IETF Logo Mail Archive

Re: [sacm] Working Group Last Call for draft-ietf-sacm-vuln-scenario

Adam Montville <adam.w.montville@gmail.com> Thu, 25 August 2016 12:25 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF76D12D10B for <sacm@ietfa.amsl.com>; Thu, 25 Aug 2016 05:25:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OfRW0HfjQDCk for <sacm@ietfa.amsl.com>; Thu, 25 Aug 2016 05:25:03 -0700 (PDT)
Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 350A512D100 for <sacm@ietf.org>; Thu, 25 Aug 2016 05:25:03 -0700 (PDT)
Received: by mail-oi0-x232.google.com with SMTP id f189so63845171oig.3 for <sacm@ietf.org>; Thu, 25 Aug 2016 05:25:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:message-id:mime-version:subject:date:references:to:in-reply-to; bh=dnmjpg1ewy89kaqagdfCb8E0VOXZrD5Ln0FAUWX+nZU=; b=wImefYOJzKTPwgfDqeqHG9KPaHw/qQoaaWJhOifiWJPpKo6DUwXexuAogTi5K6D+rE YpwUNhYmsytK+9RG23WbHnGNxQS1B0iMc4a0ppGyQGwrUw4RKLCzAyiEPWOpaBRYAnus +KdI0v9UDuov6uCyvFxPRKf6EEU3OOEOIOkUqrtj3ZLi3gMRl0FVpmacuIqbcJVSRA2D /cr0pwpk8OymfNzvxzIynCetn0JrVfsxBYomzDv5xRxgFt20JALw3M6ZGMqIaqz82/fM IhxRmNE8z8qhf1XIcG252sxiTNsWkm0AAQkKzT/Yqfo0VEAzv+54azT4wRCIjnOaEB0i qotQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :references:to:in-reply-to; bh=dnmjpg1ewy89kaqagdfCb8E0VOXZrD5Ln0FAUWX+nZU=; b=HK1L5g7XbbKoNewCeCzsJm2TmUSZeo6PcYFp5bDwCG8KuwgGK39KhxGXrEHIQ8lDcU C0D/8FbwRr4QIQtzkFPNQgJOcKk0QsB99Qg8nsgfXAFel8tlQakG/glhBee89h6cFCuY HiNLRKxrjC5AzheD/NX1HvoIIMG06ZJPBaG6PGduZkq6V3J/k46NngRaHShZXy5gAtFJ u/f6BXJ7LXTrGFGxEhmlP+lR/URzLcOc+bQvhDApRRjl6Q6uc8Lg9jFbAg3Ry5tXkzzF 74ZXfCFAnY8F4SqGYA4/TfbvpZSJCRwaBrB3oNH0UR0eleHZql+ujJSysdlHKJ8Zehxt IWvw==
X-Gm-Message-State: AEkoousCNgFUJ8jODTfPex28IUZyD1LHkUgLULtMek2d9TB8OTubrB02SkI1D1VgJmrGYg==
X-Received: by 10.202.235.79 with SMTP id j76mr6246609oih.193.1472127902239; Thu, 25 Aug 2016 05:25:02 -0700 (PDT)
Received: from adams-mbp.attlocal.net (99-64-100-131.lightspeed.austtx.sbcglobal.net. [99.64.100.131]) by smtp.gmail.com with ESMTPSA id o185sm6322853oif.26.2016.08.25.05.25.00 for <sacm@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 25 Aug 2016 05:25:01 -0700 (PDT)
From: Adam Montville <adam.w.montville@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_660F3852-BAC7-4725-84AA-C8CB64679A12"
Message-Id: <93109F49-39A7-4C72-BFD6-F565F94E7868@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Date: Thu, 25 Aug 2016 07:24:59 -0500
References: <B7DD871D-ED83-4399-B7C9-AAC016969C7D@gmail.com> <B57E8E91-8DDB-4E81-AFB5-2F893187CEEC@gmail.com> <FA030A04-3B89-446D-ACC6-F1BDD8013BF4@gmail.com>
To: "<sacm@ietf.org>" <sacm@ietf.org>
In-Reply-To: <FA030A04-3B89-446D-ACC6-F1BDD8013BF4@gmail.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/Frq8_1EPawBWsgtUteB5KCplfYY>
Subject: Re: [sacm] Working Group Last Call for draft-ietf-sacm-vuln-scenario
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2016 12:25:06 -0000

Jim, I've reviewed your comments, thanks for making them.  I think your perspective is at a lower level than that which this draft intends to live.  The draft is intended to describe an operational scenario not at the network layer, but from the perspective of running and operating a security program.  I think some of the nits you have are probably valid, but many of your comments, I feel, may stem from the desire to have this scenario describe something at a lower level than that which was intended.

