IETF Logo Mail Archive

Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document

Gunnar Engelbach <gunnar.engelbach@threatguard.com> Tue, 21 June 2016 14:57 UTC

Return-Path: <gunnar.engelbach@threatguard.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C5A212D82F for <sacm@ietfa.amsl.com>; Tue, 21 Jun 2016 07:57:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=threatguard-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNqCeZeKOVBo for <sacm@ietfa.amsl.com>; Tue, 21 Jun 2016 07:57:34 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 355A312D873 for <sacm@ietf.org>; Tue, 21 Jun 2016 07:57:34 -0700 (PDT)
Received: by mail-pa0-x22e.google.com with SMTP id bz2so7096877pad.1 for <sacm@ietf.org>; Tue, 21 Jun 2016 07:57:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=threatguard-com.20150623.gappssmtp.com; s=20150623; h=from:subject:to:references:cc:message-id:date:user-agent :mime-version:in-reply-to; bh=r5pC3e65XdaonYNwVn7DtyoYwmfC5Uqw8kleJRE3yPQ=; b=KhAMsd0QZFq6iF7lmM1QyCNLIpaljrRlGcYq00a+57g9ognWqvU/qDkjbV+ATZ+cb2 ZA3O4ypheRxoCwrxTPOLAigDOTpxj1Zg1u2qK3/Doapw1cfV1MkrBc9RVN0vHcygr5aI /gU0Mvi9Gvq3BoYEGu321Dx9UjmyiRzGuqxRgUmEwl0LL2ql2qwxiSR1EZyGJFjJ+w3C syyoOc2eWYMWWdXy48Y3iLTWO7rSbF7gTM3JPefrSmRbZWWxlWhqzpdlg0JbLxCwSg0f Ab8xz6+Vd7YhlXpcSAjD1OMckOj//AY8dnzvocLjDwA9U7RIn+r+0vsvg8Ly1QoK3uAo cEvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:references:cc:message-id:date :user-agent:mime-version:in-reply-to; bh=r5pC3e65XdaonYNwVn7DtyoYwmfC5Uqw8kleJRE3yPQ=; b=G0tetzxLn9UheKz4Rj0keOViJdKUtAExRYadEgjroVq47J+3AYRa+IhBzcO8JNTPxA Tkriv7nxSRzop5WAdgGYy60SmQNma4yEfv+aoMeGAZg/oFIh95sW9qRv1FIyj8Qb9TW9 P+7hFt8b/Ww0jqGLTlb1S5lJ3JkLncvDrun01TcrTh8f3w0OO2Up68MEJLu1X6rU90Za nfItnM92Sl2aMFVwzKiiqecOJb/0Nndls2foh+tmbRKA96A+leFWsfJs1Z3TwtCG2Xhc cFTsJu8EO69v5UtHKQcnSKqNajqzDaOA/M8ReKl1NjUBoXPFiP/kTIFjZFf/pHuwX8cI 1ADw==
X-Gm-Message-State: ALyK8tLn3A4igrSGyMHGjosc4v0i5hIeaytjNMvEe1v1WfOYaastR267WVI8XyxX0J6Qhg==
X-Received: by 10.66.86.103 with SMTP id o7mr6818229paz.5.1466521053618; Tue, 21 Jun 2016 07:57:33 -0700 (PDT)
Received: from [172.16.1.122] (75-142-12-171.dhcp.mdfd.or.charter.com. [75.142.12.171]) by smtp.gmail.com with ESMTPSA id 75sm66279460pfy.32.2016.06.21.07.57.31 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 21 Jun 2016 07:57:32 -0700 (PDT)
From: Gunnar Engelbach <gunnar.engelbach@threatguard.com>
X-Google-Original-From: Gunnar Engelbach <Gunnar.Engelbach@ThreatGuard.com>
To: Adam Montville <adam.w.montville@gmail.com>
References: <17198AFF-DF5A-46BC-B84A-2AAF1717BD90@isoc.org> <EC234EFE-95AB-444B-8A5D-782ADBD60559@gmail.com> <1c99b26c-bdac-5798-1bd9-e957b11ae4bd@yaanatech.com> <db612b00-c11a-88c1-45da-35e0693305e9@ThreatGuard.com> <6062111F-9C39-4C7C-B008-F7E23FED40DE@gmail.com> <9904FB1B0159DA42B0B887B7FA8119CA7520D40F@AZ-FFEXMB04.global.avaya.com> <E79698DE-B183-4AE1-8F6C-08744E8BFFDF@gmail.com> <94680da4-b547-6ee8-2510-ea10eb1e02ff@ThreatGuard.com> <1A88355D-CF3B-40B5-A219-094137ABB2B6@gmail.com>
Message-ID: <b3b4e41b-6a15-dfa4-9474-a3a74deeb5a0@ThreatGuard.com>
Date: Tue, 21 Jun 2016 07:57:49 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <1A88355D-CF3B-40B5-A219-094137ABB2B6@gmail.com>
Content-Type: multipart/alternative; boundary="------------171C1387B37606675D4F8F30"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/WSQv9eoMLuKU9DIHgnpLc3vbK3Q>
Cc: "Dan (Dan) Romascanu" <dromasca@avaya.com>, "<sacm@ietf.org>" <sacm@ietf.org>, "tony@yaanatech.com" <tony@yaanatech.com>
Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jun 2016 14:57:38 -0000

