou confidencial e é para uso exclusivo > da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário > indicado, fica notificado de que a leitura, utilização, divulgação e/ou > cópia sem autorização pode estar proibida em virtude da legislação vigente. > Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique > imediatamente por esta mesma via e proceda a sua destruição > > > > > _______________________________________________ > > Panic mailing list > > Panic@ietf.org > > https://www.ietf.org/mailman/listinfo/panic > > > > _______________________________________________ > Panic mailing list > Panic@ietf.org > https://www.ietf.org/mailman/listinfo/panic > >
- [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Panos Kampanakis (pkampana)
- Re: [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Panos Kampanakis (pkampana)
- Re: [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Diego R. Lopez
- Re: [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Daniel Migault
- Re: [Panic] Scope Draft is Available Robert Moskowitz
- Re: [Panic] Scope Draft is Available Robert Moskowitz
- Re: [Panic] Scope Draft is Available Waltermire, David A. (Fed)
- Re: [Panic] Scope Draft is Available Jessica Fitzgerald-McKay
- Re: [Panic] Scope Draft is Available Robert Moskowitz
- Re: [Panic] Scope Draft is Available Jessica Fitzgerald-McKay
- Re: [Panic] Scope Draft is Available Robert Moskowitz
- Re: [Panic] Scope Draft is Available Panos Kampanakis (pkampana)
- Re: [Panic] Scope Draft is Available Diego R. Lopez