Re: [sacm] Genart telechat review of draft-ietf-sacm-nea-swima-patnc-02
Dan Romascanu <dromasca@gmail.com> Wed, 21 February 2018 22:10 UTC
Return-Path: <dromasca@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 503EB12DA69; Wed, 21 Feb 2018 14:10:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 725ks4kU495z; Wed, 21 Feb 2018 14:10:42 -0800 (PST)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D68F12E8A4; Wed, 21 Feb 2018 14:10:32 -0800 (PST)
Received: by mail-qk0-x229.google.com with SMTP id s188so4064051qkb.2; Wed, 21 Feb 2018 14:10:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=o7DjuDZZPX4JsHQ5f+dyb9iIUvs+qYHD+A2cakrqm8I=; b=eM9RQjYgKvIOYgrK9EDo9eSCeJvu8yo7NOqPZIYZnzHVC/74o2GHv3N5IcVAtbn6fO HBaFSYo0sXadorIjLDmJCF57jeVDi+rE2fyLBWH57fN52kj5a5ZM/tF2r8ZKLHvs+AGa huNHokQXsc7BVMbmD3JXpWjIK5Ena3AWAh+JU+bCBiq1XTLsqz2Qf1aUWgT6SlbT4Km8 /CgniBHpC1pR5hS6YV4z/fEw7GLAfrvhXNYIc2w4LlnswhaingsIu9VRHyPvkPny908l MY6MxMxjZ+Zfcp94JYyQY3jhhNbuXHRFDeptuhm3eVx3JeQMJi7oNyfoEGRpbdpjMWsm /Qgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=o7DjuDZZPX4JsHQ5f+dyb9iIUvs+qYHD+A2cakrqm8I=; b=uX5ogvlwGyK2WWZObBAuMoVsFMhM/TJK7Qc5FSYuNEnbdW4KtRVxaGzk1ORMYP7G/L OFbl2PmEE7cK2fRuKSq4+A0i27F2TrZY35MOY+5bRCfDVA+4p7t4m41n40ZdecP7XhX+ cA9vceOSXkbDeYHgJLwSLFbz8o3R0vBUNQHMBrzIY7ign4gkDh06Pq2m2npVrS84efco oPK6xGY088vFknQ/iCXAmg0Jp3KzGidpvyc/Tjt33gImSFqr5uT4ZCJMvASIPKSY/eC1 0PIcPJwmghklIUVBTWNx2IkTSdDwOow2SmWY4ZdgoCgp7DfDMqPQR48+BP1LayPkDs1g 8YlQ==
X-Gm-Message-State: APf1xPAeJGg7FEOhw5EnxH+XNb0aB83vBWgZLPPkP6ml+zwOZLaRH4fs Ne+KTqhC42JgVT9St2oZteJukWF+h1VTJNngq9M=
X-Google-Smtp-Source: AG47ELv4fppaj5ang8HFICIcvLxhTfiTx5sAuc/jXMGD0Pk2u4OTFPSggaftGfSLuMVfFHvqLUINKG3klTyJa5CGfGQ=
X-Received: by 10.55.163.8 with SMTP id m8mr7682593qke.13.1519251031319; Wed, 21 Feb 2018 14:10:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.23.200 with HTTP; Wed, 21 Feb 2018 14:10:30 -0800 (PST)
In-Reply-To: <DM5PR0901MB237578DCF3767768F610B046ABCE0@DM5PR0901MB2375.namprd09.prod.outlook.com>
References: <151898069815.27864.8612208400996416492@ietfa.amsl.com> <DM5PR0901MB237578DCF3767768F610B046ABCE0@DM5PR0901MB2375.namprd09.prod.outlook.com>
From: Dan Romascanu <dromasca@gmail.com>
Date: Thu, 22 Feb 2018 00:10:30 +0200
Message-ID: <CAFgnS4Xh-93ANP++N7k=R3Go4ZpfLCwmYH17oddGuLGCXoevsg@mail.gmail.com>
To: "Schmidt, Charles M." <cmschmidt@mitre.org>
Cc: "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-sacm-nea-swima-patnc.all@ietf.org" <draft-ietf-sacm-nea-swima-patnc.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c06df8c0bebed0565c03251"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/U-Qo7vBcG0eDs8x9Sqa4D4PJssY>
Subject: Re: [sacm] Genart telechat review of draft-ietf-sacm-nea-swima-patnc-02
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 22:10:45 -0000
Hi Charles, Thank you for your response and for addressing my comments. I feel that they are largely addressed by your proposed resolution. See also in-line. Regards, Dan On Wed, Feb 21, 2018 at 10:50 PM, Schmidt, Charles M. <cmschmidt@mitre.org> wrote: > Hello, > > Thanks a bunch for the comments. I'm glad that you feel that it looks like > a solid contribution. > > With regard to your feedback, I have developed wording to address both > your major concerns and wanted to run it by you: > > --- > With regard to the lack of mention of SACM, I agree that it was an > oversight not to mention it in the Relationship to Other Standards section. > I propose adding the following paragraph at the end of that section: > > "The NEA architecture is intended to support a broad range of activities > and, as such, might be employed by other specifications. For example, > requirement T-001 in the SACM Requirements document (RFC 8248) notes that > NEA can support data collection from endpoints within the broader SACM > architecture. (Other parts of the NEA architecture, which SWIMA uses, meet > the other SACM data transport requirements.) In the SACM architecture, a > SWIMA-PV corresponds to a “SACM Collector” and a SWIMA-PC is a “SACM > Internal Collector”. In the SACM architecture, the SWIMA specification can > support activities relating to software inventory collection. Specifically, > SWIMA supports the SACM “Endpoint Posture Attribute Value Collection” use > case (section 2.1.3 or RFC 7632) by describing a collection mechanism that > enables event driven, scheduled, and ad-hoc