[sacm] Initial comments on ECP draft
Adam Montville <adam.w.montville@gmail.com> Fri, 04 August 2017 11:23 UTC
Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 693EA131D25 for <sacm@ietfa.amsl.com>; Fri, 4 Aug 2017 04:23:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B3-RB_Sonzu8 for <sacm@ietfa.amsl.com>; Fri, 4 Aug 2017 04:23:47 -0700 (PDT)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0D17126CC4 for <sacm@ietf.org>; Fri, 4 Aug 2017 04:23:47 -0700 (PDT)
Received: by mail-it0-x234.google.com with SMTP id v127so6612120itd.0 for <sacm@ietf.org>; Fri, 04 Aug 2017 04:23:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=fHGi80rYwsKb94bCD6EY6uucCwNcObxRS3MyOKh5r20=; b=hQujl8NAI7XVH3srtuCDun8dqedJ8jk5f9Tm6YjQzCYrjX5McscHJATaP73B9JHPas 6iP3/RaxLGWCacP7PPMx0IKxN1Tqw/Ic3ErQPLB5sJwCX9DAMz91Sw6E5Ur38+8ltJjF S3HWgzb7ghbgAy0bY5l2yUQ59FystPYyEh+w7SsgAJXZpV4jq16C5mOHII55ptfkQMO5 XFOkRz2hyiuOK2+gyGqMvwgDlrDPBZClZ08jRt5QvLZsLjLOpaIxWLtpPGy11dl8goiU BX70dQNPiBw6zWxmi5Bl4j/tR/ohSwaUZlgTT2pmhTxWU5CBPp64eEc1KHquARKW7JNS Jtdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=fHGi80rYwsKb94bCD6EY6uucCwNcObxRS3MyOKh5r20=; b=H7GktvKBhuNVESnjh2cNDjFB9zSguskAJiN7vVriVQuAOcT/baUFsy9Ed7IvjFzie2 T1M0PGO9a7VXeBFG8pwE/4EJKtgFf9QoPpsZHTCaM8Yagqz3Cj8Nc//bi+rZW/6Vwt4W zrRJqJ6UIeFiVi1JskmRRsWMy9l+U0QqCv+n6qvOm+PqgrrOZE6Y3WIJCGbWjxCELmMA 2rywl89dxHmUGvwi0L+qA9wmKSA5y72tCpidhTUxYEB/7PcyzsZTFHT9pMY3pb8SAw45 7VYfrNFst3WCCPCtSfZmMumtqVcP07HGdQKqrOVnV4zx0+getbksM9jPkwHxBBmRd3Rr L/rA==
X-Gm-Message-State: AIVw110W9IqN2TIUdTlDdZYGJCfSvqppbSGITwkdcGQOS14bBOwCXwyg vFoffhBv1QWrCDxDU5HcTUW0JitSkAcn
X-Received: by 10.36.246.5 with SMTP id u5mr2038026ith.82.1501845826892; Fri, 04 Aug 2017 04:23:46 -0700 (PDT)
MIME-Version: 1.0
From: Adam Montville <adam.w.montville@gmail.com>
Date: Fri, 04 Aug 2017 11:23:36 +0000
Message-ID: <CACknUNUvUDdiEOrmvuep4ji8jBJ+KkGO1vyNVG8bZrirYTzFAQ@mail.gmail.com>
To: "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c034f1204fbfa0555ebbbb6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/OuCpgdz2GTJ7ASUpH_EH2Ina0oE>
Subject: [sacm] Initial comments on ECP draft
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 11:23:49 -0000
Now that the ECP draft has been marked as adopted, I'd like to make some comments. The draft seems primarily concerned with endpoint software inventory rather than collection of generic attribute state. The abstract doesn't limit the draft to software inventory, but other (obvious) statements in the draft certainly do. To me, this draft needs to more clearly articulate how other categories of endpoint state can be collected (doesn't SWIMA handle the software attributes a bit anyway)? For example, see the first bullet in 4.2.3. (non use cases). It seems that, given we have the SWIMA draft, that we should evolve ECP to be about the framework for collection - we should entertain collection of other types of posture information in this draft. Additionally, the last bullet in 4.2.3 talks about a pub/sub repository interface. I would like the group (perhaps as part of our IETF 100 hackathon efforts) to consider how XMPP grid may support this notion. Please change the reference to SANS "20 Critical Security Controls" to the current CIS Controls. Finally, 5.2 mentions: "Any PC used in an Endpoint Compliance Profile solution MUST be conformant with [IF-IMC]; an Internet-Draft, under development, that is a subset of the TCG TNC Integrity Measurement Collector interface [IF-IMC] and will be submitted in the near future." Which Internet-Draft is being referenced? If not yet available, I'd like to see this sooner rather than later, because it's going to be hard to fully evaluate ECP otherwise. Also, does the same apply for IF-IMV? Kind regards, Adam
- [sacm] Initial comments on ECP draft Adam Montville
- Re: [sacm] Initial comments on ECP draft Jessica Fitzgerald-McKay
- Re: [sacm] Initial comments on ECP draft Andreas Steffen
- Re: [sacm] Initial comments on ECP draft Adam Montville