Re: [Panic] Scope Draft is Available

Robert Moskowitz <rgm-sec@htt-consult.com> Tue, 27 June 2017 19:45 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5FBE12EB1D for <panic@ietfa.amsl.com>; Tue, 27 Jun 2017 12:45:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.741
X-Spam-Level:
X-Spam-Status: No, score=-2.741 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LEuLDq0IbS5r for <panic@ietfa.amsl.com>; Tue, 27 Jun 2017 12:45:38 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C79201270A7 for <Panic@ietf.org>; Tue, 27 Jun 2017 12:45:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 309556218F; Tue, 27 Jun 2017 15:45:35 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id wV0RujhC4grN; Tue, 27 Jun 2017 15:45:19 -0400 (EDT)
Received: from lx120e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 7A296621F2; Tue, 27 Jun 2017 15:45:17 -0400 (EDT)
To: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com> <MWHPR09MB14406D7D3B3505F6DD476366F0E40@MWHPR09MB1440.namprd09.prod.outlook.com> <D4EE3E29-4B4D-4B64-8328-2755E1E17353@telefonica.com> <MWHPR09MB1440FED81B63AC5103EA7B17F0E50@MWHPR09MB1440.namprd09.prod.outlook.com> <3c2c18cd-90a5-ed7f-d803-f2906f3d116b@htt-consult.com> <MWHPR09MB1440989ACF09FB9BADB8747EF0C10@MWHPR09MB1440.namprd09.prod.outlook.com> <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
Cc: "Panic@ietf.org" <Panic@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <f6952b15-2711-8693-715c-65f5df303dd9@htt-consult.com>
Date: Tue, 27 Jun 2017 15:44:58 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CAM+R6NUVziQqf_wX_uHoZww2F3WDqHoKNm80EDcst3nu5HkoMA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------9A70801D688E78A882B49FB3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/g2kJA8EgRYRaxSKxZcrzqXfxo8Y>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jun 2017 19:45:44 -0000

I have reviewed this version and it is much better.

Besides NETCONF, rfc6241, there is RESTCONF, rfc8040.  And there is the 
event notification rfc (5277) and draft.

Perhaps verbage to work with the NETCONF wg is appropriate and invite 
them to the session?

Finally sent 2 in the Intro is too long to read well (58 words!). It 
should be presented as a list for readablity.

Other than these points, I think we are ready to start filling in the 
blanks.