data collection of software > inventory information. SWIMA’s flexibility with regard to the format of > inventory data records means that it is compatible with virtually any data > format that implements SACM’s “Define, Publish, Query, and Retrieve > Security Automation Data” (section 2.1.1 in RFC 7632). This is just one > example of how SWIMA can support broader security solution standards. Note > that, while SWIMA can support these SACM use cases, SWIMA has no > dependencies upon the SACM architecture or any other context in which NEA > might reasonably be applied." > This looks good. I would also suggest to add a sentence or paragraph describing for short the relationship to SACM in the Introduction. As this is a SACM WG document, some readers would probably expect to see this relationship mentioned earlier than in Section 9. > > I believe this addresses most of the specific points you wanted to > include. I did not include a terminology mapping to "evidence record" and > "software identifier" because the SACM Terminology definition of > "attribute" is not internally consistent: it states "Attribute - Is a data > element, as defined in [RFC5209], that is > atomic" and "equivalent to attribute-value-pairs". However, RFC 5209 (NEA) > attributes are not atomic in nature, and will consist of many name-value > pairs. (I'll send a separate comment to the SACM list regarding this.) As > such, I'm not sure the terminology draft has a good parallel at this time > and I stuck to the clearer mappings. > I understand your point. Please continue the discussion with the SACM terminology authors to try to reach consistency. > > ----- > > With regard to firmware and OS information, I added the following to the > introduction: > > " Note that while this specification focuses on “software inventory”, the > mechanisms it describes could also be used to convey information about > firmware and operating systems associated with an endpoint. The focus on > software throughout this document should not be read as excluding the use > of SWIMA for these other purposes." > > Fine - this is exactly what I was looking for. > --------- > > Do these additions adequately address your concerns? > > Finally, with regard to the following question: > > > 2. Section 3.3 > > ' In the case that it is possible to do so, the SWIMA-PC SHOULD send > > its SWIMA Response attribute to the SWIMA-PV that requested it using > > exclusive delivery ...' > > Assuming that 'it is possible to do so' means support for the mechanism, > why > > is this a SHOULD, and not a MUST? > > In the NEA specification, the EXCL flag is only a recommendation to the > Posture Broker Server/Client, and the recipient of a message with the flag > set only "SHOULD" deliver it to a single party. (I realize that, in > retrospect, my assertion that exclusive delivery "ensures" a behavior is > incorrect and will fix that.) As such, saying that implementations MUST set > a flag that only SHOULD be obeyed seems to be of questionable use, > especially given that the specification clearly describes what to do if > messages are not exclusively delivered. > > Let me know if you disagree - I don't feel too strongly about this, but > wanted to explain my thoughts. > Makes sense. > > ---- > > Thanks again for the comments. > > Charles > > > -----Original Message----- > > From: Dan Romascanu [mailto:dromasca@gmail.com] > > Sent: Sunday, February 18, 2018 1:05 PM > > To: gen-art@ietf.org > > Cc: draft-ietf-sacm-nea-swima-patnc.all@ietf.org; ietf@ietf.org; > > sacm@ietf.org; dromasca@gmail.com > > Subject: Genart telechat review of draft-ietf-sacm-nea-swima-patnc-02 > > > > Reviewer: Dan Romascanu > > Review result: Almost Ready > > > > I am the assigned Gen-ART reviewer for this draft. The General Area > > Review Team (Gen-ART) reviews all IETF documents being processed > > by the IESG for the IETF Chair. Please wait for direction from your > > document shepherd or AD before posting a new version of the draft. > > > > For more information, please see the FAQ at > > > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > > > Document: draft-ietf-sacm-nea-swima-patnc-02 > > Reviewer: Dan Romascanu > > Review Date: 2018-02-18 > > IETF LC End Date: 2018-02-21 > > IESG Telechat date: 2018-02-22 > > > > Summary: > > > > This is a solid and detailed specification, which extends PA-TNS with > specific > > attributes and message exchanges to allow endpoints to report their > > installed > > software inventory information to a NEA server. It is Almost Ready from a > > Gen-ART point of view, but there are some problems that I recommend to > > be > > addressed before approval. The major problem is related to the complete > > lack of > > information about how this specification fits into SACM, which SACM > > requirements are addressed, how terminologies are made consistent and > > how > > entities are mapped. > > > > Major issues: > > > > 1. The document is labeled as a SACM document, but the text never > explains > > the > > connection with the SACM work, or the relation with the SACM architecture > > and > > framework. There is no reference to SACM documents either. Section 9 > > 'Relationship with other specifications' does not mention SACM either. > > > > At a minimum, I believe that the document should: > > - relate to the use cases of SACM - RFC 7632 (it does this for NEA, but > this is > > not sufficient for a SACM document) - ensure consistency, refer to the > > terminology of SACM (draft-ietf-sacm-terminology), and provide a mapping > > between the terms and entities defined in this document (e.g. SWIMA-PC, > > SWIMA-PV, Evidence Record, Software Identifier) and the SACM > > terminology - > > explain how the message exchanges fit in a SACM solution to meet the > > requirements defined by RFC 8248. As an example, RFC 5792 has a detailed > > appendix that evaluates the specifications against the requirements in > RFC > > 5209 > > (NEA requirements). > > > > 2. The charter item that this WG falls under reads: > > > > '- Define an extension of IETF NEA [https://ietf.org/wg/ > concluded/nea.html] > > to > > collect and deliver information about firmware, operating systems, and > > software > > installed on an endpoint.' > > > > The document covers in detail software inventory, but is mute about > > firmware > > and operating systems. Arguably these two would fall under a broad > > interpretation of 'software' but it would be better - at least - to > provide an > > explanation about these being covered and how, if not specific attributes > > related to the types of software specified in the charter. > > > > Minor issues: > > > > 1.Section 2.3: > > > > I believe that the 'Interoperable' requirement is trivial and > unnecessary in > > the text of a Standards-Track document. > > > > ' Interoperable: This specification defines the protocol for how PCs > > and PVs can exchange and use software information to provide a NEA > > Server with information about an endpoint’s software inventory. > > Therefore, a key goal for this specification is ensuring that all > > SWIMA PCs and PVs, regardless of the vendor who created them, are > > able to interoperate in their performance of these duties.' > > > > Interoperability is the obvious goal of any IETF standards-track > document. > > There is no need to repeat such an obvious statement. > > > > 2. Section 3.3 > > > > ' In the case that it is possible to do so, the SWIMA-PC SHOULD send > > its SWIMA Response attribute to the SWIMA-PV that requested it using > > exclusive delivery ...' > > > > Assuming that 'it is possible to do so' means support for the mechanism, > why > > is > > this a SHOULD, and not a MUST? > > > > Nits/editorial comments: > > > > 1. The Abstract section - quotation marks are open around the first > > document > > name and never closed. > > > > > >
- [sacm] Genart telechat review of draft-ietf-sacm-… Dan Romascanu
- Re: [sacm] Genart telechat review of draft-ietf-s… Schmidt, Charles M.
- Re: [sacm] Genart telechat review of draft-ietf-s… Dan Romascanu
- Re: [sacm] Genart telechat review of draft-ietf-s… Schmidt, Charles M.
- Re: [sacm] [Gen-art] Genart telechat review of dr… Alissa Cooper
- Re: [sacm] Genart telechat review of draft-ietf-s… Dan Romascanu
- Re: [sacm] Genart telechat review of draft-ietf-s… Kathleen Moriarty
- Re: [sacm] Genart telechat review of draft-ietf-s… Schmidt, Charles M.
- Re: [sacm] Genart telechat review of draft-ietf-s… Benjamin Kaduk
- Re: [sacm] Genart telechat review of draft-ietf-s… Schmidt, Charles M.
- Re: [sacm] Genart telechat review of draft-ietf-s… Benjamin Kaduk
- Re: [sacm] Genart telechat review of draft-ietf-s… Kathleen Moriarty
- Re: [sacm] Genart telechat review of draft-ietf-s… Schmidt, Charles M.