Re: [sacm] Eric Rescorla's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
"Schmidt, Charles M." <cmschmidt@mitre.org> Wed, 21 February 2018 18:53 UTC
Return-Path: <cmschmidt@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5FC912D951; Wed, 21 Feb 2018 10:53:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GAFnCtVUAgJB; Wed, 21 Feb 2018 10:52:59 -0800 (PST)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 93F7F12D961; Wed, 21 Feb 2018 10:52:57 -0800 (PST)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 1639B6C00B8; Wed, 21 Feb 2018 13:52:57 -0500 (EST)
Received: from imshyb02.MITRE.ORG (unknown [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 0077E6C0009; Wed, 21 Feb 2018 13:52:57 -0500 (EST)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 21 Feb 2018 13:52:56 -0500
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Wed, 21 Feb 2018 13:52:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fWDVJYIXFw+xkUaXSZoQXYerEqJfmPq5krZpifn07fg=; b=viPLn2/PMSbX3/5MJHRDrP1OHfjY2Eb5dEGHU6XF30Z9lFjSSgUPttgh0ekr+cSEDX1WmNS0N3oSV4sp2/uUkt8yMHJONNKBCU+L6PSq5dDICmac/Jg3RqBwWnhj2iy37rrWokGGyNpQnpGREg4041sg+TwJOEqbc20hKErEYt0=
Received: from DM5PR0901MB2375.namprd09.prod.outlook.com (52.132.133.18) by DM5PR0901MB2376.namprd09.prod.outlook.com (52.132.133.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Wed, 21 Feb 2018 18:52:54 +0000
Received: from DM5PR0901MB2375.namprd09.prod.outlook.com ([fe80::21b9:ccf6:187e:85e1]) by DM5PR0901MB2375.namprd09.prod.outlook.com ([fe80::21b9:ccf6:187e:85e1%13]) with mapi id 15.20.0506.023; Wed, 21 Feb 2018 18:52:54 +0000
From: "Schmidt, Charles M." <cmschmidt@mitre.org>
To: Eric Rescorla <ekr@rtfm.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-sacm-nea-swima-patnc@ietf.org" <draft-ietf-sacm-nea-swima-patnc@ietf.org>, "sacm@ietf.org" <sacm@ietf.org>, "sacm-chairs@ietf.org" <sacm-chairs@ietf.org>, "odonoghue@isoc.org" <odonoghue@isoc.org>
Thread-Topic: Eric Rescorla's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
Thread-Index: AQHTqlrct4cD3GW5akqrc1AlBpEBAKOvNXpA
Date: Wed, 21 Feb 2018 18:52:54 +0000
Message-ID: <DM5PR0901MB2375C01F4733DE80A6F0C48EABCE0@DM5PR0901MB2375.namprd09.prod.outlook.com>
References: <151905929469.18606.10098529260116686519.idtracker@ietfa.amsl.com> <DM5PR0901MB2375D9F81A87C7FB44F934F1ABCF0@DM5PR0901MB2375.namprd09.prod.outlook.com> <CABcZeBNrZMGPpNs3NbyQ6m0QXu8C4rCf4kcdnY3k3_cS3SoSDg@mail.gmail.com>
In-Reply-To: <CABcZeBNrZMGPpNs3NbyQ6m0QXu8C4rCf4kcdnY3k3_cS3SoSDg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cmschmidt@mitre.org;
x-originating-ip: [192.160.51.89]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR0901MB2376; 7:slF6ebMuLRBSkiVvrB+JAia4STL453vi1tvxKwsMn9GSSi3Y9MJLInbkX9J+ebnSaOOCW2Bsb1H7nJgbf6SxBmOHxdWHIv8fit3lYvf7tQliIUExckEiDT7DkXVrkrW28bxKTepkkixjra1p3Temnh5zcV3NGQwF0GStSnYKXaaLFuaAnzCdYjS7b4LFmtTAwfU9LSnZt7ao23W0J6BtX8/yk1LfJWTeDqpeljfktpKyi+yscSjO+A0WHViBNZ1Q
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 1014fdbc-e7c6-4881-b699-08d5795c5134
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:DM5PR0901MB2376;
x-ms-traffictypediagnostic: DM5PR0901MB2376:
x-microsoft-antispam-prvs: <DM5PR0901MB2376E145D4C8328B36D112D9ABCE0@DM5PR0901MB2376.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(10201501046)(3231101)(944501161)(3002001)(93006095)(93001095)(6055026)(6041288)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:DM5PR0901MB2376; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0901MB2376;
x-forefront-prvs: 0590BBCCBC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39380400002)(39860400002)(346002)(396003)(376002)(366004)(51914003)(51444003)(199004)(189003)(13464003)(55016002)(3660700001)(966005)(99286004)(3846002)(6116002)(97736004)(8666007)(25786009)(7696005)(66066001)(6436002)(14454004)(2900100001)(2906002)(4326008)(26005)(53936002)(6916009)(2950100002)(68736007)(86362001)(106356001)(6246003)(76176011)(7736002)(59450400001)(33656002)(8676002)(81156014)(81166006)(478600001)(186003)(5660300001)(54906003)(102836004)(6506007)(53546011)(3280700002)(9686003)(5250100002)(229853002)(6306002)(8936002)(74316002)(305945005)(105586002)(316002)(486264002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0901MB2376; H:DM5PR0901MB2375.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
x-microsoft-antispam-message-info: F8CJ85dXr8MPfSwR37km1opL401YADoGwsOoaH5qINheZ19RCZSUZ0puM5VsieVKQl5CEJsThjo7vOZvCWe9s7UVwxTe/or8XpiloKpDhLbFZ56zA+m9DUCU7iE/cWvcTVIWjLKBKg0TqhDhZvvrMO6bHzZYqNYRRnPhPSO41io=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 1014fdbc-e7c6-4881-b699-08d5795c5134
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2018 18:52:54.8216 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0901MB2376
X-OriginatorOrg: mitre.org
X-MITRE: 8GQsMWxq66rxk57w
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/RGp7dTAHRXHzxVbmH1XHtcxnjH0>
Subject: Re: [sacm] Eric Rescorla's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 18:53:04 -0000
