Re: [sacm] Milestones for recharter - FEEDBACK needed ASAP
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 16 November 2017 03:23 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B60F127275 for <sacm@ietfa.amsl.com>; Wed, 15 Nov 2017 19:23:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QO4qXErUu_D0 for <sacm@ietfa.amsl.com>; Wed, 15 Nov 2017 19:23:11 -0800 (PST)
Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B40D127010 for <sacm@ietf.org>; Wed, 15 Nov 2017 19:23:03 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2EjAgBp299Z/xoBYJleHAEBBAEBCgEBg11kbicHg3OKH48ygUsJInmVNoISChgLgV6DOgKEPz8YAQIBAQEBAQEBA2gogmpGLAEBAQEBASYBAQEBAQEjAj4sAQEBAwEBASEPAQU2EAsJAhIGAgIjAwICJx8BAg4GCgMGAgEBF4l7BwUMjXudZ4InizwBAQgBAQEBHwWBDoIfggeBUYFqKwuCPzWEbxaCVj2CYQWYZIhggQiBJoUwg2KLPoV0g1UFJIcKlT4CBAYFAhkBgTkfOVwyUyZdhRocgWh1ikYBgRABAQE
X-IPAS-Result: A2EjAgBp299Z/xoBYJleHAEBBAEBCgEBg11kbicHg3OKH48ygUsJInmVNoISChgLgV6DOgKEPz8YAQIBAQEBAQEBA2gogmpGLAEBAQEBASYBAQEBAQEjAj4sAQEBAwEBASEPAQU2EAsJAhIGAgIjAwICJx8BAg4GCgMGAgEBF4l7BwUMjXudZ4InizwBAQgBAQEBHwWBDoIfggeBUYFqKwuCPzWEbxaCVj2CYQWYZIhggQiBJoUwg2KLPoV0g1UFJIcKlT4CBAYFAhkBgTkfOVwyUyZdhRocgWh1ikYBgRABAQE
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208";a="1416367"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Nov 2017 04:23:00 +0100
X-IronPort-AV: E=Sophos;i="5.44,402,1505772000"; d="scan'208";a="269619118"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Nov 2017 04:22:59 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vAG3MwUm007730 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <sacm@ietf.org>; Thu, 16 Nov 2017 04:22:59 +0100
Received: from [31.133.136.126] (31.133.136.126) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 16 Nov 2017 04:22:53 +0100
To: sacm@ietf.org
References: <etPan.5a0bd4f3.4a5e4576.17eb5@cert.org> <CACknUNUP3nM1OxWvExtSLm-RL-YjEsk+Tr9gTjYZybf-HoQ1hA@mail.gmail.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <5ed05603-8132-e254-5ad6-17e20eef6b9c@sit.fraunhofer.de>
Date: Thu, 16 Nov 2017 04:22:48 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CACknUNUP3nM1OxWvExtSLm-RL-YjEsk+Tr9gTjYZybf-HoQ1hA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [31.133.136.126]
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/Sxg6ptXRzV-5KtOfTRd7XTBWGuc>
Subject: Re: [sacm] Milestones for recharter - FEEDBACK needed ASAP
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 03:23:15 -0000
Hi Adam, comments inline. Viele Grüße, Henk On 11/15/2017 03:09 PM, Adam Montville wrote: > Chris & Karen, > > Thanks for sending this out. Here are some thoughts that Bill and I have > on getting milestones built out from our possible work items. I've > organized this note by work item in the order they appear in our draft > charter presently under consideration. Before getting into the > per-work-item notes, I thought it would be good to list the drafts we > think could be created in pursuit of fulfilling our charter. > > =========== > > *Draft Suggestions (without timelines):* > Given all of the above, the following could be milestone items (i.e. > drafts): > > * Endpoint identification and targeting > * Endpoint element description > * ECP > * SWIMA > * Criteria/evaluation language > * Datastream over transfer mechanism > * ECP over transfer mechanism > * YANG-push over transfer mechanism > * IPFIX over transfer mechanism > * CoSWID > * General purpose OS posture collection best practice > * Web server posture collection best practice > * Database server posture collection best practice > * ROLIE software descriptor > * ROLIE configuration checklist information type > * ROLIE configuration descriptor > * ROLIE vulnerability information descriptor > > Other drafts: > > * Terminology > * Architecture / data interchange api/concept of operations > * > Transfer protocol(s) - spring 2019 (PT-TLS/XMPP-Grid/others) > * > Lang/api for developing guidance - fall 2019 (orchestration) > > (These last three may be useful for supporting development of the drafts > previously listed.) > > ============ > > *First Possible Work Item:* > "Define a way to provide three types of guidance to the correct SACM > collectors: 1) Which target endpoints to collect from and, 2) what to > collect from these target endpoints, and 3) How quickly after an > attribute change information must be collected." > > First, we have the opinion that the third type of guidance presumes a > specific solution and on that basis should be considered for removal (I > know this might be late). "Transfer protocol(s) - spring 2019 (PT-TLS/XMPP-Grid/others)" seem(s) to be able to provide these features? Respectively, see 2nd work item below: "define extensions". > > Second, given that this is an item to /provide/ three types of guidance > to the correct SACM collectors, we need at least one delivery mechanism. > It seems that ROLIE or XMPP-Grid could fulfill this need. We feel that > there is probably a role for both. > > Third, this work item also implies that we have some manner of: > > 1. Endpoint identification and targeting Target Endpoint Characterization? > 2. Endpoint element description Target Endpoint Profiles? Both imply the definition of corresponding repository capabilities, I think (maybe because we just created a PoC imperative guidance repo SACM component at the Hackathon). > > > *Second Possible Work