Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
Gunnar Engelbach <gunnar.engelbach@threatguard.com> Tue, 21 June 2016 14:57 UTC
Return-Path: <gunnar.engelbach@threatguard.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C5A212D82F for <sacm@ietfa.amsl.com>; Tue, 21 Jun 2016 07:57:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=threatguard-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNqCeZeKOVBo for <sacm@ietfa.amsl.com>; Tue, 21 Jun 2016 07:57:34 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 355A312D873 for <sacm@ietf.org>; Tue, 21 Jun 2016 07:57:34 -0700 (PDT)
Received: by mail-pa0-x22e.google.com with SMTP id bz2so7096877pad.1 for <sacm@ietf.org>; Tue, 21 Jun 2016 07:57:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=threatguard-com.20150623.gappssmtp.com; s=20150623; h=from:subject:to:references:cc:message-id:date:user-agent :mime-version:in-reply-to; bh=r5pC3e65XdaonYNwVn7DtyoYwmfC5Uqw8kleJRE3yPQ=; b=KhAMsd0QZFq6iF7lmM1QyCNLIpaljrRlGcYq00a+57g9ognWqvU/qDkjbV+ATZ+cb2 ZA3O4ypheRxoCwrxTPOLAigDOTpxj1Zg1u2qK3/Doapw1cfV1MkrBc9RVN0vHcygr5aI /gU0Mvi9Gvq3BoYEGu321Dx9UjmyiRzGuqxRgUmEwl0LL2ql2qwxiSR1EZyGJFjJ+w3C syyoOc2eWYMWWdXy48Y3iLTWO7rSbF7gTM3JPefrSmRbZWWxlWhqzpdlg0JbLxCwSg0f Ab8xz6+Vd7YhlXpcSAjD1OMckOj//AY8dnzvocLjDwA9U7RIn+r+0vsvg8Ly1QoK3uAo cEvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:references:cc:message-id:date :user-agent:mime-version:in-reply-to; bh=r5pC3e65XdaonYNwVn7DtyoYwmfC5Uqw8kleJRE3yPQ=; b=G0tetzxLn9UheKz4Rj0keOViJdKUtAExRYadEgjroVq47J+3AYRa+IhBzcO8JNTPxA Tkriv7nxSRzop5WAdgGYy60SmQNma4yEfv+aoMeGAZg/oFIh95sW9qRv1FIyj8Qb9TW9 P+7hFt8b/Ww0jqGLTlb1S5lJ3JkLncvDrun01TcrTh8f3w0OO2Up68MEJLu1X6rU90Za nfItnM92Sl2aMFVwzKiiqecOJb/0Nndls2foh+tmbRKA96A+leFWsfJs1Z3TwtCG2Xhc cFTsJu8EO69v5UtHKQcnSKqNajqzDaOA/M8ReKl1NjUBoXPFiP/kTIFjZFf/pHuwX8cI 1ADw==
X-Gm-Message-State: ALyK8tLn3A4igrSGyMHGjosc4v0i5hIeaytjNMvEe1v1WfOYaastR267WVI8XyxX0J6Qhg==
X-Received: by 10.66.86.103 with SMTP id o7mr6818229paz.5.1466521053618; Tue, 21 Jun 2016 07:57:33 -0700 (PDT)
Received: from [172.16.1.122] (75-142-12-171.dhcp.mdfd.or.charter.com. [75.142.12.171]) by smtp.gmail.com with ESMTPSA id 75sm66279460pfy.32.2016.06.21.07.57.31 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 21 Jun 2016 07:57:32 -0700 (PDT)
From: Gunnar Engelbach <gunnar.engelbach@threatguard.com>
X-Google-Original-From: Gunnar Engelbach <Gunnar.Engelbach@ThreatGuard.com>
To: Adam Montville <adam.w.montville@gmail.com>
References: <17198AFF-DF5A-46BC-B84A-2AAF1717BD90@isoc.org> <EC234EFE-95AB-444B-8A5D-782ADBD60559@gmail.com> <1c99b26c-bdac-5798-1bd9-e957b11ae4bd@yaanatech.com> <db612b00-c11a-88c1-45da-35e0693305e9@ThreatGuard.com> <6062111F-9C39-4C7C-B008-F7E23FED40DE@gmail.com> <9904FB1B0159DA42B0B887B7FA8119CA7520D40F@AZ-FFEXMB04.global.avaya.com> <E79698DE-B183-4AE1-8F6C-08744E8BFFDF@gmail.com> <94680da4-b547-6ee8-2510-ea10eb1e02ff@ThreatGuard.com> <1A88355D-CF3B-40B5-A219-094137ABB2B6@gmail.com>
Message-ID: <b3b4e41b-6a15-dfa4-9474-a3a74deeb5a0@ThreatGuard.com>
Date: Tue, 21 Jun 2016 07:57:49 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <1A88355D-CF3B-40B5-A219-094137ABB2B6@gmail.com>
Content-Type: multipart/alternative; boundary="------------171C1387B37606675D4F8F30"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/WSQv9eoMLuKU9DIHgnpLc3vbK3Q>
Cc: "Dan (Dan) Romascanu" <dromasca@avaya.com>, "<sacm@ietf.org>" <sacm@ietf.org>, "tony@yaanatech.com" <tony@yaanatech.com>
Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jun 2016 14:57:38 -0000
Nah. The conversation recently about software tags has been about translating the various software tags into a common data model where that data model is, preferably, one of the existing software tags. But that would mean having a data model for endpoint attributes and a separate data model for software tags. As long as the tag information is going to be translated I don't see why it should use a data model that is different than that used for other endpoint attributes. --gun On 6/20/2016 4:49 PM, Adam Montville wrote: > Hi Gun, > > I’m going to go out on a limb and say I’m not tracking. Are you > referring to Mike’s inquiry about data formats? If so, I’m not sure > that thread is talking about data models as much as it is talking > about specific formats (i.e. JSON, XML, CBOR, etc.). > > I agree with you that software identify information is “just a set of > endpoint attributes”, but I’m not sure that we’re treating it any > differently. Can you explain? > > Adam > > >> On Jun 18, 2016, at 12:06 PM, Gunnar Engelbach >> <gunnar.engelbach@threatguard.com >> <mailto:gunnar.engelbach@threatguard.com>> wrote: >> >> >> While we're on the topic, >> >> There is an effort in progress to determine a data model for SACM >> endpoint collection. Software identity information is just a set of >> endpoint attributes. So is there a reason why software identity is >> treated differently? >> >> >> --gun >> >> >> On 6/18/2016 5:38 AM, Adam Montville wrote: >>> Hi. Because we would like to move our requirements through IESG, I >>> would like to drive this to ground. There are three things that >>> we’re talking about doing when it comes to selecting a data model >>> for software identification: >>> >>> 1) Extensibility >>> 2) Accessibility (not cost prohibitive) >>> 3) Completeness >>> >>> There is a data model requirement for (1) - DM-014 Attribute >>> Extensibility. There does not seem to be a requirement for >>> accessibility (2) or completeness (3). >>> >>> My question is this: Do we need such requirements? >>> >>> I would assert that we do not. Accessibility is something that we >>> will always judge by virtue of the fact that we operate within the >>> culture of the IETF. Completeness is not something we need to put >>> into the requirements draft by virtue of DM-002 Data Model >>> Structure, which indicates that a data model can be structured >>> monolithically or composed of modules/sub-modules—this seems to >>> imply that we could be ok with “completeness” potentially coming >>> from more than one place. >>> >>> Thoughts? >>> >>> Adam >>> >>> >>>> On Jun 13, 2016, at 9:12 AM, Romascanu, Dan (Dan) >>>> <dromasca@avaya.com <mailto:dromasca@avaya.com>> wrote: >>>> >>>> Re: Requirements – is this not >>>> whathttps://datatracker.ietf.org/doc/draft-ietf-sacm-requirements/is >>>> about? Maybe it needs an update. >>>> Regards, >>>> Dan >>>> *From:*sacm [mailto:sacm-bounces@ietf.org]*On Behalf Of*Adam Montville >>>> *Sent:*Friday, June 10, 2016 2:25 PM >>>> *To:*Gunnar Engelbach >>>> *Cc:*<sacm@ietf.org>;tony@yaanatech.com >>>> *Subject:*Re: [sacm] Call for adoption of >>>> draft-coffin-sacm-nea-swid-patnc as a SACM WG document >>>> This seems like a fine approach. >>>> As part of that third item, I’d like to get requirements from our >>>> own drafts as well, starting perhaps with the vulnerability >>>> scenario, but also