IETF Logo Mail Archive

Re: [sacm] Ben Campbell's Discuss on draft-ietf-sacm-requirements-16: (with DISCUSS and COMMENT)

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Tue, 27 June 2017 18:06 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30FA5129B5B; Tue, 27 Jun 2017 11:06:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ssAiSHkhmd5z; Tue, 27 Jun 2017 11:06:55 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E8B8128768; Tue, 27 Jun 2017 11:06:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9616; q=dns/txt; s=iport; t=1498586815; x=1499796415; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=WPlHcoa/rYBL/Uv55fPsCF8J0Y0ncjqc7zVLM+Q7iYQ=; b=j0hesfEb1wcDldyqkLUU5LZZL+f+gwxnt0FM39I32bFf+PWqw2oc6Stg sG/HpcPvFHI+j2OLAGb1ymNcIp/OhvDyVR8TnUd0EIzR9Q0s3dxfKRqY+ ZD3aWq002xEJwXt9GLgkmKoiakSR0b/KECzDFNw3XIGHXBa+zEfrlNrcx g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CjAgD8nVJZ/5xdJa1cGgEBAQECAQEBAQgBAQEBg1hjgQ4Hg2WxfIIRhikCGoJnQRYBAgEBAQEBAQFrKIUZBiMRRRACAQgSCAImAgICMBUCDgIEAQkEBYowsFaCJotYAQEBAQEBAQEBAQEBAQEBAQEBAQEegQuCHIUtK4J5hDsSARyDEzCCMQWJVJUbApNpggqFSYNuhlOJK4t4ASYCL38LdBUfKhIBhH4cGYFNdoZsgSOBDQEBAQ
X-IronPort-AV: E=Sophos;i="5.40,271,1496102400"; d="scan'208";a="261269252"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Jun 2017 18:06:54 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id v5RI6rRB013513 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 27 Jun 2017 18:06:54 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 27 Jun 2017 14:06:53 -0400
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1210.000; Tue, 27 Jun 2017 14:06:52 -0400
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-sacm-requirements@ietf.org" <draft-ietf-sacm-requirements@ietf.org>, Karen O'Donoghue <odonoghue@isoc.org>, "sacm-chairs@ietf.org" <sacm-chairs@ietf.org>, "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: Ben Campbell's Discuss on draft-ietf-sacm-requirements-16: (with DISCUSS and COMMENT)
Thread-Index: AQHS7pIhjU8zcKr1zUmvwgnJ3MxZwqI40NuA
Date: Tue, 27 Jun 2017 18:06:52 +0000
Message-ID: <D00CDC54-8CC1-454A-B475-8EB90348483E@cisco.com>
References: <149849144588.31865.17392511624418268107.idtracker@ietfa.amsl.com>
In-Reply-To: <149849144588.31865.17392511624418268107.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1a.0.160910
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.86.242.203]
Content-Type: text/plain; charset="utf-8"
Content-ID: <DACF5AAF9F62EE46B138C956C066D74A@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/rJj-pCosaNtn-xU_TQSVk_Ix-aw>
Subject: Re: [sacm] Ben Campbell's Discuss on draft-ietf-sacm-requirements-16: (with DISCUSS and COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jun 2017 18:06:57 -0000

Thanks for resending Ben!  Some comments and responses below:

On 6/26/17, 8:37 AM, "Ben Campbell" <ben@nostrum.com> wrote:
    ----------------------------------------------------------------------
    DISCUSS:
    ----------------------------------------------------------------------
    
    (Resending because I forgot to hit the "send email" button this first time. No
    other change.)
    
    The SACM charter requires the group to " whenever reasonable and possible,
    reuse existing protocols, mechanisms, information and data models. " If that is
    reflected anywhere in the requirements, I missed it. (which is possible.) In
    particular, I think section 2.6 needs to include requirements to favor use of
    existing "transfer protocols".  (As written, T-001 seems almost tailored to
    counter arguments to "just use HTTP".)
[NCW] “Whenever reasonable and possible” imho is subjective, while we discussed 
existing data models and protocols such as OVAL, IF-MAP, IODEF, YANG,
etc.  The group concluded that it was best to include the phrase rather than call
out the ones raised in the group as new ones have arisen (e.g. leveraging SWID
and I think there is one to potentially use ROLIE).

There was also inconsistancies and ambiguities to the use of “transfer” vs “transport”
In the requirements draft, for which the intent is to define “transfer protocols”
Potentially reusing existing ones.
    