Nah.

The conversation recently about software tags has been about translating 
the various software tags into a common data model where that data model 
is, preferably, one of the existing software tags.

But that would mean having a data model for endpoint attributes and a 
separate data model for software tags.  As long as the tag information 
is going to be translated I don't see why it should use a data model 
that is different than that used for other endpoint attributes.


--gun



On 6/20/2016 4:49 PM, Adam Montville wrote:
> Hi Gun,
>
> I’m going to go out on a limb and say I’m not tracking.  Are you 
> referring to Mike’s inquiry about data formats?  If so, I’m not sure 
> that thread is talking about data models as much as it is talking 
> about specific formats (i.e. JSON, XML, CBOR, etc.).
>
> I agree with you that software identify information is “just a set of 
> endpoint attributes”, but I’m not sure that we’re treating it any 
> differently.  Can you explain?
>
> Adam
>
>
>> On Jun 18, 2016, at 12:06 PM, Gunnar Engelbach 
>> <gunnar.engelbach@threatguard.com 
>> <mailto:gunnar.engelbach@threatguard.com>> wrote:
>>
>>
>> While we're on the topic,
>>
>> There is an effort in progress to determine a data model for SACM 
>> endpoint collection.  Software identity information is just a set of 
>> endpoint attributes.  So is there a reason why software identity is 
>> treated differently?
>>
>>
>> --gun
>>
>>
>> On 6/18/2016 5:38 AM, Adam Montville wrote:
>>> Hi.  Because we would like to move our requirements through IESG, I 
>>> would like to drive this to ground. There are three things that 
>>> we’re talking about doing when it comes to selecting a data model 
>>> for software identification:
>>>
>>> 1) Extensibility
>>> 2) Accessibility (not cost prohibitive)
>>> 3) Completeness
>>>
>>> There is a data model requirement for (1) - DM-014 Attribute 
>>> Extensibility.  There does not seem to be a requirement for 
>>> accessibility (2) or completeness (3).
>>>
>>> My question is this: Do we need such requirements?
>>>
>>> I would assert that we do not.  Accessibility is something that we 
>>> will always judge by virtue of the fact that we operate within the 
>>> culture of the IETF.  Completeness is not something we need to put 
>>> into the requirements draft by virtue of DM-002 Data Model 
>>> Structure, which indicates that a data model can be structured 
>>> monolithically or composed of modules/sub-modules—this seems to 
>>> imply that we could be ok with “completeness” potentially coming 
>>> from more than one place.
>>>
>>> Thoughts?
>>>
>>> Adam
>>>
>>>
>>>> On Jun 13, 2016, at 9:12 AM, Romascanu, Dan (Dan) 
>>>> <dromasca@avaya.com <mailto:dromasca@avaya.com>> wrote:
>>>>
>>>> Re: Requirements – is this not 
>>>> whathttps://datatracker.ietf.org/doc/draft-ietf-sacm-requirements/is 
>>>> about? Maybe it needs an update.
>>>> Regards,
>>>> Dan
>>>> *From:*sacm [mailto:sacm-bounces@ietf.org]*On Behalf Of*Adam Montville
>>>> *Sent:*Friday, June 10, 2016 2:25 PM
>>>> *To:*Gunnar Engelbach
>>>> *Cc:*<sacm@ietf.org>;tony@yaanatech.com
>>>> *Subject:*Re: [sacm] Call for adoption of 
>>>> draft-coffin-sacm-nea-swid-patnc as a SACM WG document
>>>> This seems like a fine approach.
>>>> As part of that third item, I’d like to get requirements from our 
>>>> own drafts as well, starting perhaps with the vulnerability 
>>>> scenario, but also considering our requirements and other drafts.
>>>>
>>>>     On Jun 9, 2016, at 7:44 PM, Gunnar Engelbach
>>>>     <gunnar.engelbach@threatguard.com> wrote:
>>>>
>>>>
>>>>
>>>>     Hey Tony, funny thing that you should say that.  You seem to
>>>>     have a better awareness of the other efforts going on out there
>>>>     than I do, so I could use your help in identifying other good
>>>>     candidates and what will be necessary to support as many of
>>>>     them as possible.
>>>>
>>>>     What I'd really like to do is take a more formal approach --
>>>>     gather some requirements and then see from among the existing
>>>>     efforts which is the best from among those that are good
>>>>     enough.  If any.
>>>>
>>>>     But first is a matter of setting the requirements. Stated
>>>>     generally, I really only have three:
>>>>
>>>>       1)  Is extensible -- as a fork outside of the current owner,
>>>>     if necessary, to be sure it continues to meet SACM needs
