IETF Logo Mail Archive

Re: [sacm] Milestones for recharter - FEEDBACK needed ASAP

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Thu, 16 November 2017 06:14 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0125F129510 for <sacm@ietfa.amsl.com>; Wed, 15 Nov 2017 22:14:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.089
X-Spam-Level:
X-Spam-Status: No, score=0.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ssQMoJ7l2rq0 for <sacm@ietfa.amsl.com>; Wed, 15 Nov 2017 22:13:59 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0101.outbound.protection.outlook.com [23.103.200.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 205B11294D8 for <sacm@ietf.org>; Wed, 15 Nov 2017 22:13:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vkxGv8i4YSx/E0lKDDjJq0XsfOIZjGkqBHJp8vTfq6o=; b=iUSj0wlrKuk1pizrGgx1gFkkCniH41TQLiXG6t6fVdBofnWaYNqXQlPRPGgEHAkQEoTTvE8ZGKagnvScViqlKqjn12/GfVaBsF2Z5xwzCjoL603agKyvTI+8MXj0koyMmd/rx8g7wsKlWk5IVEsWMBBld4ZrAK3Lh/9yYzPXLn4=
Received: from CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) by CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 16 Nov 2017 06:13:56 +0000
Received: from CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) by CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) with mapi id 15.20.0239.005; Thu, 16 Nov 2017 06:13:56 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Adam Montville <adam.w.montville@gmail.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: [sacm] Milestones for recharter - FEEDBACK needed ASAP
Thread-Index: AQHTXdU6mcenDD07b0i5IA3Jertr7qMVevAAgADdvwCAAApDgIAAITRl
Date: Thu, 16 Nov 2017 06:13:56 +0000
Message-ID: <CY4PR09MB14957968ABE85691BB010AFBF02E0@CY4PR09MB1495.namprd09.prod.outlook.com>
References: <etPan.5a0bd4f3.4a5e4576.17eb5@cert.org> <CACknUNUP3nM1OxWvExtSLm-RL-YjEsk+Tr9gTjYZybf-HoQ1hA@mail.gmail.com> <5ed05603-8132-e254-5ad6-17e20eef6b9c@sit.fraunhofer.de>, <CACknUNWZWw3SGUwcA9E_ww-=ZdKLUF8sXeLJb5bjYA8CWfCe3g@mail.gmail.com>
In-Reply-To: <CACknUNWZWw3SGUwcA9E_ww-=ZdKLUF8sXeLJb5bjYA8CWfCe3g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov;
x-originating-ip: [2001:67c:370:128:11f9:8970:5fe9:83ff]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1495; 6:uY7BGaG4pxpW9SbGKDryRNnlzd4ir/tAH5/Ttib9SQpE0n9rAsqkNDCJ17hrL41R4avgGfyHqkzzhr5WxQVRGWU7yfXPo84kjIGNU4v5Ec7D/zaNhrjX0RVmx2FNXsy9WpDGoDrn23LpJAbBYD4m7jbsS0YcGCPYYsr45WNdDhEq0YFt765N98PPv+50OkUJIUaONbAwgIM8IxGhGs5ymrk4q0OZF5pe9gdsSi9m0qs9EDRR/o3LrqkmFfiOuHaWoCn9X9qaLgzwTWJLatXVnBXYeCWDQax0XtRuVvjPkxhiWbh6MUwgi14JtbKNiz2cpOmDdcXgjCmOgp8EupafuDFPpqFlji1UDa6fv24LUzo=; 5:+OkkbwqBOzmDWAW86dlGZdX/QvZtof9SE5b1xy2kV/wMyZ0S44flg45ReWJ1XxJG6Azv7yf8tRmpmA4LV8LdsvAqMKvxD6c+hSZNeQ1acT++xT2mKxeeH71dbKFp4nqOAPyVUNGf6VHmooY+BE22OWf6c9PgTaKqiyvwAEN6Was=; 24:zav112EdvdpLCNXXa1BNVoKNOPgqSkCGHD8jIIazsCFpQEpQo9H6vqJMt683ZkpA4wxrYEdvEnOB8PqP36p4C0WZZSeKoYUKuqfJAjDgOjE=; 7:9em/E8BfhQXo4jGqUWFqEK4Eb1ud5PyFW9WWYM1qGSpoDAPM+t2NtnZoLv+x2lHhQZ9dmv9m9jLzP/OQBiTb2lPIOe7yggdQANK7C1vS+KBb8NgLwuZBLaoXttxMppd1Y1+2f/U3lESrZBKifyaJM9mRxHg14jjA2/tgv1GTtePCKtRB+ZNnsZNJN2bOfhv8Z/wEaG4QJgVj3CFvleP9ro1z9NTUGNG14cPsRbChG83jpXRXDlvcq34OSTG3eKyo
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: ffcc92c6-735c-4704-fb5f-08d52cb93861
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:CY4PR09MB1495;
x-ms-traffictypediagnostic: CY4PR09MB1495:
x-microsoft-antispam-prvs: <CY4PR09MB149512FFB6DD0710A360C1D1F02E0@CY4PR09MB1495.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(189930954265078)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(3002001)(3231022)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123560025)(20161123558100)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR09MB1495; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR09MB1495;
x-forefront-prvs: 0493852DA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(346002)(24454002)(51884002)(51914003)(199003)(189002)(236005)(3280700002)(101416001)(8676002)(2950100002)(99286004)(76176999)(54356999)(50986999)(81166006)(97736004)(81156014)(19627405001)(6606003)(86362001)(2906002)(7696004)(7736002)(68736007)(189998001)(33656002)(3660700001)(8936002)(102836003)(106356001)(74316002)(6116002)(53936002)(105586002)(6506006)(606006)(110136005)(229853002)(4326008)(6436002)(5660300001)(6306002)(54896002)(316002)(966005)(6246003)(77096006)(478600001)(2900100001)(9686003)(39060400002)(25786009)(55016002)(14454004)(93886005)(53546010); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1495; H:CY4PR09MB1495.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR09MB14957968ABE85691BB010AFBF02E0CY4PR09MB1495namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: ffcc92c6-735c-4704-fb5f-08d52cb93861
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 06:13:56.8216 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1495
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/9uzK4sAhPZRWPqZzk-j5MYO073g>
Subject: Re: [sacm] Milestones for recharter - FEEDBACK needed ASAP
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 06:14:03 -0000