considering our requirements and other drafts. >>>> >>>> On Jun 9, 2016, at 7:44 PM, Gunnar Engelbach >>>> <gunnar.engelbach@threatguard.com> wrote: >>>> >>>> >>>> >>>> Hey Tony, funny thing that you should say that. You seem to >>>> have a better awareness of the other efforts going on out there >>>> than I do, so I could use your help in identifying other good >>>> candidates and what will be necessary to support as many of >>>> them as possible. >>>> >>>> What I'd really like to do is take a more formal approach -- >>>> gather some requirements and then see from among the existing >>>> efforts which is the best from among those that are good >>>> enough. If any. >>>> >>>> But first is a matter of setting the requirements. Stated >>>> generally, I really only have three: >>>> >>>> 1) Is extensible -- as a fork outside of the current owner, >>>> if necessary, to be sure it continues to meet SACM needs >>>> without relying on the good graces of the current owner >>>> >>>> 2) Readily accessible (eg., spec is not cost prohibitive for >>>> any users) >>>> >>>> 3) The most complete (that is, closest to being able to >>>> represent the other tag types without loss of data or >>>> shoe-horning data into fields that weren't really meant for >>>> that type of data) >>>> >>>> >>>> I'm sure Charles, et al, will have other requirements, so feel >>>> free to chime in. However, I think the simpler and more >>>> informal we can keep this list the quicker we can grind through it. >>>> >>>> >>>> --gun >>>> >>>> >>>> >>>> On 6/9/2016 2:33 PM, Tony Rutkowski wrote: >>>> >>>> Hi Adam, >>>> >>>> A good solution. Charles and Gunnar should also engage >>>> in some proactive outreach. Simply stating that "no other >>>> solutions to the problem of software identification have >>>> been submitted" is preposterous when there are so many >>>> out there. IMHO, one of the long-standing problems with >>>> SACM is its institutional and participatory insularity in an >>>> arena where so many almost identical activities are occurring >>>> in other venues where there is far greater industry >>>> participation. >>>> Ignoring them diminishes the value of whatever SACM >>>> accomplishes. >>>> >>>> --tony >>>> >>>> On 2016-06-09 3:47 PM, Adam Montville wrote: >>>> >>>> All: >>>> After several on-list discussions, the last virtual >>>> interim, and the discussions surrounding this call for >>>> adoption, the chairs acknowledge that there are some >>>> key concerns with this draft, but also see that there >>>> is rough consensus for adoption. We additionally note >>>> that no other solutions to the problem of software >>>> identification have been submitted to the working group >>>> [1]. >>>> Because the topic of software identification, and SWID >>>> in particular, appears to be a contentious one, we are >>>> designating Charles Schmidt and Gunnar Engelbach as >>>> editors of the working group draft [2]. We believe >>>> that Charles and Gunnar will bring the necessary >>>> balance to this draft, so that the key concerns are >>>> sufficiently addressed. >>>> Kind regards, >>>> Adam & Karen >>>> [1] This draft adoption does not preclude future >>>> alternative submissions >>>> [2] Note that original authors will remain authors, but >>>> Charles and Gunnar will hold the pen. >>>> >>>> On May 17, 2016, at 11:21 AM, Karen O'Donoghue >>>> <odonoghue@isoc.org> wrote: >>>> Folks, >>>> As discussed during our last couple of meetings, >>>> this