    
    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------
    
    General:
    
    - I agree with the other abstain positions that the content in this draft
    doesn't seem to warrant publication as an RFC. I'm not going to abstain over
    it, since I think that sort of discussion should occur at charter or milestone
    adoption time.
    
    - I don't think the contents of this draft warrant the use of 2119 keywords.
    While I think it reasonable to sometimes use 2119 keywords to add precision and
    clarity to requirements on standards work, many of the requirements in this
    draft seem vague and hand-wavy. All-caps MUSTs and SHOULDs only serve to give
    the appearance of precision and verifiability. I mention a few more glaring
    instances in my detailed comments, but those are not exhaustive.
[NCW] Noted.  As a requirements draft, 2119 is not applicable and I’ve made updates
to address that (e.g. the intent behind the use of MUST as a requirement vs. SHOULD
as a recommended feature/capability).
    
    Specifics:
    
    - 1.1, 2nd paragraph: If you stick with using normative keywords, but want to
    disclaim lower case versions, please consider switching to the boilerplate from
    RFC 8174.
[NCW] Clarifying language usage that is not 2119 should help.
    
    - 2.1 (and rest of document): I assume the requirements numbering scheme means
    something. It would be helpful to describe that scheme prior to use.
[NCW] Good suggestions. Yes, the numbering is meant to be used by the upcoming proposals to use
as describing how each of the proposals meet (or not) the specific requirements enumerated
in the draft.  I will add such a note in the draft.
    
    - g-001: "SACM MUST allow
        implementations to use their own extensions; either proprietary data
        models, protocols or extensions to SACM data models or protocols
        could be used though they are not considered to be SACM compliant."
    
    That seems to say that SACM must allow extensions, but those extensions would
    not be considered compliant. That seems like a contradiction. As worded with
    the MUST, it seems like it says SACM cannot prevent implementations from doing
    non-interoperable things.
[NCW] I would expect proprietary extensions to not be interoperable, but
the SACM elements to be compliant (I think this is true, for example of RADIUS
and the RADIUS defined AVPs enabling interop between implementations vs proprietary ones).

    
    - G-002: This is the whole point of IETF processes. It seems odd to state it as
    a requirement.
[NCW] The WG agreed to its inclusions…
    
    - g-003: It seems like you are using "datagram" in an unconventional way. A
    definition would help.
[NCW] I’ve changed “datagram” to “message” per Eric’s suggestion.
    
    - g-004: "...MUST be suitably specified..." is vague and unverifiable.
[NCW] Can you provide an alternate suggestion?  It is meant to leave room
to allow for different implementations to describe their flexibility or suitability
in different deployments so I can see the conclusion that it is vague.
    
    - G-005: "For interoperability and
        scope boundary,"
    I don't understand what "scope boundary" means in that clause.
[NCW] It is meant “within the SACM scope”.
    
    - G-006: Is this a requirement for e2e protection? It seems like it is, but the
    description is vague. In particular, I cannot tell if the mention of
    middleboxes is to say that middleboxes should not be able to read or modify
    traffic, or if it is to say that middleboxes may be part of the architecture
    and actually need that sort of access. (Also, the requirement title says
    "integrity", but the text seems to be about both integrity and confidentiality.)
[NCW] It is somewhat open as some mechanisms would rely on the underlying
transport (or transfer) security….and you are right, as it is both integrity and
confidentiality, I will change the requirement to be “Data Protection:.
    
    - G-015: "... accommodate considerations such as geographic,
        regulatory, operational and federations..." seems vague for use with a MUST.
[NCW]  The MUST goes to enabling different attributes to drive access control,
the exemplar list is only meant to be a short list and not hard requirements but
rather that the access control consider multiple attributes.
    
    - ARCH-004: "The fact that a centralized or
        decentralized deployment is used SHOULD be invisible to a consumer."
    Can you elaborate on why? Might not a consumer want to consider the nature of a
    data source?
[NCW] Yes, which is why it is a SHOULD….that is a consumer may not care or, to your
point, want to know the nature of the data source (and provenance).
    
    - 2.6: The section switches between saying "transport protocols" and "transfer
    protocols" Please be consistent.
[NCW] Thanks, yes….I’ve made the global update to “transfer” vs “transport”
    
    - T-001: I think this needs some elaboration, or a citation to elaboration
    somewhere else. Otherwise, it seems like this assertion opens the door for a
    lot of complexity and lack of interoperability.
[NCW] I’ve added an example with citations of where multiple transports may be applicable
 when using NEA.

v2.23.0 | Report a Bug | By Email