IETF Logo Mail Archive

Re: [sacm] Genart telechat review of draft-ietf-sacm-nea-swima-patnc-02

Dan Romascanu <dromasca@gmail.com> Wed, 21 February 2018 22:10 UTC

Return-Path: <dromasca@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 503EB12DA69; Wed, 21 Feb 2018 14:10:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 725ks4kU495z; Wed, 21 Feb 2018 14:10:42 -0800 (PST)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D68F12E8A4; Wed, 21 Feb 2018 14:10:32 -0800 (PST)
Received: by mail-qk0-x229.google.com with SMTP id s188so4064051qkb.2; Wed, 21 Feb 2018 14:10:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=o7DjuDZZPX4JsHQ5f+dyb9iIUvs+qYHD+A2cakrqm8I=; b=eM9RQjYgKvIOYgrK9EDo9eSCeJvu8yo7NOqPZIYZnzHVC/74o2GHv3N5IcVAtbn6fO HBaFSYo0sXadorIjLDmJCF57jeVDi+rE2fyLBWH57fN52kj5a5ZM/tF2r8ZKLHvs+AGa huNHokQXsc7BVMbmD3JXpWjIK5Ena3AWAh+JU+bCBiq1XTLsqz2Qf1aUWgT6SlbT4Km8 /CgniBHpC1pR5hS6YV4z/fEw7GLAfrvhXNYIc2w4LlnswhaingsIu9VRHyPvkPny908l MY6MxMxjZ+Zfcp94JYyQY3jhhNbuXHRFDeptuhm3eVx3JeQMJi7oNyfoEGRpbdpjMWsm /Qgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=o7DjuDZZPX4JsHQ5f+dyb9iIUvs+qYHD+A2cakrqm8I=; b=uX5ogvlwGyK2WWZObBAuMoVsFMhM/TJK7Qc5FSYuNEnbdW4KtRVxaGzk1ORMYP7G/L OFbl2PmEE7cK2fRuKSq4+A0i27F2TrZY35MOY+5bRCfDVA+4p7t4m41n40ZdecP7XhX+ cA9vceOSXkbDeYHgJLwSLFbz8o3R0vBUNQHMBrzIY7ign4gkDh06Pq2m2npVrS84efco oPK6xGY088vFknQ/iCXAmg0Jp3KzGidpvyc/Tjt33gImSFqr5uT4ZCJMvASIPKSY/eC1 0PIcPJwmghklIUVBTWNx2IkTSdDwOow2SmWY4ZdgoCgp7DfDMqPQR48+BP1LayPkDs1g 8YlQ==
X-Gm-Message-State: APf1xPAeJGg7FEOhw5EnxH+XNb0aB83vBWgZLPPkP6ml+zwOZLaRH4fs Ne+KTqhC42JgVT9St2oZteJukWF+h1VTJNngq9M=
X-Google-Smtp-Source: AG47ELv4fppaj5ang8HFICIcvLxhTfiTx5sAuc/jXMGD0Pk2u4OTFPSggaftGfSLuMVfFHvqLUINKG3klTyJa5CGfGQ=
X-Received: by 10.55.163.8 with SMTP id m8mr7682593qke.13.1519251031319; Wed, 21 Feb 2018 14:10:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.23.200 with HTTP; Wed, 21 Feb 2018 14:10:30 -0800 (PST)
In-Reply-To: <DM5PR0901MB237578DCF3767768F610B046ABCE0@DM5PR0901MB2375.namprd09.prod.outlook.com>
References: <151898069815.27864.8612208400996416492@ietfa.amsl.com> <DM5PR0901MB237578DCF3767768F610B046ABCE0@DM5PR0901MB2375.namprd09.prod.outlook.com>
From: Dan Romascanu <dromasca@gmail.com>
Date: Thu, 22 Feb 2018 00:10:30 +0200
Message-ID: <CAFgnS4Xh-93ANP++N7k=R3Go4ZpfLCwmYH17oddGuLGCXoevsg@mail.gmail.com>
To: "Schmidt, Charles M." <cmschmidt@mitre.org>
Cc: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-sacm-nea-swima-patnc.all@ietf.org" <draft-ietf-sacm-nea-swima-patnc.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c06df8c0bebed0565c03251"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/U-Qo7vBcG0eDs8x9Sqa4D4PJssY>
Subject: Re: [sacm] Genart telechat review of draft-ietf-sacm-nea-swima-patnc-02
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 22:10:45 -0000

Hi Charles,

Thank you for your response and for addressing my comments. I feel that
they are largely addressed by your proposed resolution. See also in-line.