Chairs, Adam, et al,


For some of Chris's original milestones, it is not clear if the date is for a draft adoption, WGLC, or sent to the IESG. It might be good to add those details to the milestones.


For the CoSWID and ROLIE SW descriptor, early 2018 is good for WGLC. We should also be able to send to the IESG by March 2018.


Overall, it would be useful to see a consolidated list of milestones to be sure I have covered everything related to work I am doing. Would it be possible to send updated milestones around? If not, we can always correct any for which there is confusion.

More comments are inline below marked DAW.


Thanks,
Dave

________________________________
From: sacm <sacm-bounces@ietf.org> on behalf of Adam Montville <adam.w.montville@gmail.com>
Sent: Thursday, November 16, 2017 11:59 AM
To: Henk Birkholz
Cc: sacm@ietf.org
Subject: Re: [sacm] Milestones for recharter - FEEDBACK needed ASAP

Henk, thanks for the comments. They seem reasonable. Interested in what others think of the list.

Chairs, is this getting us toward relating milestones to specific work items in the charter?

On Thu, Nov 16, 2017 at 11:23 AM Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>> wrote:

Hi Adam,

comments inline.

Viele Grüße,

Henk



On 11/15/2017 03:09 PM, Adam Montville wrote:
> Chris & Karen,
>
> Thanks for sending this out. Here are some thoughts that Bill and I have
> on getting milestones built out from our possible work items. I've
> organized this note by work item in the order they appear in our draft
> charter presently under consideration. Before getting into the
> per-work-item notes, I thought it would be good to list the drafts we
> think could be created in pursuit of fulfilling our charter.
>
> ===========
>
> *Draft Suggestions (without timelines):*
> Given all of the above, the following could be milestone items (i.e.
> drafts):
>
>   * Endpoint identification and targeting
>   * Endpoint element description
>   * ECP
>   * SWIMA
>   * Criteria/evaluation language
>   * Datastream over transfer mechanism
>   * ECP over transfer mechanism
>   * YANG-push over transfer mechanism
>   * IPFIX over transfer mechanism
>   * CoSWID
>   * General purpose OS posture collection best practice
>   * Web server posture collection best practice
>   * Database server posture collection best practice
>   * ROLIE software descriptor
>   * ROLIE configuration checklist information type
>   * ROLIE configuration descriptor
>   * ROLIE vulnerability information descriptor
>
> Other drafts:
>
>   * Terminology
>   * Architecture / data interchange api/concept of operations
>   *
>     Transfer protocol(s) - spring 2019 (PT-TLS/XMPP-Grid/others)
>   *
>     Lang/api for developing guidance - fall 2019 (orchestration)
>
> (These last three may be useful for supporting development of the drafts
> previously listed.)
>
> ============
>
> *First Possible Work Item:*
> "Define a way to provide three types of guidance to the correct SACM
> collectors: 1) Which target endpoints to collect from and, 2) what to
> collect from these target endpoints, and 3) How quickly after an
> attribute change information must be collected."
>
> First, we have the opinion that the third type of guidance presumes a
> specific solution and on that basis should be considered for removal (I
> know this might be late).

