IETF Logo Mail Archive

Re: [Panic] Scope Draft is Available

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Thu, 18 May 2017 16:36 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: panic@ietfa.amsl.com
Delivered-To: panic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25CD0129B95 for <panic@ietfa.amsl.com>; Thu, 18 May 2017 09:36:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q-3aM1grGAhl for <panic@ietfa.amsl.com>; Thu, 18 May 2017 09:36:28 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D46EF129BA1 for <Panic@ietf.org>; Thu, 18 May 2017 09:30:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4358; q=dns/txt; s=iport; t=1495125008; x=1496334608; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=M50A1gIcod0NA0iCLiiJrBms6azr69y8LLjzaAlzTpM=; b=Q5MfRqRNDAMh0Na/H9Lhd7PJ2xjMHZ1I8RHdki9t/8X8HqdWllSlixBt W4rqGaazowF0c5xF4YOrmtR5PIlAg1uy4+3SVkvKIbE0XzNMdX3LLdCOP fZnXEc04TmMf+4qYbXGD1j8fIoulNzo42xyrwhiuiDu4IkGAuEw1RUlR0 c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CaAABOyx1Z/49dJa1dGQEBAQEBAQEBAQEBBwEBAQEBgywpYoEMB41+kW2VdoIPIQuCQoM2AoVvPxgBAgEBAQEBAQFrKIUYAQEBAQIBAQE4NBAHBAIBCBEEAQEfCQcnCxQJCAEBBAESCIhMgUcIDrE6ixYBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYZfgV6DG4Q0EgGGDgWWdIcfAYcbi3aCDYU8ii6URQEfOH8LcBVGhnZ2hgSBIYENAQEB
X-IronPort-AV: E=Sophos;i="5.38,359,1491264000"; d="scan'208";a="236657664"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 May 2017 16:30:06 +0000
Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v4IGU6iw003058 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 18 May 2017 16:30:06 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 18 May 2017 11:30:05 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1210.000; Thu, 18 May 2017 11:30:05 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "Panic@ietf.org" <Panic@ietf.org>
Thread-Topic: Scope Draft is Available
Thread-Index: AdLNjFoi4UJSdMycRuOkrf0darmESQBj41DwADKpxpAAAE3vkA==
Date: Thu, 18 May 2017 16:30:05 +0000
Message-ID: <7ddec0441a2d492f979c27325dfe1fdb@XCH-ALN-010.cisco.com>
References: <MWHPR09MB14403A4D4118D9D685B31B8DF0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <2c391fc46bca4900875ee3b0514df42b@XCH-ALN-010.cisco.com> <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com>
In-Reply-To: <MWHPR09MB14404051B8C07A6F1205B7B2F0E40@MWHPR09MB1440.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.108.5]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/panic/liDtzSeB0Wfu4WPA-qkd8Hoz11s>
Subject: Re: [Panic] Scope Draft is Available
X-BeenThere: panic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Posture Assessment Through Network Information Collection \(panic\)" <panic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/panic>, <mailto:panic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/panic/>
List-Post: <mailto:panic@ietf.org>
List-Help: <mailto:panic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/panic>, <mailto:panic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 16:36:32 -0000

ACK. Below some proposed text: 

For the Security Considerations Section: 
   Further discussion here will address the threat introduced to the network elements by the posture information collection. There should be protections implemented to prevent the element from being vulnerable to DoS attacks by frequent polling or pushing of posture data. 

For the Introduction Section: 
   ...automation. PANIC aims to reuse available standards for posture assessment where possible. It will avoid redefining info exchange technologies for usecases that have already been defined. 

For the Introduction Section: 
   ...manage those 
   endpoints. Endpoints / Elements include hardware, software of virtual network infrastructure devices. 





hardware, software or virtual (NFV fails in this 
> category)


-----Original Message-----
From: Waltermire, David A. (Fed) [mailto:david.waltermire@nist.gov] 
Sent: Thursday, May 18, 2017 10:59 AM
To: Panos Kampanakis (pkampana) <pkampana@cisco.com>; Panic@ietf.org
Subject: RE: Scope Draft is Available

Panos,

Thank you for providing feedback on the PANIC scope draft.

Comments are inline below.

> -----Original Message-----
> From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com]
> Sent: Thursday, May 18, 2017 10:37 AM
> To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>; 
> Panic@ietf.org
> Subject: RE: Scope Draft is Available
> 
> Hi David,
> 
> The document is clear.
> 
> One semantic objection I have is about the use of the word endpoint. I 
> believe the term is commonly used for user machines (laptops, cells, 
> tablets) . Network element or element is a little clearer.

I don't have a dog in this fight. I am happy to go either way (e.g., endpoint, network element) if there is a preference in the group for one term or the other. I'd like to hear other opinions on this.

> A susggestion: The security section could mention the importance of 
> not introducing security concerns with the posture info collection. 
> For example a device should not be DoSable by too many polls, or it 
> should not push often enough that would introduce performance concerns etc.

I think this is a good idea. Do you have some text in mind to drop in?

> I think it will also be beneficial to be explicit about the types of 
> network elements. In the broad technologies that exist today, these 
> elements could be hardware, software or virtual (NFV fails in this 
> category). All of those should be in scope for this work.

All of these are in scope in my view.

> Side comment: I would like this standardization effort to try to reuse 
> data formats and transports wherever possible and not come up with new 
> posture information descriptions. I think this is a common goal that 
> SACM has as well.

I share this goal as well. Should we document this in the draft?

> Thanks,
> Panos

Regards,
Dave

> -----Original Message-----
> From: Panic [mailto:panic-bounces@ietf.org] On Behalf Of Waltermire, 
> David A. (Fed)
> Sent: Monday, May 15, 2017 11:03 AM
> To: Panic@ietf.org
> Subject: [Panic] Scope Draft is Available
> 
> Welcome to the posture assessment through network information 
> collection
> (PANIC) email list. At the side meeting on March 29th, we started 
> discussing the problem of how to measure the health of network 
> devices. We discussed the need to collect posture information from 
> network devices to support asset, software, vulnerability, and 
> configuration management use cases. We were asked by the group to 
> share a more detailed description of the intended scope for the PANIC 
> effort. The follow draft is an attempt to do
> so:
> 
> https://datatracker.ietf.org/doc/draft-waltermire-panic-scope/
> 
> We would appreciate review of and comments on this draft. At this 
> point, we want to know if the this scope clearly defines the problem to be solved.
> Please let us know if you have any questions or concerns, or if you 
> think the scope draft is adequate.
> 
> Regards,
> David Waltermire
> 
> _______________________________________________
> Panic mailing list
> Panic@ietf.org
> https://www.ietf.org/mailman/listinfo/panic

v2.23.0 | Report a Bug | By Email