As someone familiar with security programs and the basic processes and procedures typically embodied by them, this draft made sense to me (as did many of the novel acronyms, having been in this problem domain for a while).


> On Aug 24, 2016, at 3:02 PM, Adam Montville <adam.w.montville@gmail.com> wrote:
> 
> I just noticed Jim's comments under a different subject (next time, please provide your comments under the same subject heading which makes judging consensus and open issues a bit less error prone and a bit easier).  Does anyone have any comment on Jim's findings?  https://mailarchive.ietf.org/arch/msg/sacm/JjvnpiodY9X32yjq72W-FIMLpB4 <https://mailarchive.ietf.org/arch/msg/sacm/JjvnpiodY9X32yjq72W-FIMLpB4>  I'll reproduce his comments here.
> 
> Section 1 - first sentence.  This says that it is detailed.  I question that
> statement as I found it to gloss over almost everything
> 
> The second sentence of the introduction makes a promise that I cannot find
> fulfilled anyplace in the core text of this document.  How is this informing
> protocol or data model development?  What I expect to see if a set of
> statements in the document along the lines of "This affects means that we
> need to have a protocol that does X" or "This affects the data model because
> it needs to do Y."  I expect that this is going to be highlighted in the
> text if that is the function of the document.
> 
> Section 1 - If prioritization is so important - should it affect the IM?
> 
> Section 1 - Are we expecting to publish vulnerabilities in the IM long term?
> If so it would see that at least part of publication would be in scope.
> 
> Section 2 - are you sure you want me to read this?  Vulnerability
> description information:  The subject of the first sentence is Information -
> so it appears to say Information which can adversely impact. Kill everything
> starting with which
> 
> Section 3 - bullet point 1 - How much of the processing is processing into
> something that is SACM IM aware?  Actually, looking at most of these
> assumptions they seem to be things that people have said that SACM should be
> able to do.  It would be useful to call that out and say what things in SACM
> will support these assumptions.
> 
> Section 3 - bullet point 4 - I have no idea what this says
> 
> Section 4.2 - What components are we talking about that it is going to
> understood by?  This is the first time that I know that you have used this
> word.  As far as I know, there is current no reason for any of this data to
> be SACM data but could all be company proprietary.
> 
> 
> I found this document to be very hard to review.  From my point of view it
> is lacking any useful information and therefore does not help progress any
> work in the group.  If it is published I will do my best to forget that it
> ever existed and go forward.
> 
> Jim
> 
> Never ask for a review unless you really want one, you will probably not be
> happy with the results.
> 
> 
> 
> Appendix I seems to be short on implementation specific details as promised
> in section 4.1
> 
> B.1 para #1 - The last sentence makes zero sense to me
> 
> B.1 para #2-4 - You need to motivate these paragraphs.
> 
>> On Aug 24, 2016, at 2:56 PM, Adam Montville <adam.w.montville@gmail.com <mailto:adam.w.montville@gmail.com>> wrote:
>> 
>> There seems to be good consensus on putting our vulnerability draft through to the IESG.  Henk had some terminology-related comments that were augmented by Jarrett.  The suggestion [1] was to change "Endpoint Vulnerability Assessment Capability" to "Endpoint Vulnerability Assessment Capabilities" (make it plural).  Given that we have consensus as it stands, I don't feel that we should require the draft to be updated, but the change is small, and simple, so we could do so easily.  Danny, would you be willing to make that small change before we submit the draft to IESG?
>> 
>> Kind regards,
>> 
>> Adam
>> 
>> [1] https://mailarchive.ietf.org/arch/msg/sacm/lPHC95Ug2lQWTYC1HG5s2iMOYic <https://mailarchive.ietf.org/arch/msg/sacm/lPHC95Ug2lQWTYC1HG5s2iMOYic> 
>> 
>>> On Jul 28, 2016, at 9:20 AM, Adam Montville <adam.w.montville@gmail.com <mailto:adam.w.montville@gmail.com>> wrote:
>>> 
>>> This message starts a Working Group Last Call for the Internet-Draft ‘SACM Vulnerability Assessment Scenario’ — https://datatracker.ietf.org/doc/draft-ietf-sacm-vuln-scenario/ <https://datatracker.ietf.org/doc/draft-ietf-sacm-vuln-scenario/>.  Please send your comments, questions, and edit proposals to the WG mail list until August 5, 2016.  If you believe the document is ready to be submitted to the IESG for consideration as an Informational RFC, please send a short message stating so.
>>> 
>>> Kind regards,
>>> 
>>> Adam
>> 
>

v2.23.0 | Report a Bug | By Email