IETF Logo Mail Archive

Re: [sacm] Comments on draft-ietf-sacm-ecp

Adam Montville <adam.w.montville@gmail.com> Wed, 04 April 2018 15:01 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2358212DA01; Wed, 4 Apr 2018 08:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id olpySUAe8aDx; Wed, 4 Apr 2018 08:01:07 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F625126FB3; Wed, 4 Apr 2018 08:01:07 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id d206so22823422qkb.0; Wed, 04 Apr 2018 08:01:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=lw2lSDKThU6gjzg8uEe9RPVv2+FmlwAW9/u5ADi3cUU=; b=sC0/ZBWzX47799PCvcvDs0ibmBy0knLyZidrKmqXuwjyywLhc8h+ohYIIFymp3HCss 1ZkauGI5IYokYLowha+iYVp7QubFJ3q6C7w+UyBTI7tTdY7jz7EhtGT0m+DjtQ74YZ3C tllOx6gtZ0TPMlosdvw2UuuoSVbuZl5F5rOFZQwDVU35DTe/gdyropqWg53ckFDOWmkG Cj6zkf9lJB0iNhPLYcyzOAJLgLaEmx6yq6OuNyj1Wa281ofXlChZo2+CrLQ00k+lGmRt 8mjghq6P9qfOisHs/xl/mF4+SuFDi/2y+Xud84zzt9QL8nSaEjeQwj/Y0i0g/5/SNwdE jjoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=lw2lSDKThU6gjzg8uEe9RPVv2+FmlwAW9/u5ADi3cUU=; b=m5VxUzXK2yHO6OGCybvgxgtAU3Y/u+MGO1HhJU2WsgSk/H9eDWnwZF/z71zm3L4rZo PpD6/NqlmmC+13MSHfoSmHXBsaX68E8YkCy7rRPcXeO6OsiQ/KiSf1nxSLrm8g5a8sAP KMxSP7nwuP/pTDEljU/WU0xun7ndQYi6tFKOV7s2Nq7rxYJyFedd9QCskErmVA3GM5QY O0CBIZZQGPGpH2/2mA0HFhE11gz4FlPyEkW75VDur7ExX/J2Q3nxMfdbXHgq3Nox5BuS +iyGqSiIyExCt2Vn4WlxjsqB1UjbTcuRYkLZJONVxdOtu0TmK8vMCksLHublw9BlsHME C0eQ==
X-Gm-Message-State: ALQs6tA2xnHR2Dcc8lNX1JMnN1/rOYoFxdExnsADXp/RLClTwBNzLjhf Hqr8BDTbIJ9L7jeWAxI57LU=
X-Google-Smtp-Source: AIpwx4+JsYlpuMvmBnfJZJnTYg9uGr+IJvcoge8uiuh3qfL7vqbnEI83ELi2EJ28zsZ5zUpl+Bf6Kg==
X-Received: by 10.55.72.150 with SMTP id v144mr25798465qka.56.1522854066125; Wed, 04 Apr 2018 08:01:06 -0700 (PDT)
Received: from macbook-3.lan (99-64-100-131.lightspeed.austtx.sbcglobal.net. [99.64.100.131]) by smtp.gmail.com with ESMTPSA id e4sm4007324qkc.66.2018.04.04.08.01.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Apr 2018 08:01:05 -0700 (PDT)
From: Adam Montville <adam.w.montville@gmail.com>
Message-Id: <7A0923F4-923E-40AA-B335-D4FDAF9497DD@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_06C01799-0C8E-435C-B7FC-53B2708DBF39"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Wed, 04 Apr 2018 10:01:03 -0500
In-Reply-To: <DM5PR0901MB2197CC362C2CAC788F806367A5A40@DM5PR0901MB2197.namprd09.prod.outlook.com>
Cc: "draft-ietf-sacm-ecp@ietf.org" <draft-ietf-sacm-ecp@ietf.org>, "<sacm@ietf.org>" <sacm@ietf.org>
To: "Haynes Jr., Dan" <dhaynes@mitre.org>
References: <A9A78B93-981C-4857-AC35-CD38055DA55B@gmail.com> <DM5PR0901MB219737E3075D0C2C84E916D3A5A50@DM5PR0901MB2197.namprd09.prod.outlook.com> <AAC84E16-2518-45C7-9F5A-6092712526D6@gmail.com> <DM5PR0901MB2197CC362C2CAC788F806367A5A40@DM5PR0901MB2197.namprd09.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/QTN86qppGq87IdSjHO6EcW8UOHw>
Subject: Re: [sacm] Comments on draft-ietf-sacm-ecp
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 15:01:14 -0000


> On Apr 4, 2018, at 9:49 AM, Haynes Jr., Dan <dhaynes@mitre.org> wrote:
> 
> Wherever the draft says something like "SWIMA Posture Collection", I would say "SWIMA inventory collection" or something similar to that. Posture has s specific definition per our terminology draft [3], and the information enabled by use of SWIMA is part of, but is not in total, posture information.
> [danny] Can you clarify? Looking at the definition for posture in GitHub, it says: “…the configuration and state information that is collected from a target endpoint in the form of endpoint attributes (e.g. software/hardware inventory, configuration settings, dynamically assigned addresses). This information may constitute one or more posture attributes.”. It seems like what SWIMA collects is posture to me?
>  
> Sure. The context I have is that we, long ago, talked about the posture of an endpoint being the collection of software load, configuration state, vulnerability state (or something similar to that). Software load is a part of that. If I read the definition very literally, it reads "configuration and state information" rather than "configuration or state information" or "configuration and/or state information". The singular examples in the definition notwithstanding, when I read the phrase "SWIMA Posture Collection" I feel like SWIMA should be capable of collecting all possible posture information.
>  
> [danny] I guess I didn’t read that “and” so literally in the terminology :). And yes, through extensions, ECP (not SWIMA) is capable of collecting all possible posture information. SWIMA just focuses on software inventory information.
>  
> I'm interested in what others think as well. Also, the only reason I'm commenting is for others' benefit - I understand what the draft means, but a first-time reader may not.
>  
> [danny] In that case, what do others think about this?

Yes, please opine. In the interest of clarity and thrash-avoidance, I would prefer that we use posture to reference complete posture rather than part of posture, otherwise we'll always be needing to qualify which parts of posture we really mean or leaving it up to context, which is sometimes fine but sometimes not.

v2.23.0 | Report a Bug | By Email