Re: [sacm] Initial comments on ECP draft
Adam Montville <adam.w.montville@gmail.com> Wed, 23 August 2017 13:38 UTC
Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F967132C12 for <sacm@ietfa.amsl.com>; Wed, 23 Aug 2017 06:38:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d_oQt7yZLpNX for <sacm@ietfa.amsl.com>; Wed, 23 Aug 2017 06:38:37 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A266132518 for <sacm@ietf.org>; Wed, 23 Aug 2017 06:38:37 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id x187so701090ite.1 for <sacm@ietf.org>; Wed, 23 Aug 2017 06:38:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=PUSI1HPLZCLbpXKVS9/V1QSqeIpTMnQySHxhfUvg24s=; b=nwaXcjv7tfnekiVHFgHod5fJQ637PmrAiWeWpOe4kPFKAC5LPqOb/fU3T7lu8GKsBn BbFHbkp8dTo+PtyY757tJm2WXWwZOQ4qLCD4pzKgqrG25eMfZjfF6auqBMVDiFKdGAho G/i46aLnLN4D6y2Wn/Pw8xpSYEOzqLAZplapZsHnuPDdITul69En5HQSIOTJHuN+RkCo 000ZhZZfYNWEF9XdRTrJFsGCY+bK0FWoZKH5ewdhLUyWcV8HTh+39/enpeaVpMoiGD8a icglJ20hagKBMT2zhzBC7CotU0FZKvBY60uqBMi1sn2veh7jQsgR5eRd/wHmfYBiMESG F1Kw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=PUSI1HPLZCLbpXKVS9/V1QSqeIpTMnQySHxhfUvg24s=; b=GVgxwI3iMAXc8kNIsgDo6veTDtM410ex9gjOmx1DjNrZEEhXFuRRHmzag4cTQ9ISUz GMaDZLfqOSRj0998HrdacZqAERsTuw5AG+trRHZKcLKVkh+NphngOrt1hs6StpRe2Vkg X5xKb7Z1GNMJwZS4hbftLe9KJb9xKadwNhhCveut9mGcdmeCg59SujA3Zs5eJXbWY104 R0qcucyfcXLhTazH1BU8V1HWVH3xbcjjoCxMgeqqbUa6lUov4V0Z4jLnyPXjYD6jmrKj v06VXBIqzloAkYfzjtgXxI1JoDaGrzJQCEz1Z2wFN1JTvfFX05cGmu3bancN51A2uCM7 nMzg==
X-Gm-Message-State: AHYfb5jtiL4BFIe5q0xXHfMBbiw06T/+tAB5vs5g7WZc5DAAOjQIiSl4 ENtKg2pkr8jfxaOFRco5HGTmutko/K0b
X-Received: by 10.36.209.133 with SMTP id w127mr3233653itg.124.1503495516358; Wed, 23 Aug 2017 06:38:36 -0700 (PDT)
MIME-Version: 1.0
References: <CACknUNUvUDdiEOrmvuep4ji8jBJ+KkGO1vyNVG8bZrirYTzFAQ@mail.gmail.com> <CAM+R6NUAk=b79A-Vr8a8L0atqPjNLYTgY52Nz69e6nvOvH1pzA@mail.gmail.com>
In-Reply-To: <CAM+R6NUAk=b79A-Vr8a8L0atqPjNLYTgY52Nz69e6nvOvH1pzA@mail.gmail.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Wed, 23 Aug 2017 13:38:25 +0000
Message-ID: <CACknUNU_NzBhF6Wb+wHXV+2m=kYsGeS0kTGng5Bm=r+6fU0UzA@mail.gmail.com>
To: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0af9ae2c8d3805576bd47c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/OCOEtkh_KteZcrY22lQdJeuTT0k>
Subject: Re: [sacm] Initial comments on ECP draft
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2017 13:38:39 -0000
I think all of this is on the table if we up-level the draft. Other comments inline. On Fri, Aug 11, 2017 at 12:38 PM Jessica Fitzgerald-McKay < jmfmckay@gmail.com> wrote: > Adam, > > Thanks for your comments. I agree, the draft would do well to be > up-leveled. We can drop the SWIMA requirement, and maybe describe it as an > example of an implementation of a collector. What do you think? > [AWM] I like it, what do others think is reasonable? > > We might do well to genericize the collection capability over all, really. > NEA is a good mechanism to collect event-driven data from a client or a > server, but there are others (for example, yang push). > [AWM] Making the generic collection framework explicit is important, and we should design toward accepting other forms of collection now and in the future. > > Regarding the pub/sub repository interface, I agree. It would be a great > opportunity at IETF 100. > [AWM] I've had very little response to my calls to get an IETF 100 hackathon effort under way - hoping that it's summer vacation (I know I fell into that bucket) > > I will definitely update the Controls reference. Thanks for catching that. > [AWM] Any time. > > We put IF-IMC and IF-IMV on hold during the SWIMA work. We could revive > that effort, but I would like to be sure there is interest from the group > before doing so. IF-IMC and IF-IMV improve coordination of communication > between collectors and client, and between verifiers and servers, > respectively. They have been implemented in strongSwan, so were likely a > part of the hackathon effort at IETF 99. Andreas, am I correct there? > [AWM] I think this may be answered as we look to up-level ECP? > > Thanks, > Jess > > On Fri, Aug 4, 2017 at 7:23 AM, Adam Montville <adam.w.montville@gmail.com > > wrote: > >> Now that the ECP draft has been marked as adopted, I'd like to make some >> comments. >> >> The draft seems primarily concerned with endpoint software inventory >> rather than collection of generic attribute state. The abstract doesn't >> limit the draft to software inventory, but other (obvious) statements in >> the draft certainly do. To me, this draft needs to more clearly articulate >> how other categories of endpoint state can be collected (doesn't SWIMA >> handle the software attributes a bit anyway)? >> >> For example, see the first bullet in 4.2.3. (non use cases). It seems >> that, given we have the SWIMA draft, that we should evolve ECP to be about >> the framework for collection - we should entertain collection of other >> types of posture information in this draft. >> >> Additionally, the last bullet in 4.2.3 talks about a pub/sub repository >> interface. I would like the group (perhaps as part of our IETF 100 >> hackathon efforts) to consider how XMPP grid may support this notion. >> >> Please change the reference to SANS "20 Critical Security Controls" to >> the current CIS Controls. >> >> Finally, 5.2 mentions: "Any PC used in an Endpoint Compliance Profile >> solution MUST be conformant with [IF-IMC]; an Internet-Draft, under >> development, that is a subset of the TCG TNC Integrity Measurement >> Collector interface [IF-IMC] and will be submitted in the near future." >> Which Internet-Draft is being referenced? If not yet available, I'd like to >> see this sooner rather than later, because it's going to be hard to fully >> evaluate ECP otherwise. Also, does the same apply for IF-IMV? >> >> Kind regards, >> >> Adam >> >> _______________________________________________ >> sacm mailing list >> sacm@ietf.org >> https://www.ietf.org/mailman/listinfo/sacm >> >> >
- [sacm] Initial comments on ECP draft Adam Montville
- Re: [sacm] Initial comments on ECP draft Jessica Fitzgerald-McKay
- Re: [sacm] Initial comments on ECP draft Andreas Steffen
- Re: [sacm] Initial comments on ECP draft Adam Montville