Regards,

Dan


On Wed, Feb 21, 2018 at 10:50 PM, Schmidt, Charles M. <cmschmidt@mitre.org>
wrote:

> Hello,
>
> Thanks a bunch for the comments. I'm glad that you feel that it looks like
> a solid contribution.
>
> With regard to your feedback, I have developed wording to address both
> your major concerns and wanted to run it by you:
>
> ---
> With regard to the lack of mention of SACM, I agree that it was an
> oversight not to mention it in the Relationship to Other Standards section.
> I propose adding the following paragraph at the end of that section:
>
> "The NEA architecture is intended to support a broad range of activities
> and, as such, might be employed by other specifications. For example,
> requirement T-001 in the SACM Requirements document (RFC 8248) notes that
> NEA can support data collection from endpoints within the broader SACM
> architecture. (Other parts of the NEA architecture, which SWIMA uses, meet
> the other SACM data transport requirements.) In the SACM architecture, a
> SWIMA-PV corresponds to a “SACM Collector” and a SWIMA-PC is a “SACM
> Internal Collector”. In the SACM architecture, the SWIMA specification can
> support activities relating to software inventory collection. Specifically,
> SWIMA supports the SACM “Endpoint Posture Attribute Value Collection” use
> case (section 2.1.3 or RFC 7632) by describing a collection mechanism that
> enables event driven, scheduled, and ad-hoc data collection of software
> inventory information. SWIMA’s flexibility with regard to the format of
> inventory data records means that it is compatible with virtually any data
> format that implements SACM’s “Define, Publish, Query, and Retrieve
> Security Automation Data” (section 2.1.1 in RFC 7632). This is just one
> example of how SWIMA can support broader security solution standards. Note
> that, while SWIMA can support these SACM use cases, SWIMA has no
> dependencies upon the SACM architecture or any other context in which NEA
> might reasonably be applied."
>


This looks good. I would also suggest to add a sentence or paragraph
describing for short the relationship to SACM in the Introduction. As this
is a SACM WG document, some readers would probably expect to see this
relationship mentioned earlier than in Section 9.



>
> I believe this addresses most of the specific points you wanted to
> include. I did not include a terminology mapping to "evidence record" and
> "software identifier" because the SACM Terminology definition of
> "attribute" is not internally consistent: it states "Attribute - Is a data
> element, as defined in [RFC5209], that is
> atomic" and "equivalent to attribute-value-pairs". However, RFC 5209 (NEA)
> attributes are not atomic in nature, and will consist of many name-value
> pairs. (I'll send a separate comment to the SACM list regarding this.) As
> such, I'm not sure the terminology draft has a good parallel at this time
> and I stuck to the clearer mappings.
>

I understand your point. Please continue the discussion with the SACM
terminology authors to try to reach consistency.




>
> -----
>
> With regard to firmware and OS information, I added the following to the
> introduction:
>
> " Note that while this specification focuses on “software inventory”, the
> mechanisms it describes could also be used to convey information about
> firmware and operating systems associated with an endpoint. The focus on
> software throughout this document should not be read as excluding the use
> of SWIMA for these other purposes."
>
>
Fine - this is exactly what I was looking for.


> ---------
>
> Do these additions adequately address your concerns?
>
> Finally, with regard to the following question:
>
> > 2. Section 3.3
> > '   In the case that it is possible to do so, the SWIMA-PC SHOULD send
> >    its SWIMA Response attribute to the SWIMA-PV that requested it using
> >    exclusive delivery ...'
> > Assuming that 'it is possible to do so' means support for the mechanism,
> why
> > is this a SHOULD, and not a MUST?
>
> In the NEA specification, the EXCL flag is only a recommendation to the
> Posture Broker Server/Client, and the recipient of a message with the flag
> set only "SHOULD" deliver it to a single party. (I realize that, in
> retrospect, my assertion that exclusive delivery "ensures" a behavior is
> incorrect and will fix that.) As such, saying that implementations MUST set
> a flag that only SHOULD be obeyed seems to be of questionable use,
> especially given that the specification clearly describes what to do if
> messages are not exclusively delivered.
>
> Let me know if you disagree - I don't feel too strongly about this, but
> wanted to explain my thoughts.
>

Makes sense.