is the official call for adoption of >>>> https://datatracker.ietf.org/doc/draft-coffin-sacm-nea-swid-patnc/ as >>>> a SACM working group document. >>>> Please reply with any comments or concerns along >>>> your support of this action to the mailing list. >>>> Thanks, >>>> Karen and Adam >>>> _______________________________________________ >>>> sacm mailing list >>>> sacm@ietf.org <mailto:sacm@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/sacm >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> >>>> sacm mailing list >>>> >>>> sacm@ietf.org <mailto:sacm@ietf.org> >>>> >>>> https://www.ietf.org/mailman/listinfo/sacm >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> >>>> sacm mailing list >>>> >>>> sacm@ietf.org <mailto:sacm@ietf.org> >>>> >>>> https://www.ietf.org/mailman/listinfo/sacm >>>> >>>> _______________________________________________ >>>> sacm mailing list >>>> sacm@ietf.org <mailto:sacm@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/sacm >>> >> >
- Re: [sacm] Call for adoption of draft-coffin-sacm… Adam Montville
- Re: [sacm] Call for adoption of draft-coffin-sacm… Haynes, Dan
- Re: [sacm] Call for adoption of draft-coffin-sacm… Gunnar Engelbach
- Re: [sacm] Call for adoption of draft-coffin-sacm… Adam Montville
- [sacm] Call for adoption of draft-coffin-sacm-nea… Karen O'Donoghue
- Re: [sacm] Call for adoption of draft-coffin-sacm… Romascanu, Dan (Dan)
- Re: [sacm] Call for adoption of draft-coffin-sacm… Tony Rutkowski
- Re: [sacm] Call for adoption of draft-coffin-sacm… Michael Godsey
- Re: [sacm] Call for adoption of draft-coffin-sacm… Tony Rutkowski
- Re: [sacm] Call for adoption of draft-coffin-sacm… Jerome Athias
- Re: [sacm] Call for adoption of draft-coffin-sacm… Michael Godsey
- Re: [sacm] Call for adoption of draft-coffin-sacm… Tony Rutkowski
- Re: [sacm] Call for adoption of draft-coffin-sacm… Schmidt, Charles M.
- Re: [sacm] Call for adoption of draft-coffin-sacm… Tony Rutkowski
- Re: [sacm] Call for adoption of draft-coffin-sacm… Gunnar Engelbach
- Re: [sacm] Call for adoption of draft-coffin-sacm… Cheikes, Brant A.
- Re: [sacm] Call for adoption of draft-coffin-sacm… Gunnar Engelbach
- Re: [sacm] Call for adoption of draft-coffin-sacm… Schmidt, Charles M.
- Re: [sacm] Call for adoption of draft-coffin-sacm… Adam Montville
- Re: [sacm] Call for adoption of draft-coffin-sacm… Schmidt, Charles M.
- Re: [sacm] Call for adoption of draft-coffin-sacm… Gunnar Engelbach
- Re: [sacm] Call for adoption of draft-coffin-sacm… Gunnar Engelbach
- Re: [sacm] Call for adoption of draft-coffin-sacm… Schmidt, Charles M.
- Re: [sacm] Call for adoption of draft-coffin-sacm… Schmidt, Charles M.
- Re: [sacm] Call for adoption of draft-coffin-sacm… Gunnar Engelbach
- Re: [sacm] Call for adoption of draft-coffin-sacm… Schmidt, Charles M.
- Re: [sacm] Call for adoption of draft-coffin-sacm… Schmidt, Charles M.
- Re: [sacm] Call for adoption of draft-coffin-sacm… Gunnar Engelbach
- Re: [sacm] Call for adoption of draft-coffin-sacm… Adam Montville
- Re: [sacm] Call for adoption of draft-coffin-sacm… Tony Rutkowski
- Re: [sacm] Call for adoption of draft-coffin-sacm… Adam Montville
- Re: [sacm] Call for adoption of draft-coffin-sacm… Tony Rutkowski
- Re: [sacm] Call for adoption of draft-coffin-sacm… Gunnar Engelbach
- Re: [sacm] Call for adoption of draft-coffin-sacm… Adam Montville
- Re: [sacm] Call for adoption of draft-coffin-sacm… Romascanu, Dan (Dan)