"Transfer protocol(s) - spring 2019 (PT-TLS/XMPP-Grid/others)" seem(s)
to be able to provide these features? Respectively, see 2nd work item
below: "define extensions".

>
> Second, given that this is an item to /provide/ three types of guidance
> to the correct SACM collectors, we need at least one delivery mechanism.
> It seems that ROLIE or XMPP-Grid could fulfill this need. We feel that
> there is probably a role for both.


[daw: Agreed.]


> Third, this work item also implies that we have some manner of:
>
>  1. Endpoint identification and targeting
Target Endpoint Characterization?

>  2. Endpoint element description
Target Endpoint Profiles?

Both imply the definition of corresponding repository capabilities, I
think (maybe because we just created a PoC imperative guidance repo SACM
component at the Hackathon).


[daw: Henk, I don't understand how your imperative guidance repo works, so it is hard to form an opinion here. Can you share more information? Is there a draft?]


>
> *Second Possible Work Item:*
> Define an extension of IETF NEA [https://ietf.org/wg/concluded/nea.html<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fietf.org%2Fwg%2Fconcluded%2Fnea.html&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C4e9377cf786a4385283b08d52ca67cb0%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636464015950931018&sdata=DOdmwsi%2BCFLLYVZuW175x3IrPQ73DURAe7OucvloahY%3D&reserved=0>]
> to collect and deliver information about firmware, operating systems,
> and software installed on an endpoint.
>
> Here we feel that ECP (PT-TLS), along with SWIMA (software IDs over
> PT-TLS), provides the NEA extension.
>
> *Third Possible Work Item:*
> Describe a criteria language capable of being evaluated against endpoint
> posture information to produce a standardized result.
>
> This is TBD, but Dave and Stephen expressed interest in this item at
> IETF 99, and we assume that interest persists.

Might need more specifica about the data at rest? Not sure if in scope,
though.


[daw: We plan to write a draft to share/socialize some thinking on this topic. We can provide a draft for discussion in March ahead of IETF 101.]


> *Fourth Possible Work Item:*
> Define a control plane function to enable the discovery and
> orchestration between devices that can provide the requisite information
> sought by posture collectors, posture evaluators or both.
>
> The more we read this one the more we were confused by it. The intent
> seems to mean how information sources flow through the transfer
> mechanism (i.e. XMPP-Grid). From this perspective, we may need to define
> how many information sources are transferred over the given mechanism
> (i.e. XMPP-Grid).
>
>   * Datastream (XCCDF+OVAL, etc.)
>   * ECP (which may end up being more than SWIMA)
>   * YANG-push
>   * IPFIX
>   * Etc.

This seems to be a mix of transfer methods and payload definitions? In
regard to negotiation/selection of the corresponding data plane streams
there are always (at least) the two options of either an intermediary
(e.g. a broker) or a direct end-2-end data plane flow (which could also
be brokered/orchestrated).

>
>
> *Fifth Possible Work Item:*
> Define a method of expressing software metadata that is suitable for use
> by constrained devices including a CBOR-based format derived from the
> ISO/IEC 19770-2 Software Identification (SWID) tag standard.
>
> This is, to us, clearly CoSWID.


[daw: yep. We would like to ship this soon. See the top of this email.]


