Re: [sacm] IETF 98: SACM Vulnerability Assessment Scenario Follow-Up Work
Adam Montville <adam.w.montville@gmail.com> Fri, 24 March 2017 11:50 UTC
Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A82912965E for <sacm@ietfa.amsl.com>; Fri, 24 Mar 2017 04:50:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZvlgSv-apxHq for <sacm@ietfa.amsl.com>; Fri, 24 Mar 2017 04:50:13 -0700 (PDT)
Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7827F12963F for <sacm@ietf.org>; Fri, 24 Mar 2017 04:50:13 -0700 (PDT)
Received: by mail-oi0-x22e.google.com with SMTP id w81so5583576oig.1 for <sacm@ietf.org>; Fri, 24 Mar 2017 04:50:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=gFKXHFkA3GLagQY4BzQZiLMnrlzDJZNM167M0LXmWaI=; b=H5RQUD9cYHeOn/IWxInes1T19SJ61T/F8e85+9oEFOu0lKK1UYOts65N/bVoZijPFA QXFgFvY2BdhS7CDx+rM2sHtW35UWnfGGMJlBKBuNAE/BV13Ro+wZzhDy6bkxvVZdcHma pJAs/BE68XbZxaLPox19do8FaU3Wad7zp3ZOwcly1GggOHnCdRovwSHsbgz8d4kldBQt WnlGu4Vb5y41kLY1urXEGwwvRBsbmjYzq4KrDHZlcLQSN3GakVankFHDwb0XoBOVRGJG EWVox8Ql6Ly65+Uuqwaw53XC8CilFm/oXHtQ1SNKSpBf7sZ9EZPoHFejXKGQqkFHwT8f 6tgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=gFKXHFkA3GLagQY4BzQZiLMnrlzDJZNM167M0LXmWaI=; b=AsNI5HfGxJ59jkwQguOupHy/FY5msRZeCYF69DWXKkBeV4AVQbnzjRFADKcvrNhCjX EzwAaXoI3DzO+SKso/GIyS/n2FuYLtCkKehhDCCn9NSxY+BGkRtVayypmkmkHzY+XlGA Jxc6LJt8ztjFW5VIgW+g9j9VPRmxda/7h8IbG9wXsjxTqyvq7+9JxybCZKKPjdeotIZ1 SYbz0bTb6ykcFw3w29X5Ev4iLm6SG/iM/P/eFNK6od27U1jCfD9heU1+qn14NYX20w5w Ow+qIVcQ0IgW015PcdYUpOKCicrj6D69gjUHRRigfMzW4X/vW1WSayLoUBqv+Ur/Zkpg acnA==
X-Gm-Message-State: AFeK/H30HiGKbXSs/+e93FGetxxzQycXW5z+AZg5HdykWkXhIKGd+i7Tx9u5XXOmC5Tgbf+UOOoo5y2QIaQLEA==
X-Received: by 10.202.92.11 with SMTP id q11mr4310767oib.51.1490356212518; Fri, 24 Mar 2017 04:50:12 -0700 (PDT)
MIME-Version: 1.0
References: <DM5PR09MB1354008850F09E8D768C3C91A53F0@DM5PR09MB1354.namprd09.prod.outlook.com>
In-Reply-To: <DM5PR09MB1354008850F09E8D768C3C91A53F0@DM5PR09MB1354.namprd09.prod.outlook.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Fri, 24 Mar 2017 11:50:01 +0000
Message-ID: <CACknUNW19JOYx3m1X-gpjSEhJAGXjWragSs96ykzik2+=yHn=w@mail.gmail.com>
To: "Haynes, Dan" <dhaynes@mitre.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a113d60eaa2d75d054b7898b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/NgtDm3w3x6EVR_DwV3Nik67JYPw>
Subject: Re: [sacm] IETF 98: SACM Vulnerability Assessment Scenario Follow-Up Work
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2017 11:50:16 -0000
Thanks for sending this out, Danny. Those five bullet points seem big enough to consume an hour and a half. At one point we were going to look at a couple of specific existing CVEs, but I don't think we ever got as far as picking them out... If doing something like that seems like a reasonable idea, we could pick some representative CVEs to walk through the diagram. In that way, we'd have something more concrete to talk about, especially when it comes to enumerating necessary information elements. Thoughts? Adam On Thu, Mar 23, 2017 at 2:13 PM Haynes, Dan <dhaynes@mitre.org> wrote: > Hi Everyone, > > > During the Vulnerability Assessment Scenario session at IETF 98, we would > like to work towards the following. > > > > · Reaching consensus on the components necessary for a single flow > through the Vulnerability Assessment Scenario > > · Reaching consensus on the interactions between components > > · Reaching consensus on a diagram that shows the components and > their interactions with each other > > · Reaching consensus on the different tasks and identify where > they occur in the diagram > > · Enumerating the IEs necessary for the interactions between > components > > > > Since IETF 97, we have had a virtual interim meeting [1][2] and two > follow-up calls [3][4] as well as some discussion on the mailing lists > [5][6]. Also, the SACM Vulnerability Assessment Scenario has been moved to > the SACM wiki [7][8]. > > > > Please let me know if you have any questions or if there is anything else > you would like to add to the discussion since we have 90+ minutes according > to the agenda :). > > > > Thanks, > > > Danny > > > > [1] > https://www.ietf.org/proceedings/interim-2017-sacm-01/slides/slides-interim-2017-sacm-01-sessa-vulnerability-assessment-scenario-00.pdf > > [2] > https://www.ietf.org/proceedings/interim-2017-sacm-01/minutes/minutes-interim-2017-sacm-01-201701111000-00 > > [3] https://www.ietf.org/mail-archive/web/sacm/current/msg04631.html > > [4] https://www.ietf.org/mail-archive/web/sacm/current/msg04637.html > > [5] https://www.ietf.org/mail-archive/web/sacm/current/msg04630.html > > [6] https://www.ietf.org/mail-archive/web/sacm/current/msg04650.html > > [7] > https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario > > [8] https://www.ietf.org/mail-archive/web/sacm/current/msg04697.html > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm >
- [sacm] IETF 98: SACM Vulnerability Assessment Sce… Haynes, Dan
- Re: [sacm] IETF 98: SACM Vulnerability Assessment… Adam Montville