Re: [Panic] Scope Draft is Available

Jessica Fitzgerald-McKay <jmfmckay@gmail.com> Mon, 26 June 2017 14:47 UTC

Return-Path: <jmfmckay@gmail.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EB86124217 for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 07:47:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.987
X-Spam-Level:
X-Spam-Status: No, score=-1.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93icBsqTRxXw for <panic@ietfa.amsl.com>; Mon, 26 Jun 2017 07:47:24 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 695A212EACA for <Panic@ietf.org>; Mon, 26 Jun 2017 07:47:24 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id j53so2191306uaa.2 for <Panic@ietf.org>; Mon, 26 Jun 2017 07:47:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WVkyweDzCqw4u9u2dl8Wu9oBDJufm6nny/OmcMvdQF0=; b=Ig8MwsibFVEC2JAhJNfwRhJc2q0e2yzPwetQKqjEw9jky8H67uEWPWX5zL8xav2Qyi 9kpO6xz3VAK00PrUW2NdhqPIXEUHK+P2H0H+ITVJppIY51YTZgG0amFO4OPuMTIMJ7z/ KZEJbxN0tCuI8d5QemX1b4vOHWEgf0YmZegfEMv1iifIKX+9Xm0jmBuK3Gav43sb56qV 4CvnuoWeDNbQQTZF7oV/zEm6uDTpKEXC+UfwrdYW/ROyptNqGVyZ5DfrYXgCLC8zyYGu invrq+vyxTAPOLDa9chPYr3i99YVTmnWLSOzv4kJxwk8x4nFKqSOxplceZ2Kr/vR7iAF NRdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WVkyweDzCqw4u9u2dl8Wu9oBDJufm6nny/OmcMvdQF0=; b=iZ7VYQ0pEmwVOwflgvt/HmaaZg22+2qZ+Vzl+WMTeu7FBwcRmH1sadFAWhZ83QYhAS 37F1VXFiutp83yZTKKuGY4aCzoMgBF0CoO2zPZJDa/IP85myjuZLZZzI797fo/12Ex7k NUTUF6L/E85cvqJOiLpTOhIUVo5LmdVrQpVhRyCJwPbs2FEnvd2iUkz11Z9P/0VImXhR GNosY0NflFg1XNTz7UG7wA3cITsHP4ax25IosKKCQM4YFYkB+qoXdu0JJXSk0pvS0PAj KPZTvlxf9M9X6H0Hn3dVV8+WA/eKEQmrLWRxIAXlBzc6odusZ/BeynCexZsO/JqpGubY w3Lw==
X-Gm-Message-State: AKS2vOyp9HtLBJTwlgOk1vlDlo8mD1N25NCzCALN9Od9CPghYcy9dy1q Zuu89/+8PJO5RJFiWwEExPr7vQRwLA==
X-Received: by 10.176.67.98 with SMTP id k89mr314568uak.103.1498488443306; Mon, 26 Jun 2017 07:47:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.83.93 with HTTP; Mon, 26 Jun 2017 07:47:22 -0700 (PDT)
In-Reply-To: <MWHPR09MB1440989ACF09FB9BADB8747EF0C10@MWHPR09MB1440.namprd09.prod.outlook.com>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com> <MWHPR09MB14406D7D3B3505F6DD476366F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <D4EE3E29-4B4D-4B64-8328-2755E1E17353@telefonica.com> <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com> <3c2c18cd-90a5-ed7f-d803-f2906f3d116b@htt-consult.com> <MWHPR09MB1440989ACF09FB9BADB8747EF0C10@MWHPR09MB1440.namprd09.prod.outlook.com>
From: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>
Date: Mon, 26 Jun 2017 10:47:22 -0400
Message-ID: <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Cc: Robert Moskowitz <rgm-sec@htt-consult.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>, "Panic@ietf.org" <Panic@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
Content-Type: multipart/alternative; boundary="94eb2c0b8d5e5d0bdd0552de07ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/eMcMkVpCl8EXDzraQJAgHz72hQA>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 14:47:28 -0000

All,
I have posted an updated draft scope here:
https://datatracker.ietf.org/doc/html/draft-waltermire-panic-scope-02.

I think we have addressed most of the issues brought up on list. I do not
feel I adequately addressed making NAT out of scope (per Daniel's request)
and would like some help on that.

Bob, to your questions on the relationship between our work and netconf, I
think that we could best focus our time on extending YANG to meet the
requirements we derive from this scoping statement. So, I stated that
explicitly in this draft. I'd like to get feedback from the group on that
approach, so please chime in if you like/dislike/love/loathe that idea.