Hi Eric, Thanks for the clarifications. I'll make the updates you suggest. Thanks for the help. Charles > -----Original Message----- > From: Eric Rescorla [mailto:ekr@rtfm.com] > Sent: Tuesday, February 20, 2018 8:56 AM > To: Schmidt, Charles M. <cmschmidt@mitre.org> > Cc: The IESG <iesg@ietf.org>; draft-ietf-sacm-nea-swima-patnc@ietf.org; > sacm@ietf.org; sacm-chairs@ietf.org; odonoghue@isoc.org > Subject: Re: Eric Rescorla's No Objection on draft-ietf-sacm-nea-swima- > patnc-02: (with COMMENT) > > > > On Tue, Feb 20, 2018 at 6:21 AM, Schmidt, Charles M. <cmschmidt@mitre.org > <mailto:cmschmidt@mitre.org> > wrote: > > > Hello Eric, > > Thank you very much for the comments. I have only two follow-up > questions: > > > An EID is a 4-byte unsigned integer that the SWIMA-PC assigns > > sequentially to each observed event (whether detected in real- > time or > > What byte order? > > Section 5.3 (Message Diagram Syntax) states that "Multi-octet fields > representing numeric values MUST be sent in network (big-endian) byte > order." I have tweaked this to simply say "All fields representing numeric > values MUST be sent in network (big-endian) byte order". Is this sufficient or > do feel that this should be reiterated in the individual field descriptions? (I > did go through and make sure that every integer is explicitly "unsigned", per > your other comment.) > > > > > Yeah, I make notes as I go and then left this one because I think that might > be confusing as people read in order. > > I'm not sure what the best approach is, TBH. Maybe say it up front too? > > > > > event records MUST only contain events with EIDs that all come > from > > the current Epoch. > > How does the SWIMA-PC garbage collect? It seems like the answer > is it can > > just change epochs? > > You are correct. The second paragraph of section 3.7.1 (Event > Identifiers) states that "In the case where a SWIMA-PC needs to reset its EID > counter, either because it has exhausted all available EID values or because > the SWIMA-PC's event log becomes corrupted, then a new EID Epoch MUST > be selected." Apart from that passing mention, I don't believe the document > makes any comment. Do you feel additional emphasis on this topic is > necessary? > > > > It confused me a bit. Perhaps you might say "or has exhausted the space > allowed for event storage" > > > > > > Finally, an aesthetic check on repeated fields. I have attempted the > following: > -------------- > 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Flags | Event Count | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Request ID Copy / Subscription ID | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | EID Epoch | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Last EID | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Last Consulted EID | > > ========================================================== > ======= > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | EID | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Timestamp > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Timestamp > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Timestamp > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Timestamp > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Timestamp | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Record Identifier | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Data Model Type PEN |Data Model Type| > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Source Id Num | Action | Software Identifier Length | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Software Identifier (variable length) | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Software Locator Length |Software Locator (variable len)| > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Figure 8: Software Identifier Events Attribute > > Everything after the line of double bars (======) is repeated a > number of times equal to Event Count. > ------------- > > Do you feel that this clarifies the repeated fields in the diagram? The > alternative would be to do something like: > > 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Flags | Event Count | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Request ID Copy / Subscription ID | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | EID Epoch | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Last EID | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Last Consulted EID | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | | > | SUB-BLOCK (Event Count times) | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Figure n: Main message > > 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | EID | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Timestamp > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Timestamp > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Timestamp > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Timestamp > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Timestamp | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Record Identifier | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Data Model Type PEN |Data Model Type| > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Source Id Num | Action | Software Identifier Length | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Software Identifier (variable length) | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > | Software Locator Length |Software Locator (variable len)| > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+ > Figure M: Sub-block > > I'm interested in your thoughts as to which of these better clarifies > the nature of the repeated fields. > > > > I think the second