IETF Logo Mail Archive

Re: [sacm] Working Group Last Call for draft-ietf-sacm-vuln-scenario

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Fri, 05 August 2016 11:32 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F067B12D74C for <sacm@ietfa.amsl.com>; Fri, 5 Aug 2016 04:32:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.187
X-Spam-Level:
X-Spam-Status: No, score=-8.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SJXVZKRiI9Zi for <sacm@ietfa.amsl.com>; Fri, 5 Aug 2016 04:32:47 -0700 (PDT)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3821412B053 for <sacm@ietf.org>; Fri, 5 Aug 2016 04:32:45 -0700 (PDT)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-2ubuntu2.1) with ESMTP id u75BWfGv011687 (version=TLSv1/SSLv3 cipher=AES256-SHA256 bits=256 verify=NOT) for <sacm@ietf.org>; Fri, 5 Aug 2016 13:32:43 +0200
Received: from [192.168.16.50] (134.102.43.163) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.301.0; Fri, 5 Aug 2016 13:32:35 +0200
To: sacm@ietf.org
References: <B7DD871D-ED83-4399-B7C9-AAC016969C7D@gmail.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <1e8bea10-cf5a-5462-1ca6-6c66377de08b@sit.fraunhofer.de>
Date: Fri, 05 Aug 2016 13:32:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <B7DD871D-ED83-4399-B7C9-AAC016969C7D@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.43.163]
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/Exnc_goLmTqyM68h7dm_KgszkjE>
Subject: Re: [sacm] Working Group Last Call for draft-ietf-sacm-vuln-scenario
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2016 11:32:50 -0000

Hello,

a few comments and nits:

- Why is "Endpoint Vulnerability Assessment Capability" only a title of 
section 5 and not in the list of section 2 (or used anywhere else)?

- I would like to see a better differentiation between Endpoint, Target 
Endpoint and SACM component. Mostly the term Endpoint is used for all 
three purposes, I think.

- I would like to see a better mapping of the very general terms in 
section 2 to more specific terms that are aligned with SACM terminology. 
Some of that is already done throughout the Appendices, but is quite 
difficult to find and thereby to understand, I think.

Please have a look at a very naive, probably far from complete, and too 
wordy attempt of illustrating what I try to convey here:

Vulnerability description information: information about 
vulnerabilities, e.g. CVE
=> Vulnerability Description Information
=> Vulnerability Description Information Repository

Vulnerability detection data: guidance on how to detect a vulnerable 
software component on a target endpoint
=> Vulnerability Detection Guidance
=> Vulnerability Detection Guidance Repository

Endpoint management capability: tasks and functions that create and 
provide an updated list of target endpoints in a SACM domain
=> Target Endpoint Information
=> Target Endpoint Information Repository
=> Target Endpoint Discovery Task
=> Target Endpoint Discovery Results
=> Target Endpoint Collection Task (is called "Endpoint Data Collection" 
in B.1.)
=> Target Endpoint Collection Results

Vulnerability management capability: the task of detecting vulnerable 
software components on a target endpoint
=> Vulnerability Detection Task
=> Vulnerability Detection Results

Vulnerability assessment: the work-flow that produces evaluation results 
regarding target endpoints with vulnerable software components
=> Vulnerability Assessment
=> Vulnerability Assessment Results


Viele Grüße,

Henk






On 07/28/2016 04:20 PM, Adam Montville wrote:
> This message starts a Working Group Last Call for the Internet-Draft
> ‘SACM Vulnerability Assessment Scenario’
> — https://datatracker.ietf.org/doc/draft-ietf-sacm-vuln-scenario/.
>  Please send your comments, questions, and edit proposals to the WG mail
> list until August 5, 2016.  If you believe the document is ready to be
> submitted to the IESG for consideration as an Informational RFC, please
> send a short message stating so.
>
> Kind regards,
>
> Adam
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>

v2.23.0 | Report a Bug | By Email