Bob


On 06/26/2017 10:47 AM, Jessica Fitzgerald-McKay wrote:
> All,
> I have posted an updated draft scope here: 
> https://datatracker.ietf.org/doc/html/draft-waltermire-panic-scope-02.
>
> I think we have addressed most of the issues brought up on list. I do 
> not feel I adequately addressed making NAT out of scope (per Daniel's 
> request) and would like some help on that.
>
> Bob, to your questions on the relationship between our work and 
> netconf, I think that we could best focus our time on extending YANG 
> to meet the requirements we derive from this scoping statement. So, I 
> stated that explicitly in this draft. I'd like to get feedback from 
> the group on that approach, so please chime in if you 
> like/dislike/love/loathe that idea.
>
> Thanks,
> Jess
>
> On Fri, Jun 16, 2017 at 3:11 PM, Waltermire, David A. (Fed) 
> <david.waltermire@nist.gov <mailto:david.waltermire@nist.gov>> wrote:
>
>     Hi Bob,
>
>     Thanks for asking. We have been working on an update. We hope to
>     post it soon addressing the feedback we have received so far,
>     including addressing the comments from your other email today.
>
>     Thanks,
>
>     Dave
>
>     *From:*Robert Moskowitz [mailto:rgm-sec@htt-consult.com
>     <mailto:rgm-sec@htt-consult.com>]
>     *Sent:* Thursday, June 15, 2017 4:38 PM
>     *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov
>     <mailto:david.waltermire@nist.gov>>; Diego R. Lopez
>     <diego.r.lopez@telefonica.com <mailto:diego.r.lopez@telefonica.com>>
>
>
>     *Cc:* Panic@ietf.org <mailto:Panic@ietf.org>; Panos Kampanakis
>     (pkampana) <pkampana@cisco.com <mailto:pkampana@cisco.com>>
>     *Subject:* Re: [Panic] Scope Draft is Available
>
>     David,
>
>     Do you have an update to your draft?
>
>     I don't see anything past the Apr 11 01.txt draft.
>
>     thanks
>
>     On 05/19/2017 10:09 AM, Waltermire, David A. (Fed) wrote:
>
>         Diego, thanks for the edits.
>
>         All,
>
>
>         I am going to drop this text into an update of the scope
>         draft. I’ll wait until Monday to work on posting the draft
>         update. Please let me know if any other changes to the draft
>         are desired.
>
>         Thanks,
>
>         Dave
>
>         *From:*Panic [mailto:panic-bounces@ietf.org] *On Behalf Of
>         *Diego R. Lopez
>         *Sent:* Friday, May 19, 2017 2:23 AM
>         *To:* Waltermire, David A. (Fed) <david.waltermire@nist.gov>;
>         <mailto:david.waltermire@nist.gov>
>         *Cc:* Panic@ietf.org <mailto:Panic@ietf.org>; Panos Kampanakis
>         (pkampana) <pkampana@cisco.com>; <mailto:pkampana@cisco.com>
>         *Subject:* Re: [Panic] Scope Draft is Available
>
>         Hi,
>
>         I agree with David’s proposal, with just a few minor changes
>         with respect to the original text, to make it more general,
>         completely covering the virtual cases (NFV) and eliminating
>         the term “device” to avoid too many equivalences...
>
>         Network operators need to know what is connected to their
>         organization's networks so that they can properly manage those
>         network elements. Managing these network endpoints, consisting
>         of physical and virtual network infrastructure, requires
>         access to information pertaining to them, including endpoint
>         identity, the identity of software installed on the element,
>         and the configuration setting values for the installed
>         software. This information can be collected from different
>         classes of elements over different protocols and using
>         different data models. PANIC will identify a standardized
>         solution to collect posture information for network element,
>         and allow that information to be shared with authorized users
>         and elements on the network supporting security automation.
>         PANIC aims to reuse available standards for posture assessment
>         where possible. The PANIC effort will avoid redefining
>         information exchange technologies for use cases that have
>         already been defined.
>
>         Be goode,
>
>             On 18 May 2017, at 20:01 , Waltermire, David A. (Fed)
>             <david.waltermire@nist.gov
>             <mailto:david.waltermire@nist.gov>> wrote:
>
>             Panos, thanks for providing text.
>
>             We have participants that are approaching this problem
>             space that are accustomed to using endpoint and network
>             element. How about the following introduction text to draw
>             an equivalence between these terms?
>
>             Network operators need to know what is connected to their
>             organization's networks so that they can properly manage
>             those network elements. Managing these network elements,
>             consisting of physical and virtual network infrastructure
>             devices, requires access to information pertaining to
>             these endpoint devices, including device identity, the
>             identity of software installed on the endpoint, and the
>             configuration setting values for the installed software.
>             This information can be collected from different classes
>             of endpoints over different protocols and using different
>             data models. PANIC will identify a standardized solution
>             to collect posture information for network devices, and
>             allow that information to be shared with authorized users
>             and devices on the network supporting security automation.