is better, but as you say it's aesthetic. > > FWIW, I usually do these big blockaf (e.g., timestamp) s by eliding the > horizontal bars rather than the vertical ones, but again, it's taste. > > Best, > -Ekr > > > > > Thanks again for your help. > > Charles > > > -----Original Message----- > > From: Eric Rescorla [mailto:ekr@rtfm.com <mailto:ekr@rtfm.com> > ] > > Sent: Monday, February 19, 2018 10:55 AM > > To: The IESG <iesg@ietf.org <mailto:iesg@ietf.org> > > > Cc: draft-ietf-sacm-nea-swima-patnc@ietf.org <mailto:draft-ietf- > sacm-nea-swima-patnc@ietf.org> ; sacm@ietf.org <mailto:sacm@ietf.org> ; > Karen > > O'Donoghue <odonoghue@isoc.org <mailto:odonoghue@isoc.org> > >; sacm-chairs@ietf.org <mailto:sacm-chairs@ietf.org> ; > > odonoghue@isoc.org <mailto:odonoghue@isoc.org> ; > sacm@ietf.org <mailto:sacm@ietf.org> > > Subject: Eric Rescorla's No Objection on draft-ietf-sacm-nea- > swima-patnc-02: > > (with COMMENT) > > > > Eric Rescorla has entered the following ballot position for > > draft-ietf-sacm-nea-swima-patnc-02: No Objection > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > More detail in context at: https://mozphab- > > ietf.devsvcdev.mozaws.net/D3336 > <http://ietf.devsvcdev.mozaws.net/D3336> > > > > IMPORTANT > > I consider the following comment important, though I have chosen > to make > > it a comment rather than a discuss. > > > > Software records on an endpoint are generally not considered to > be > > sensitive, although there can be exceptions to this generalization > as > > noted in the section on Privacy Considerations. In general, an > > > > I'm not sure where "generally" comes from. I consider it > > sensitive and we know that people have been jailed for running > certain > > software. Even the rest of this section provides strong evidence > that > > this is sensitive. So I think you should remove this claim and rewrite > > this paragraph to acknowledge that this is sensitive information > > > > MINOR > > The primary use of exchanging software inventory information > over the > > PA-TNC interface is to enable a challenger (e.g. NEA Server) to > > obtain inventory evidence about some system in a way that > conforms to > > Nit: e.g., > > > > endpoint is providing false information, either through malice or > > error, but instead focuses on correctly and reliably providing the > > reported Software Inventory Evidence Collection to the NEA > Server. > > This seems like a pretty significant narrowing of the use cases. Can > you > > explain what use cases this is useful for if the machine can lie? > > > > A Record Identifier is a 4-byte integer generated by the SWIMA- > PC > > that is uniquely associated with a specific record within the > > In what byte order? Signed or unsigned? If it's actually an integer > this is > > important. > > > > that SWIMA-PV), the SWIMA-PC MUST assign that source a > Source > > Identification Number, which is an 8-bit unsigned integer. Each > item > > reported includes the Source Identification Number that provided > that > > What happens if you have 256 sources? Must these be sequential? > > > > record that is no longer available, the SWIMA-PC SHOULD return a > > 0-length record. > > Is this different from what happens if you are requested to send > something > > that > > never existed? If so, is this a recipe for unlimited growth. > > > > An EID is a 4-byte unsigned integer that the SWIMA-PC assigns > > sequentially to each observed event (whether detected in real- > time or > > What byte order? > > > > very first recorded event in a SWIMA-PC's records within an EID > Epoch > > MUST be assigned a value of 1 or greater. Note that EID and EID > > Epoch values are assigned by the SWIMA-PC without regard to > whether > > Why "or greater" this is the only place you allow a gap. > > > > event records MUST only contain events with EIDs that all come > from > > the current Epoch. > > How does the SWIMA-PC garbage collect? It seems like the answer > is it can > > just > > change epochs? > > > > records. This ensures that every partial list of event records is > > always complete within its indicated range. > > Is the point here that the list must be consecutive? > > > > | | (8) | PA-TNC specification [RFC5792]. | > > +--------------+------------+---------------------------------------+ > > It's up to you, but isn't this table largely duplicative of S 5.2? > > > > | Software Identifier Length | Software Identifier (var len) | > > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+-+ > > OK, I think I see what's going on here: you can have an arbitrary > number of > > instances of this block. Maybe you should show more than one in > the > > diagram > > with an indication that it's controlled by SWID Count? Or a .... or > something? > > This comment applies to the other PDUs in this document as well. > > > > | Timestamp | > > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- > +-+-+ > > | Timestamp | > > I would not put lines between these timestamp fields because they > are > > actually > > one giant field > > > > > > >
- [sacm] Eric Rescorla's No Objection on draft-ietf… Eric Rescorla
- Re: [sacm] Eric Rescorla's No Objection on draft-… Schmidt, Charles M.
- Re: [sacm] Eric Rescorla's No Objection on draft-… Eric Rescorla
- Re: [sacm] Eric Rescorla's No Objection on draft-… Schmidt, Charles M.