Item:* > Define an extension of IETF NEA [https://ietf.org/wg/concluded/nea.html] > to collect and deliver information about firmware, operating systems, > and software installed on an endpoint. > > Here we feel that ECP (PT-TLS), along with SWIMA (software IDs over > PT-TLS), provides the NEA extension. > > *Third Possible Work Item:* > Describe a criteria language capable of being evaluated against endpoint > posture information to produce a standardized result. > > This is TBD, but Dave and Stephen expressed interest in this item at > IETF 99, and we assume that interest persists. Might need more specifica about the data at rest? Not sure if in scope, though. > > > *Fourth Possible Work Item:* > Define a control plane function to enable the discovery and > orchestration between devices that can provide the requisite information > sought by posture collectors, posture evaluators or both. > > The more we read this one the more we were confused by it. The intent > seems to mean how information sources flow through the transfer > mechanism (i.e. XMPP-Grid). From this perspective, we may need to define > how many information sources are transferred over the given mechanism > (i.e. XMPP-Grid). > > * Datastream (XCCDF+OVAL, etc.) > * ECP (which may end up being more than SWIMA) > * YANG-push > * IPFIX > * Etc. This seems to be a mix of transfer methods and payload definitions? In regard to negotiation/selection of the corresponding data plane streams there are always (at least) the two options of either an intermediary (e.g. a broker) or a direct end-2-end data plane flow (which could also be brokered/orchestrated). > > > *Fifth Possible Work Item:* > Define a method of expressing software metadata that is suitable for use > by constrained devices including a CBOR-based format derived from the > ISO/IEC 19770-2 Software Identification (SWID) tag standard. > > This is, to us, clearly CoSWID. > > *Sixth Possible Work Item:* > Define best practices for the collection of posture information from > endpoints and its delivery to a collector, from which it can be > distributed using the SACM messaging standards. > > For network devices, this has something like Frank and crew have cooked > up, with the network device baselines (we'll reserve our comments on use > of the term baseline for another discussion). But, this also implies > that there are more such things to consider for things like Web servers, > database servers, general purpose operating systems, real-time operating > systems, IoT devices, and so on. I maybe wouldn't call this bas... oh, nvm, reserved for another discussion ;) > > *Seventh Possible Work Item:* > Extend existing standards for information exchange to support the > sharing of software, configuration information, and other forms of > imperative guidance including extensions to the Resource-Oriented > Lightweight Information Exchange (ROLIE). > > Obviously, this is leaning toward ROLIE, and we've got some drafts > in-flight for such extensions already. We note, however, that this work > item is not exclusive to ROLIE. Nevertheless, we have discussed software > descriptors, configuration descriptors, checklist information type > descriptor, vulnerability information descriptor, and so on. > > However, we also note that this seventh work item is strikingly similar > to the fourth, and suggest that this seventh item be considered as a > special case of the fourth. > > ============= > > Hopefully, this starts to elicit further discussion with respect to our > milestones. > > Kind regards, > > Adam > > PS: Bill, please correct anything that I got wrong or missed from our > discussion. > > > > > On Wed, Nov 15, 2017 at 1:47 PM Chris Inacio <inacio@cert.org > <mailto:inacio@cert.org>> wrote: > > For everyone in the room (in person or virtual) we discussed > milestones that we would present along with our new charter text. > This is what I captured during the meeting – admittedly with some > significant liberties on my part: > > Milestones: > ========== > > CoSWID - WGLC early 2018. (SWID data) (Collection) > ROLIE SW extension - WGLC early 2018 (SWID data) (Share/Collect) > ECP - mid 2018 (PT-TLS/IETF NEA data) (Collection/) > > Terminology - end of 2018 > Architecture / data interchange api/concept of operations - end of 2018 > > Transfer protocol(s) - spring 2019 (PT-TLS/XMPP-Grid/others) > > Lang/api for developing guidance - fall 2019 (orchestration) > > > Please provide feedback ASAP so that the chairs can finish > submitting the re-charter information by the end of the week. > > Thank you, > Chris & Karen > > -- > Chris Inacio > inacio@cert.org <mailto:inacio@cert.org> > > _______________________________________________ > sacm mailing list > sacm@ietf.org <mailto:sacm@ietf.org> > https://www.ietf.org/mailman/listinfo/sacm > > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm >
- [sacm] Milestones for recharter - FEEDBACK needed… Chris Inacio
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Adam Montville
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Henk Birkholz
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Adam Montville
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Waltermire, David A. (Fed)
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Adam Montville
- [sacm] 答复: Milestones for recharter - FEEDBACK ne… Xialiang (Frank)