>
> ----
>
> Thanks again for the comments.
>
> Charles
>
> > -----Original Message-----
> > From: Dan Romascanu [mailto:dromasca@gmail.com]
> > Sent: Sunday, February 18, 2018 1:05 PM
> > To: gen-art@ietf.org
> > Cc: draft-ietf-sacm-nea-swima-patnc.all@ietf.org; ietf@ietf.org;
> > sacm@ietf.org; dromasca@gmail.com
> > Subject: Genart telechat review of draft-ietf-sacm-nea-swima-patnc-02
> >
> > Reviewer: Dan Romascanu
> > Review result: Almost Ready
> >
> > I am the assigned Gen-ART reviewer for this draft. The General Area
> > Review Team (Gen-ART) reviews all IETF documents being processed
> > by the IESG for the IETF Chair. Please wait for direction from your
> > document shepherd or AD before posting a new version of the draft.
> >
> > For more information, please see the FAQ at
> >
> > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> >
> > Document: draft-ietf-sacm-nea-swima-patnc-02
> > Reviewer: Dan Romascanu
> > Review Date: 2018-02-18
> > IETF LC End Date: 2018-02-21
> > IESG Telechat date: 2018-02-22
> >
> > Summary:
> >
> > This is a solid and detailed specification, which extends PA-TNS with
> specific
> > attributes and message exchanges to allow endpoints to report their
> > installed
> > software inventory information to a NEA server. It is Almost Ready from a
> > Gen-ART point of view, but there are some problems that I recommend to
> > be
> > addressed before approval. The major problem is related to the complete
> > lack of
> > information about how this specification fits into SACM, which SACM
> > requirements are addressed, how terminologies are made consistent and
> > how
> > entities are mapped.
> >
> > Major issues:
> >
> > 1. The document is labeled as a SACM document, but the text never
> explains
> > the
> > connection with the SACM work, or the relation with the SACM architecture
> > and
> > framework. There is no reference to SACM documents either. Section 9
> > 'Relationship with other specifications' does not mention SACM either.
> >
> > At a minimum, I believe that the document should:
> > - relate to the use cases of SACM - RFC 7632 (it does this for NEA, but
> this is
> > not sufficient for a SACM document) - ensure consistency, refer to the
> > terminology of SACM (draft-ietf-sacm-terminology), and provide a mapping
> > between the terms and entities defined in this document (e.g. SWIMA-PC,
> > SWIMA-PV, Evidence Record, Software Identifier) and the SACM
> > terminology -
> > explain how the message exchanges fit in a SACM solution to meet the
> > requirements defined by RFC 8248. As an example, RFC 5792 has a detailed
> > appendix that evaluates the specifications against the requirements in
> RFC
> > 5209
> > (NEA requirements).
> >
> > 2. The charter item that this WG falls under reads:
> >
> > '- Define an extension of IETF NEA [https://ietf.org/wg/
> concluded/nea.html]
> > to
> > collect and deliver information about firmware, operating systems, and
> > software
> > installed on an endpoint.'
> >
> > The document covers in detail software inventory, but is mute about
> > firmware
> > and operating systems. Arguably these two would fall under a broad
> > interpretation of 'software' but it would be better - at least - to
> provide an
> > explanation about these being covered and how, if not specific attributes
> > related to the types of software specified in the charter.
> >
> > Minor issues:
> >
> > 1.Section 2.3:
> >
> > I believe that the 'Interoperable' requirement is trivial and
> unnecessary in
> > the text of a Standards-Track document.
> >
> > '   Interoperable:  This specification defines the protocol for how PCs
> >       and PVs can exchange and use software information to provide a NEA
> >       Server with information about an endpoint’s software inventory.
> >       Therefore, a key goal for this specification is ensuring that all
> >       SWIMA PCs and PVs, regardless of the vendor who created them, are
> >       able to interoperate in their performance of these duties.'
> >
> > Interoperability is the obvious goal of any IETF standards-track
> document.
> > There is no need to repeat such an obvious statement.
> >
> > 2. Section 3.3
> >
> > '   In the case that it is possible to do so, the SWIMA-PC SHOULD send
> >    its SWIMA Response attribute to the SWIMA-PV that requested it using
> >    exclusive delivery ...'
> >
> > Assuming that 'it is possible to do so' means support for the mechanism,
> why
> > is
> > this a SHOULD, and not a MUST?
> >
> > Nits/editorial comments:
> >
> > 1. The Abstract section - quotation marks are open around the first
> > document
> > name and never closed.
> >
> >
>
>

v2.23.0 | Report a Bug | By Email