>             PANIC aims to reuse available standards for posture
>             assessment where possible. The PANIC effort will avoid
>             redefining information exchange technologies for use cases
>             that have already been defi
>             ned.
>
>             Also, I added your text to the security considerations
>             section. I will post this in the -02 revision once we sort
>             out the Introduction.
>
>             Thanks,
>             Dave
>
>
>
>                 -----Original Message-----
>                 From: Panos Kampanakis (pkampana)
>                 [mailto:pkampana@cisco.com]
>                 Sent: Thursday, May 18, 2017 12:30 PM
>                 To: Waltermire, David A. (Fed)
>                 <david.waltermire@nist.gov
>                 <mailto:david.waltermire@nist.gov>>; Panic@ietf.org
>                 <mailto:Panic@ietf.org>
>                 Subject: RE: Scope Draft is Available
>
>                 ACK. Below some proposed text:
>
>                 For the Security Considerations Section:
>                   Further discussion here will address the threat
>                 introduced to the network
>                 elements by the posture information collection. There
>                 should be protections
>                 implemented to prevent the element from being
>                 vulnerable to DoS attacks
>                 by frequent polling or pushing of posture data.
>
>                 For the Introduction Section:
>                   ...automation. PANIC aims to reuse available
>                 standards for posture
>                 assessment where possible. It will avoid redefining
>                 info exchange
>                 technologies for usecases that have already been defined.
>
>                 For the Introduction Section:
>                   ...manage those
>                   endpoints. Endpoints / Elements include hardware,
>                 software of virtual
>                 network infrastructure devices.
>
>
>
>
>
>                 hardware, software or virtual (NFV fails in this
>
>
>                     category)
>
>
>
>                 -----Original Message-----
>                 From: Waltermire, David A. (Fed)
>                 [mailto:david.waltermire@nist.gov
>                 <mailto:david.waltermire@nist.gov>]
>                 Sent: Thursday, May 18, 2017 10:59 AM
>                 To: Panos Kampanakis (pkampana) <pkampana@cisco.com
>                 <mailto:pkampana@cisco.com>>; Panic@ietf.org
>                 <mailto:Panic@ietf.org>
>                 Subject: RE: Scope Draft is Available
>
>                 Panos,
>
>                 Thank you for providing feedback on the PANIC scope draft.
>
>                 Comments are inline below.
>
>
>
>                     -----Original Message-----
>                     From: Panos Kampanakis (pkampana)
>                     [mailto:pkampana@cisco.com]
>                     Sent: Thursday, May 18, 2017 10:37 AM
>                     To: Waltermire, David A. (Fed)
>                     <david.waltermire@nist.gov
>                     <mailto:david.waltermire@nist.gov>>;
>                     Panic@ietf.org <mailto:Panic@ietf.org>
>                     Subject: RE: Scope Draft is Available
>
>                     Hi David,
>
>                     The document is clear.
>
>                     One semantic objection I have is about the use of
>                     the word endpoint. I
>                     believe the term is commonly used for user
>                     machines (laptops, cells,
>                     tablets) . Network element or element is a little
>                     clearer.
>
>
>                 I don't have a dog in this fight. I am happy to go
>                 either way (e.g., endpoint,
>                 network element) if there is a preference in the group
>                 for one term or the
>                 other. I'd like to hear other opinions on this.
>
>
>
>                     A susggestion: The security section could mention
>                     the importance of
>                     not introducing security concerns with the posture
>                     info collection.
>                     For example a device should not be DoSable by too
>                     many polls, or it
>                     should not push often enough that would introduce
>                     performance concerns
>
>                 etc.
>
>                 I think this is a good idea. Do you have some text in
>                 mind to drop in?
>
>
>
>                     I think it will also be beneficial to be explicit
>                     about the types of
>                     network elements. In the broad technologies that
>                     exist today, these
>                     elements could be hardware, software or virtual
>                     (NFV fails in this
>                     category). All of those should be in scope for
>                     this work.
>
>
>                 All of these are in scope in my view.
>
>
>
>                     Side comment: I would like this standardization
>                     effort to try to reuse
>                     data formats and transports wherever possible and
>                     not come up with new
>                     posture information descriptions. I think this is
>                     a common goal that
>                     SACM has as well.
>
>
>                 I share this goal as well. Should we document this in
