IETF Logo Mail Archive

Re: [sacm] WGLC for draft-ietf-sacm-ecp

Jessica Fitzgerald-McKay <jmfmckay@gmail.com> Thu, 25 July 2019 15:11 UTC

Return-Path: <jmfmckay@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F7061200CC for <sacm@ietfa.amsl.com>; Thu, 25 Jul 2019 08:11:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.003
X-Spam-Level:
X-Spam-Status: No, score=0.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EPlAsygm8RTe for <sacm@ietfa.amsl.com>; Thu, 25 Jul 2019 08:11:48 -0700 (PDT)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5612D120393 for <sacm@ietf.org>; Thu, 25 Jul 2019 08:11:38 -0700 (PDT)
Received: by mail-ot1-x32d.google.com with SMTP id l15so51984187otn.9 for <sacm@ietf.org>; Thu, 25 Jul 2019 08:11:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oJ98mxhUnY6PfDlRptJIK28WZnznxFzhdFSUv5MWaps=; b=sEzsr98j5TJhtO7TM8/RlvG+TqGU3lYFBbTfvVRLh0O0UuqRC8jxTAPxqpmt/zlBFe Nbmawc93efyXegJK1RuJ3k/i3gHyTEgsSzmTOxYq18xOYWFJuc0AWi+RH4tSQqE14Xkk jlveHdewYk9uwfkWpLGM6Efnl2B+cLMlaw7erdO8qsq5R7JNFIxGfk0+PPRufH+S1Aob ikdghk7YBM2ZX2IC2BK86gt8XfNL4tnJiGuIsBevPlFkAiWtxPlnfdiBYFT0stk1Y6YF vdHyWRY3GkznVmpbLRGhiA68KBg2yGQtrflndF+lyPf2H86XnrSynZlgkTFwUCGyrjRO GOzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oJ98mxhUnY6PfDlRptJIK28WZnznxFzhdFSUv5MWaps=; b=aKbjraowO0lIdt9AjE7TD7eJOWqXA4bGxZe2XOZgk5G7Xqryy+elUD+W6FZa5TU55M PsfuSzkAcTr/mH0vs1bWdR5Yjiu0bSCATYzdiKef4cGEULFm91xCFZdkp4qFygJBGj1D uqfDCuk3w1B29fpPs3pTacVGmMdQHdC83Fh+WrqjyheVcXY6T/bRST4EA5vHBTFqu+mF tq08LcN7ejp3exvJSpcw2xxRA/ZznsZIXnCNuHufMu8oXl/idMJeEIPuPb1v0Tj7D1c5 h/4uQTdDOUgTTGdhufnM7LstQa1M2pr0t0p7V8/yhAJ6ifrZVGCkbQqR338pJFsD44CY LcNQ==
X-Gm-Message-State: APjAAAWX3Q9B74QWzWlXZt8OeSeocrFV3TTaBWHmbFj+Qr0Egs/0JTJd azuIv6SFQVcDzBZa7Q5EQLKoFzXm/VkUBBZeFNo=
X-Google-Smtp-Source: APXvYqyuMmn2jy9rUUiw5hQrs+gQ7hOrClwsvTf7CtOWp9C25A6ur+WZ4BYuZzrWGizBvnIkAXJSKWbtvXyYNTg5D+4=
X-Received: by 2002:a9d:5a82:: with SMTP id w2mr63352004oth.240.1564067497613; Thu, 25 Jul 2019 08:11:37 -0700 (PDT)
MIME-Version: 1.0
References: <5B73FDDD-680A-4596-99FA-920B0776D862@isoc.org> <CAN40gStnjDOxSNJ8e3+kNwzB8N7z7KD79qqnEexKx9OgPaW8iw@mail.gmail.com>
In-Reply-To: <CAN40gStnjDOxSNJ8e3+kNwzB8N7z7KD79qqnEexKx9OgPaW8iw@mail.gmail.com>
From: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>
Date: Thu, 25 Jul 2019 11:11:26 -0400
Message-ID: <CAM+R6NUxVu35=3C_Q=XmacQKOuqO85FmnwePBffEexua5r5jFQ@mail.gmail.com>
To: Ira McDonald <blueroofmusic@gmail.com>
Cc: Karen O'Donoghue <odonoghue@isoc.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000999d14058e82d79c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/5qmIhHVs38cZrGfBA5tDFG6Tb7w>
Subject: Re: [sacm] WGLC for draft-ietf-sacm-ecp
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 15:11:50 -0000

Ira,
Thank you for the review. Responses in-line denoted by [jmf].