>>>>     without relying on the good graces of the current owner
>>>>
>>>>       2)  Readily accessible (eg., spec is not cost prohibitive for
>>>>     any users)
>>>>
>>>>       3)  The most complete (that is, closest to being able to
>>>>     represent the other tag types without loss of data or
>>>>     shoe-horning data into fields that weren't really meant for
>>>>     that type of data)
>>>>
>>>>
>>>>     I'm sure Charles, et al, will have other requirements, so feel
>>>>     free to chime in. However, I think the simpler and more
>>>>     informal we can keep this list the quicker we can grind through it.
>>>>
>>>>
>>>>     --gun
>>>>
>>>>
>>>>
>>>>     On 6/9/2016 2:33 PM, Tony Rutkowski wrote:
>>>>
>>>>         Hi Adam,
>>>>
>>>>         A good solution.  Charles and Gunnar should also engage
>>>>         in some proactive outreach. Simply stating that "no other
>>>>         solutions to the problem of software identification have
>>>>         been submitted" is preposterous when there are so many
>>>>         out there.  IMHO, one of the long-standing problems with
>>>>         SACM is its institutional and participatory insularity in an
>>>>         arena where so many almost identical activities are occurring
>>>>         in other venues where there is far greater industry
>>>>         participation.
>>>>         Ignoring them diminishes the value of whatever SACM
>>>>         accomplishes.
>>>>
>>>>         --tony
>>>>
>>>>         On 2016-06-09 3:47 PM, Adam Montville wrote:
>>>>
>>>>             All:
>>>>             After several on-list discussions, the last virtual
>>>>             interim, and the discussions surrounding this call for
>>>>             adoption, the chairs acknowledge that there are some
>>>>             key concerns with this draft, but also see that there
>>>>             is rough consensus for adoption.  We additionally note
>>>>             that no other solutions to the problem of software
>>>>             identification have been submitted to the working group
>>>>             [1].
>>>>             Because the topic of software identification, and SWID
>>>>             in particular, appears to be a contentious one, we are
>>>>             designating Charles Schmidt and Gunnar Engelbach as
>>>>             editors of the working group draft [2].  We believe
>>>>             that Charles and Gunnar will bring the necessary
>>>>             balance to this draft, so that the key concerns are
>>>>             sufficiently addressed.
>>>>             Kind regards,
>>>>             Adam & Karen
>>>>             [1] This draft adoption does not preclude future
>>>>             alternative submissions
>>>>             [2] Note that original authors will remain authors, but
>>>>             Charles and Gunnar will hold the pen.
>>>>
>>>>                 On May 17, 2016, at 11:21 AM, Karen O'Donoghue
>>>>                 <odonoghue@isoc.org> wrote:
>>>>                 Folks,
>>>>                 As discussed during our last couple of meetings,
>>>>                 this is the official call for adoption of
>>>>                 https://datatracker.ietf.org/doc/draft-coffin-sacm-nea-swid-patnc/ as
>>>>                 a SACM working group document.
>>>>                 Please reply with any comments or concerns along
>>>>                 your support of this action to the mailing list.
>>>>                 Thanks,
>>>>                 Karen and Adam
>>>>                 _______________________________________________
>>>>                 sacm mailing list
>>>>                 sacm@ietf.org <mailto:sacm@ietf.org>
>>>>                 https://www.ietf.org/mailman/listinfo/sacm
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>             _______________________________________________
>>>>
>>>>             sacm mailing list
>>>>
>>>>             sacm@ietf.org <mailto:sacm@ietf.org>
>>>>
>>>>             https://www.ietf.org/mailman/listinfo/sacm
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>         _______________________________________________
>>>>
>>>>         sacm mailing list
>>>>
>>>>         sacm@ietf.org <mailto:sacm@ietf.org>
>>>>
>>>>         https://www.ietf.org/mailman/listinfo/sacm
>>>>
>>>> _______________________________________________
>>>> sacm mailing list
>>>> sacm@ietf.org <mailto:sacm@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/sacm
>>>
>>
>

v2.23.0 | Report a Bug | By Email