>                 the draft?
>
>
>
>                     Thanks,
>                     Panos
>
>
>                 Regards,
>                 Dave
>
>
>
>                     -----Original Message-----
>                     From: Panic [mailto:panic-bounces@ietf.org] On
>                     Behalf Of Waltermire,
>                     David A. (Fed)
>                     Sent: Monday, May 15, 2017 11:03 AM
>                     To: Panic@ietf.org <mailto:Panic@ietf.org>
>                     Subject: [Panic] Scope Draft is Available
>
>                     Welcome to the posture assessment through network
>                     information
>                     collection
>                     (PANIC) email list. At the side meeting on March
>                     29th, we started
>                     discussing the problem of how to measure the
>                     health of network
>                     devices. We discussed the need to collect posture
>                     information from
>                     network devices to support asset, software,
>                     vulnerability, and
>                     configuration management use cases. We were asked
>                     by the group to
>                     share a more detailed description of the intended
>                     scope for the PANIC
>                     effort. The follow draft is an attempt to do
>                     so:
>
>                     https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/
>                     <https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/>
>
>                     We would appreciate review of and comments on this
>                     draft. At this
>                     point, we want to know if the this scope clearly
>                     defines the problem to be
>
>                 solved.
>
>
>                     Please let us know if you have any questions or
>                     concerns, or if you
>                     think the scope draft is adequate.
>
>                     Regards,
>                     David Waltermire
>
>                     _______________________________________________
>                     Panic mailing list
>                     Panic@ietf.org <mailto:Panic@ietf.org>
>                     https://www.ietf.org/mailman/listinfo/panic
>                     <https://www.ietf.org/mailman/listinfo/panic>
>
>
>             _______________________________________________
>             Panic mailing list
>             Panic@ietf.org <mailto:Panic@ietf.org>
>             https://www.ietf.org/mailman/listinfo/panic
>             <https://www.ietf.org/mailman/listinfo/panic>
>
>         --
>         "Esta vez no fallaremos, Doctor Infierno"
>
>         Dr Diego R. Lopez
>         Telefonica I+D
>         http://people.tid.es/diego.lopez/
>         <http://people.tid.es/diego.lopez/>
>
>         e-mail: diego.r.lopez@telefonica.com
>         <mailto:diego.r.lopez@telefonica.com>
>         Tel:    +34 913 129 041
>         Mobile: +34 682 051 091
>         ----------------------------------
>
>         ------------------------------------------------------------------------
>
>
>         Este mensaje y sus adjuntos se dirigen exclusivamente a su
>         destinatario, puede contener información privilegiada o
>         confidencial y es para uso exclusivo de la persona o entidad
>         de destino. Si no es usted. el destinatario indicado, queda
>         notificado de que la lectura, utilización, divulgación y/o
>         copia sin autorización puede estar prohibida en virtud de la
>         legislación vigente. Si ha recibido este mensaje por error, le
>         rogamos que nos lo comunique inmediatamente por esta misma vía
>         y proceda a su destrucción.
>
>         The information contained in this transmission is privileged
>         and confidential information intended only for the use of the
>         individual or entity named above. If the reader of this
>         message is not the intended recipient, you are hereby notified
>         that any dissemination, distribution or copying of this
>         communication is strictly prohibited. If you have received
>         this transmission in error, do not read it. Please immediately
>         reply to the sender that you have received this communication
>         in error and then delete it.
>
>         Esta mensagem e seus anexos se dirigem exclusivamente ao seu
>         destinatário, pode conter informação privilegiada ou
>         confidencial e é para uso exclusivo da pessoa ou entidade de
>         destino. Se não é vossa senhoria o destinatário indicado, fica
>         notificado de que a leitura, utilização, divulgação e/ou cópia
>         sem autorização pode estar proibida em virtude da legislação
>         vigente. Se recebeu esta mensagem por erro, rogamos-lhe que
>         nos o comunique imediatamente por esta mesma via e proceda a
>         sua destruição
>
>
>
>
>         _______________________________________________
>
>         Panic mailing list
>
>         Panic@ietf.org <mailto:Panic@ietf.org>
>
>         https://www.ietf.org/mailman/listinfo/panic
>         <https://www.ietf.org/mailman/listinfo/panic>
>
>     _______________________________________________ Panic mailing list
>     Panic@ietf.org <mailto:Panic@ietf.org>
>     https://www.ietf.org/mailman/listinfo/panic
>     <https://www.ietf.org/mailman/listinfo/panic> 
>
> _______________________________________________
> Panic mailing list
> Panic@ietf.org
> https://www.ietf.org/mailman/listinfo/panic