Thanks,
Jess

On Fri, Jun 16, 2017 at 3:11 PM, Waltermire, David A. (Fed) <
david.waltermire@nist.gov>; wrote:

> Hi Bob,
>
>
>
> Thanks for asking. We have been working on an update. We hope to post it
> soon addressing the feedback we have received so far, including addressing
> the comments from your other email today.
>
>
>
> Thanks,
>
> Dave
>
>
>
> *From:* Robert Moskowitz [mailto:rgm-sec@htt-consult.com]
> *Sent:* Thursday, June 15, 2017 4:38 PM
> *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov>;; Diego R.
> Lopez <diego.r.lopez@telefonica.com>;
>
> *Cc:* Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com>;
> *Subject:* Re: [Panic] Scope Draft is Available
>
>
>
> David,
>
> Do you have an update to your draft?
>
> I don't see anything past the Apr 11 01.txt draft.
>
> thanks
>
> On 05/19/2017 10:09 AM, Waltermire, David A. (Fed) wrote:
>
> Diego, thanks for the edits.
>
>
>
> All,
>
>
> I am going to drop this text into an update of the scope draft. I’ll wait
> until Monday to work on posting the draft update. Please let me know if any
> other changes to the draft are desired.
>
>
>
> Thanks,
>
> Dave
>
>
>
> *From:* Panic [mailto:panic-bounces@ietf.org <panic-bounces@ietf.org>] *On
> Behalf Of *Diego R. Lopez
> *Sent:* Friday, May 19, 2017 2:23 AM
> *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov>;
> <david.waltermire@nist.gov>;
> *Cc:* Panic@ietf.org; Panos Kampanakis (pkampana) <pkampana@cisco.com>;
> <pkampana@cisco.com>;
> *Subject:* Re: [Panic] Scope Draft is Available
>
>
>
> Hi,
>
>
>
> I agree with David’s proposal, with just a few minor changes with respect
> to the original text, to make it more general, completely covering the
> virtual cases (NFV) and eliminating the term “device” to avoid too many
> equivalences...
>
>
>
> Network operators need to know what is connected to their organization's
> networks so that they can properly manage those network elements. Managing
> these network endpoints, consisting of physical and virtual network
> infrastructure, requires access to information pertaining to them,
> including endpoint identity, the identity of software installed on the
> element, and the configuration setting values for the installed software.
> This information can be collected from different classes of elements over
> different protocols and using different data models. PANIC will identify a
> standardized solution to collect posture information for network element,
> and allow that information to be shared with authorized users and elements
> on the network supporting security automation. PANIC aims to reuse
> available standards for posture assessment where possible. The PANIC effort
> will avoid redefining information exchange technologies for use cases that
> have already been defined.
>
>
>
> Be goode,
>
>
>
> On 18 May 2017, at 20:01 , Waltermire, David A. (Fed) <
> david.waltermire@nist.gov>; wrote:
>
>
>
> Panos, thanks for providing text.
>
> We have participants that are approaching this problem space that are
> accustomed to using endpoint and network element. How about the following
> introduction text to draw an equivalence between these terms?
>
> Network operators need to know what is connected to their organization's
> networks so that they can properly manage those network elements. Managing
> these network elements, consisting of physical and virtual network
> infrastructure devices, requires access to information pertaining to these
> endpoint devices, including device identity, the identity of software
> installed on the endpoint, and the configuration setting values for the
> installed software. This information can be collected from different
> classes of endpoints over different protocols and using different data
> models. PANIC will identify a standardized solution to collect posture
> information for network devices, and allow that information to be shared
> with authorized users and devices on the network supporting security
> automation. PANIC aims to reuse available standards for posture assessment
> where possible. The PANIC effort will avoid redefining information exchange
> technologies for use cases that have already been defi
> ned.
>
> Also, I added your text to the security considerations section. I will
> post this in the -02 revision once we sort out the Introduction.
>
> Thanks,
> Dave
>
>
>
> -----Original Message-----
> From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com
> <pkampana@cisco.com>]
> Sent: Thursday, May 18, 2017 12:30 PM
> To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>;; Panic@ietf.org
> Subject: RE: Scope Draft is Available
>
> ACK. Below some proposed text:
>
> For the Security Considerations Section:
>   Further discussion here will address the threat introduced to the network
> elements by the posture information collection. There should be protections
> implemented to prevent the element from being vulnerable to DoS attacks
> by frequent polling or pushing of posture data.
>
> For the Introduction Section:
>   ...automation. PANIC aims to reuse available standards for posture
> assessment where possible. It will avoid redefining info exchange
> technologies for usecases that have already been defined.
>
> For the Introduction Section:
>   ...manage those
>   endpoints. Endpoints / Elements include hardware, software of virtual
> network infrastructure devices.
>
>
>
>
>
> hardware, software or virtual (NFV fails in this
>
>
> category)
>
>
>
> -----Original Message-----
> From: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov
> <david.waltermire@nist.gov>]
> Sent: Thursday, May 18, 2017 10:59 AM
> To: Panos Kampanakis (pkampana) <pkampana@cisco.com>;; Panic@ietf.org
> Subject: RE: Scope Draft is Available
>
> Panos,
>
> Thank you for providing feedback on the PANIC scope draft.
>
> Comments are inline below.
>
>
>
> -----Original Message-----
> From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com
> <pkampana@cisco.com>]
> Sent: Thursday, May 18, 2017 10:37 AM
> To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>;;
> Panic@ietf.org
> Subject: RE: Scope Draft is Available
>
> Hi David,
>
> The document is clear.
>
> One semantic objection I have is about the use of the word endpoint. I
> believe the term is commonly used for user machines (laptops, cells,
> tablets) . Network element or element is a little clearer.
>
>
> I don't have a dog in this fight. I am happy to go either way (e.g.,
> endpoint,
> network element) if there is a preference in the group for one term or the
> other. I'd like to hear other opinions on this.
>
>
>
> A susggestion: The security section could mention the importance of
> not introducing security concerns with the posture info collection.
> For example a device should not be DoSable by too many polls, or it
> should not push often enough that would introduce performance concerns
>
> etc.
>
> I think this is a good idea. Do you have some text in mind to drop in?
>
>
>
> I think it will also be beneficial to be explicit about the types of
> network elements. In the broad technologies that exist today, these
> elements could be hardware, software or virtual (NFV fails in this
> category). All of those should be in scope for this work.
>
>
> All of these are in scope in my view.
>
>
>
> Side comment: I would like this standardization effort to try to reuse
> data formats and transports wherever possible and not come up with new
> posture information descriptions. I think this is a common goal that
> SACM has as well.
>
>
> I share this goal as well. Should we document this in the draft?
>
>
>
> Thanks,
> Panos
>
>
> Regards,
> Dave
>
>
>
> -----Original Message-----
> From: Panic [mailto:panic-bounces@ietf.org <panic-bounces@ietf.org>] On
> Behalf Of Waltermire,
> David A. (Fed)
> Sent: Monday, May 15, 2017 11:03 AM
> To: Panic@ietf.org
> Subject: [Panic] Scope Draft is Available
>
> Welcome to the posture assessment through network information
> collection
> (PANIC) email list. At the side meeting on March 29th, we started
> discussing the problem of how to measure the health of network
> devices. We discussed the need to collect posture information from
> network devices to support asset, software, vulnerability, and
> configuration management use cases. We were asked by the group to
> share a more detailed description of the intended scope for the PANIC
> effort. The follow draft is an attempt to do
> so:
>
> https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/
>
> We would appreciate review of and comments on this draft. At this
> point, we want to know if the this scope clearly defines the problem to be
>
> solved.
>
>
> Please let us know if you have any questions or concerns, or if you
> think the scope draft is adequate.
>
> Regards,
> David Waltermire
>
> _______________________________________________
> Panic mailing list
> Panic@ietf.org
> https://www.ietf.org/mailman/listinfo/panic
>
>
> _______________________________________________
> Panic mailing list
> Panic@ietf.org
> https://www.ietf.org/mailman/listinfo/panic
>
>
>
> --
> "Esta vez no fallaremos, Doctor Infierno"
>
> Dr Diego R. Lopez
> Telefonica I+D
> http://people.tid.es/diego.lopez/
>
> e-mail: diego.r.lopez@telefonica.com
> Tel:    +34 913 129 041
> Mobile: +34 682 051 091
> ----------------------------------
>
>
>
>
> ------------------------------
>
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
>
> The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo
> da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou
> cópia sem autorização pode estar proibida em virtude da legislação vigente.
> Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique
> imediatamente por esta mesma via e proceda a sua destruição
>
>
>
>
> _______________________________________________
>
> Panic mailing list
>
> Panic@ietf.org
>
> https://www.ietf.org/mailman/listinfo/panic
>
>
>
> _______________________________________________
> Panic mailing list
> Panic@ietf.org
> https://www.ietf.org/mailman/listinfo/panic
>
>