Re: [sacm] Initial comments on ECP draft
Jessica Fitzgerald-McKay <jmfmckay@gmail.com> Fri, 11 August 2017 17:38 UTC
Return-Path: <jmfmckay@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6C5512711B for <sacm@ietfa.amsl.com>; Fri, 11 Aug 2017 10:38:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N0XYXAeI22sK for <sacm@ietfa.amsl.com>; Fri, 11 Aug 2017 10:38:28 -0700 (PDT)
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B215131CA2 for <sacm@ietf.org>; Fri, 11 Aug 2017 10:38:28 -0700 (PDT)
Received: by mail-vk0-x229.google.com with SMTP id n125so15780338vke.1 for <sacm@ietf.org>; Fri, 11 Aug 2017 10:38:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=VPHCd7WVWAINqDxrCV8PXVgRD4FRGF7ihSS3OJdegtk=; b=BYDvdLQyUlrlBOufk3uomxRo3GIDc/IGNiR49ABEaY4v8ZLy0mRm0THOHpPB6oZMx7 9RzGb1PyWpCdZgy3Mhk6ezlJaKG/V8++fM0f1XsNRnywCMwcXBrM6s/vudw3yLkcsYZE 5uEpYO23o91ycSJjkoF/laJ/Q7EsDkrRz3AtJIn5qOu2Wf0uAHmkYZoUqBmqNRQ7ZiLJ 0Afar1wTTvfmWGzfRMtIitGv4HMhmGJYGyQGke6S0Z1MGA2S+2/79nQAqc8MP9olnZD6 tNIfsy8A+E8p55KnoSUS80fVrhQK07+I3s6A+4gakIMc8brFXtd+h81RDfWBJurlcakt fzNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=VPHCd7WVWAINqDxrCV8PXVgRD4FRGF7ihSS3OJdegtk=; b=FsKdllVb+iC8+PMHZ8ohA0O2kpW7lfyTfxlORgHFfjwyjGaZPMfAXcE81q2gtm+PSe 8dvMFRDV8qUrxnavKWe8T1NGiXZIIGtZFr6UM+SNdCgWJALLqMwyKjrmOnVhYi4wEYN8 ANNHCWT8E5ZKY3NMD+CvL+8rCAfSUMTASw5UAxNnBqsOjD5btBPFrdYBWSNHlpGVc5kA eazEXwZut+cps2iDqPk5UeGfGWNt8avDO8K6d56kg1BDrleG+sMwk1zgWXJHXnqg6nYw 661e7KeC3/ImBeSrD/9Y2dAOEVOPHyQxhX9wkK3brHtrXzBkGLg3HwknlPMvlI9ZQJ/O UJ+Q==
X-Gm-Message-State: AHYfb5gtL1P9x5hl/teQ9wfuzRNTlhHL7dtTAl3RSjn5O+QLkOt5IJdT FovOFyXXqXJ5CJnT3gQkStV8j7E2eA==
X-Received: by 10.31.61.198 with SMTP id k189mr11377729vka.134.1502473107496; Fri, 11 Aug 2017 10:38:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.77.96 with HTTP; Fri, 11 Aug 2017 10:38:27 -0700 (PDT)
In-Reply-To: <CACknUNUvUDdiEOrmvuep4ji8jBJ+KkGO1vyNVG8bZrirYTzFAQ@mail.gmail.com>
References: <CACknUNUvUDdiEOrmvuep4ji8jBJ+KkGO1vyNVG8bZrirYTzFAQ@mail.gmail.com>
From: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>
Date: Fri, 11 Aug 2017 13:38:27 -0400
Message-ID: <CAM+R6NUAk=b79A-Vr8a8L0atqPjNLYTgY52Nz69e6nvOvH1pzA@mail.gmail.com>
To: Adam Montville <adam.w.montville@gmail.com>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a114dac06db648905567dc724"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/WXaSr6uuuiiiGAoA83N48ke-Yjc>
Subject: Re: [sacm] Initial comments on ECP draft
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 17:38:31 -0000
Adam, Thanks for your comments. I agree, the draft would do well to be up-leveled. We can drop the SWIMA requirement, and maybe describe it as an example of an implementation of a collector. What do you think? We might do well to genericize the collection capability over all, really. NEA is a good mechanism to collect event-driven data from a client or a server, but there are others (for example, yang push). Regarding the pub/sub repository interface, I agree. It would be a great opportunity at IETF 100. I will definitely update the Controls reference. Thanks for catching that. We put IF-IMC and IF-IMV on hold during the SWIMA work. We could revive that effort, but I would like to be sure there is interest from the group before doing so. IF-IMC and IF-IMV improve coordination of communication between collectors and client, and between verifiers and servers, respectively. They have been implemented in strongSwan, so were likely a part of the hackathon effort at IETF 99. Andreas, am I correct there? Thanks, Jess On Fri, Aug 4, 2017 at 7:23 AM, Adam Montville <adam.w.montville@gmail.com> wrote: > Now that the ECP draft has been marked as adopted, I'd like to make some > comments. > > The draft seems primarily concerned with endpoint software inventory > rather than collection of generic attribute state. The abstract doesn't > limit the draft to software inventory, but other (obvious) statements in > the draft certainly do. To me, this draft needs to more clearly articulate > how other categories of endpoint state can be collected (doesn't SWIMA > handle the software attributes a bit anyway)? > > For example, see the first bullet in 4.2.3. (non use cases). It seems > that, given we have the SWIMA draft, that we should evolve ECP to be about > the framework for collection - we should entertain collection of other > types of posture information in this draft. > > Additionally, the last bullet in 4.2.3 talks about a pub/sub repository > interface. I would like the group (perhaps as part of our IETF 100 > hackathon efforts) to consider how XMPP grid may support this notion. > > Please change the reference to SANS "20 Critical Security Controls" to the > current CIS Controls. > > Finally, 5.2 mentions: "Any PC used in an Endpoint Compliance Profile > solution MUST be conformant with [IF-IMC]; an Internet-Draft, under > development, that is a subset of the TCG TNC Integrity Measurement > Collector interface [IF-IMC] and will be submitted in the near future." > Which Internet-Draft is being referenced? If not yet available, I'd like to > see this sooner rather than later, because it's going to be hard to fully > evaluate ECP otherwise. Also, does the same apply for IF-IMV? > > Kind regards, > > Adam > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm > >
- [sacm] Initial comments on ECP draft Adam Montville
- Re: [sacm] Initial comments on ECP draft Jessica Fitzgerald-McKay
- Re: [sacm] Initial comments on ECP draft Andreas Steffen
- Re: [sacm] Initial comments on ECP draft Adam Montville