On Tue, Jul 2, 2019 at 12:07 PM Ira McDonald <blueroofmusic@gmail.com>
wrote:

> Hi,
>
> Ira's comments on <draft-ietf-sacm-ecp-05>
>
> 3.2.1.  Provisioning
>
> - Describes one-time setup examples of serial numbers (immutable),
> hardware certificates (long-lived), and device MAC addresses, which
> are NOT immutable and *should* be changing for Random MAC address
> usage over time, per recent IEEE 1609 (WAVE), IEEE 802.11 (Wi-Fi),
> and Common Criteria protection profile recommendations.
>
> - Recommend removing the MAC address example from this clause.
>

[jmf] We've had lots of discussion around the MAC address issue. I realize
here you are not arguing against it's use as a device identifier, but are
saying that it ought to be differentiated from other more permanent
identifiers. I believe, though, that we still want to capture the idea that
a device should be provisioned with a MAC address initially, even though
that MAC address ought to change. Perhaps we can remove the MAC address
example from this sentence, but add a new sentence immediately afterwards
saying that the device should have one, and it should change over time.
Would that work?

>
> 6.  Future Work
>
>    "Reassess the use of MAC addresses, including market research to
>    determine if MAC addresses continue to be a widely implemented
>    device identifier among network tools."
>
> - Market research showing the continued unwise use of fixed MAC
> addresses in Enterprise networks is not a valid criteria.  This is
> one of many bad security practices that are hard to stamp out.
>
> - Recommend changing to:
>    "Reassess the use of MAC addresses, based on technical research
>    into current security best practices in IoT, automotive, mobile,
>    and other privacy sensitive market domains."
>

[jmf] I agree with you, but, MAC addresses continue to be used by network
tools, and the ECPC will likely not change that. We've been round and round
on this issue, and I'd like to firmly settle it, but, until the market
moves along with us, it'll remain open. I would like to add in your words
about technical research, and keep the notion that we are really only
collecting MAC addresses because we need to be able to share data with our
network tools. It moves the security ball forward while acknowledging the
reality of network-based defense. Does that work?

>
>
> 10.  Privacy Considerations
>
>    "The EPCP specifically addresses the collection of posture data from
>    enterprise endpoints by an enterprise network.  As such, privacy is
>    not going to often arise as a concern for those deploying this
>    solution."
>
> - Stongly disagree.  If enterprise (or cloud) servers with endpoint
> posture metadata are successfully hacked (they're an attractive target),
> then major privacy issues arise with location/time-of-day association
> with PII for mobile users.  In the EU, GDPR protections definitely do
> apply to enterprise networks.
>
> - Recommend changing to:
>
>    "The EPCP specifically addresses the collection of posture data from
>    enterprise endpoints by an enterprise network.  As such, privacy is
>    a fundamental concern for those deploying this ECP solution, given
>    EU GDPR, California CCPA, and many other privacy regulations.  The
>    enterprise SHOULD implement and enforce their duty of care."
>

[jmf] Agreed, thank you for the better words.

>
>    "An enterprise network should limit access to endpoint posture and
>    identification information to authorized users."
>
> - Very weak statement.  Potentially large number of network admins and
> IT support people may have access to endpoint posture metadata.  They
> should always have training about the importance of protecting this
> endpoint posture metadata.
>
> - Recommend changing to:
>
>    "An enterprise network SHOULD limit access to endpoint posture and
>    identification information to authorized users and SHOULD enforce
>    policies that prevent export of endpoint posture metadata to third
>    parties (except duly authorized law enforcement personnel)."
>
> [jmf] I like your ideas here. Maybe we can change the edit to read  "An
enterprise network SHOULD limit access to endpoint posture and identification
information to authorized users and SHOULD enforce policies that prevent
export of endpoint posture metadata to *unauthorized *third parties".

>
> Cheers,
> - Ira
>
>
Thanks again,
Jess

> Ira McDonald (Musician / Software Architect)
> Co-Chair - TCG Trusted Mobility Solutions WG
> Co-Chair - TCG Metadata Access Protocol SG
> Chair - Linux Foundation Open Printing WG
> Secretary - IEEE-ISTO Printer Working Group
> Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
> IETF Designated Expert - IPP & Printer MIB
> Blue Roof Music / High North Inc
> http://sites.google.com/site/blueroofmusic
> http://sites.google.com/site/highnorthinc
> mailto: blueroofmusic@gmail.com
> PO Box 221  Grand Marais, MI 49839  906-494-2434
>
>
>
> On Thu, Jun 27, 2019 at 4:34 PM Karen O'Donoghue <odonoghue@isoc.org>
> wrote:
>
>> Folks,
>>
>> As discussed at our virtual interim on Tuesday, this begins a three week
>> working group last call for:
>> Endpoint Posture Collection Profile
>> https://datatracker.ietf.org/doc/draft-ietf-sacm-ecp/
>>
>> Please reply to this email thread with an indication that you have read
>> the document, any comments you may have, and your assessment of whether or
>> not it is ready to proceed to publication.
>>
>> DEADLINE: Please reply by Friday 19 July 2019.
>>
>> Thanks!
>> Karen and Chris
>>
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>

v2.23.0 | Report a Bug | By Email