>
> *Sixth Possible Work Item:*
> Define best practices for the collection of posture information from
> endpoints and its delivery to a collector, from which it can be
> distributed using the SACM messaging standards.
>
> For network devices, this has something like Frank and crew have cooked
> up, with the network device baselines (we'll reserve our comments on use
> of the term baseline for another discussion). But, this also implies
> that there are more such things to consider for things like Web servers,
> database servers, general purpose operating systems, real-time operating
> systems, IoT devices, and so on.

I maybe wouldn't call this bas... oh, nvm, reserved for another
discussion ;)

>
> *Seventh Possible Work Item:*
> Extend existing standards for information exchange to support the
> sharing of software, configuration information, and other forms of
> imperative guidance including extensions to the Resource-Oriented
> Lightweight Information Exchange (ROLIE).


[daw: Regarding the ROLIE SW descriptor, we would like to ship this soon. See the top of this email.]


> Obviously, this is leaning toward ROLIE, and we've got some drafts
> in-flight for such extensions already. We note, however, that this work
> item is not exclusive to ROLIE. Nevertheless, we have discussed software
> descriptors, configuration descriptors, checklist information type
> descriptor, vulnerability information descriptor, and so on.


Willing to help on the ROLIE configuration descriptor draft. We are also interested in writing a vulnerability descriptor draft which we can provide a personal draft ahead of IETF 101.


>
> However, we also note that this seventh work item is strikingly similar
> to the fourth, and suggest that this seventh item be considered as a
> special case of the fourth.


I am not so sure these are the same. Not that it should hold up this milestone discussion, but I'd like to understand your thinking more on this.


> =============
>
> Hopefully, this starts to elicit further discussion with respect to our
> milestones.
>
> Kind regards,
>
> Adam
>
> PS: Bill, please correct anything that I got wrong or missed from our
> discussion.
>
>
>
>
> On Wed, Nov 15, 2017 at 1:47 PM Chris Inacio <inacio@cert.org<mailto:inacio@cert.org>
> <mailto:inacio@cert.org<mailto:inacio@cert.org>>> wrote:
>
>     For everyone in the room (in person or virtual) we discussed
>     milestones that we would present along with our new charter text.
>     This is what I captured during the meeting – admittedly with some
>     significant liberties on my part:
>
>     Milestones:
>     ==========
>
>     CoSWID - WGLC early 2018. (SWID data) (Collection)
>     ROLIE SW extension - WGLC early 2018 (SWID data) (Share/Collect)
>     ECP - mid 2018 (PT-TLS/IETF NEA data) (Collection/)
>
>     Terminology - end of 2018
>     Architecture / data interchange api/concept of operations - end of 2018
>
>     Transfer protocol(s) - spring 2019 (PT-TLS/XMPP-Grid/others)
>
>     Lang/api for developing guidance - fall 2019 (orchestration)
>
>
>     Please provide feedback ASAP so that the chairs can finish
>     submitting the re-charter information by the end of the week.
>
>     Thank you,
>     Chris & Karen
>
>     --
>     Chris Inacio
>     inacio@cert.org<mailto:inacio@cert.org> <mailto:inacio@cert.org<mailto:inacio@cert.org>>
>
>     _______________________________________________
>     sacm mailing list
>     sacm@ietf.org<mailto:sacm@ietf.org> <mailto:sacm@ietf.org<mailto:sacm@ietf.org>>
>     https://www.ietf.org/mailman/listinfo/sacm<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsacm&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C4e9377cf786a4385283b08d52ca67cb0%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636464015950931018&sdata=SgJmldBXDWZJNnAR%2FOXapUIyq4GYSqQtiX2kiIctCHw%3D&reserved=0>
>
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org<mailto:sacm@ietf.org>
> https://www.ietf.org/mailman/listinfo/sacm<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsacm&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C4e9377cf786a4385283b08d52ca67cb0%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636464015950931018&sdata=SgJmldBXDWZJNnAR%2FOXapUIyq4GYSqQtiX2kiIctCHw%3D&reserved=0>
>

_______________________________________________
sacm mailing list
sacm@ietf.org<mailto:sacm@ietf.org>
https://www.ietf.org/mailman/listinfo/sacm<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsacm&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C4e9377cf786a4385283b08d52ca67cb0%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636464015950931018&sdata=SgJmldBXDWZJNnAR%2FOXapUIyq4GYSqQtiX2kiIctCHw%3D&reserved=0>

v2.23.0 | Report a Bug | By Email