Re: [sacm] Ben Campbell's Discuss on draft-ietf-sacm-requirements-16: (with DISCUSS and COMMENT)
Ben Campbell <ben@nostrum.com> Thu, 20 July 2017 11:54 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18A8E131B05; Thu, 20 Jul 2017 04:54:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.881
X-Spam-Level:
X-Spam-Status: No, score=-1.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aqku3RoB9oCq; Thu, 20 Jul 2017 04:53:59 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25D63131C16; Thu, 20 Jul 2017 04:53:49 -0700 (PDT)
Received: from dhcp-890b.meeting.ietf.org (dhcp-890b.meeting.ietf.org [31.133.137.11]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v6KBrbL3081504 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 20 Jul 2017 06:53:39 -0500 (CDT) (envelope-from ben@nostrum.com)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <CAHbuEH5qKEGLAUG0xD5LG0EfjpENLEyxEQRyDxikGsSPqSGB7Q@mail.gmail.com>
Date: Thu, 20 Jul 2017 13:53:37 +0200
Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, The IESG <iesg@ietf.org>, "sacm-chairs@ietf.org" <sacm-chairs@ietf.org>, "draft-ietf-sacm-requirements@ietf.org" <draft-ietf-sacm-requirements@ietf.org>, Karen O'Donoghue <odonoghue@isoc.org>, "sacm@ietf.org" <sacm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <290AD327-90F6-4F28-8F78-323610BBBAEB@nostrum.com>
References: <149849144588.31865.17392511624418268107.idtracker@ietfa.amsl.com> <D00CDC54-8CC1-454A-B475-8EB90348483E@cisco.com> <CAHbuEH5qKEGLAUG0xD5LG0EfjpENLEyxEQRyDxikGsSPqSGB7Q@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/smdI8r8CuC2v904H1Sdtxd8nKFc>
Subject: Re: [sacm] Ben Campbell's Discuss on draft-ietf-sacm-requirements-16: (with DISCUSS and COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 11:54:01 -0000
I will take a look, Thanks! Ben. > On Jul 20, 2017, at 10:45 AM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > Hi Ben, > > Could you take a look through the response and updated draft to help > guide the editors/WG toward resolving your concerns? > > Thank you, > Kathleen > > On Tue, Jun 27, 2017 at 2:06 PM, Nancy Cam-Winget (ncamwing) > <ncamwing@cisco.com> wrote: >> Thanks for resending Ben! Some comments and responses below: >> >> On 6/26/17, 8:37 AM, "Ben Campbell" <ben@nostrum.com> wrote: >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> (Resending because I forgot to hit the "send email" button this first time. No >> other change.) >> >> The SACM charter requires the group to " whenever reasonable and possible, >> reuse existing protocols, mechanisms, information and data models. " If that is >> reflected anywhere in the requirements, I missed it. (which is possible.) In >> particular, I think section 2.6 needs to include requirements to favor use of >> existing "transfer protocols". (As written, T-001 seems almost tailored to >> counter arguments to "just use HTTP".) >> [NCW] “Whenever reasonable and possible” imho is subjective, while we discussed >> existing data models and protocols such as OVAL, IF-MAP, IODEF, YANG, >> etc. The group concluded that it was best to include the phrase rather than call >> out the ones raised in the group as new ones have arisen (e.g. leveraging SWID >> and I think there is one to potentially use ROLIE). >> >> There was also inconsistancies and ambiguities to the use of “transfer” vs “transport” >> In the requirements draft, for which the intent is to define “transfer protocols” >> Potentially reusing existing ones. >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> General: >> >> - I agree with the other abstain positions that the content in this draft >> doesn't seem to warrant publication as an RFC. I'm not going to abstain over >> it, since I think that sort of discussion should occur at charter or milestone >> adoption time. >> >> - I don't think the contents of this draft warrant the use of 2119 keywords. >> While I think it reasonable to sometimes use 2119 keywords to add precision and >> clarity to requirements on standards work, many of the requirements in this >> draft seem vague and hand-wavy. All-caps MUSTs and SHOULDs only serve to give >> the appearance of precision and verifiability. I mention a few more glaring >> instances in my detailed comments, but those are not exhaustive. >> [NCW] Noted. As a requirements draft, 2119 is not applicable and I’ve made updates >> to address that (e.g. the intent behind the use of MUST as a requirement vs. SHOULD >> as a recommended feature/capability). >> >> Specifics: >> >> - 1.1, 2nd paragraph: If you stick with using normative keywords, but want to >> disclaim lower case versions, please consider switching to the boilerplate from >> RFC 8174. >> [NCW] Clarifying language usage that is not 2119 should help. >> >> - 2.1 (and rest of document): I assume the requirements numbering scheme means >> something. It would be helpful to describe that scheme prior to use. >> [NCW] Good suggestions. Yes, the numbering is meant to be used by the upcoming proposals to use >> as describing how each of the proposals meet (or not) the specific requirements enumerated >> in the draft. I will add such a note in the draft. >> >> - g-001: "SACM MUST allow >> implementations to use their own extensions; either proprietary data >> models, protocols or extensions to SACM data models or protocols >> could be used though they are not considered to be SACM compliant." >> >> That seems to say that SACM must allow extensions, but those extensions would >> not be considered compliant. That seems like a contradiction. As worded with >> the MUST, it seems like it says SACM cannot prevent implementations from doing >> non-interoperable things. >> [NCW] I would expect proprietary extensions to not be interoperable, but >> the SACM elements to be compliant (I think this is true, for example of RADIUS >> and the RADIUS defined AVPs enabling interop between implementations vs proprietary ones). >> >> >> - G-002: This is the whole point of IETF processes. It seems odd to state it as >> a requirement. >> [NCW] The WG agreed to its inclusions… >> >> - g-003: It seems like you are using "datagram" in an unconventional way. A >> definition would help. >> [NCW] I’ve changed “datagram” to “message” per Eric’s suggestion. >> >> - g-004: "...MUST be suitably specified..." is vague and unverifiable. >> [NCW] Can you provide an alternate suggestion? It is meant to leave room >> to allow for different implementations to describe their flexibility or suitability >> in different deployments so I can see the conclusion that it is vague. >> >> - G-005: "For interoperability and >> scope boundary," >> I don't understand what "scope boundary" means in that clause. >> [NCW] It is meant “within the SACM scope”. >> >> - G-006: Is this a requirement for e2e protection? It seems like it is, but the >> description is vague. In particular, I cannot tell if the mention of >> middleboxes is to say that middleboxes should not be able to read or modify >> traffic, or if it is to say that middleboxes may be part of the architecture >> and actually need that sort of access. (Also, the requirement title says >> "integrity", but the text seems to be about both integrity and confidentiality.) >> [NCW] It is somewhat open as some mechanisms would rely on the underlying >> transport (or transfer) security….and you are right, as it is both integrity and >> confidentiality, I will change the requirement to be “Data Protection:. >> >> - G-015: "... accommodate considerations such as geographic, >> regulatory, operational and federations..." seems vague for use with a MUST. >> [NCW] The MUST goes to enabling different attributes to drive access control, >> the exemplar list is only meant to be a short list and not hard requirements but >> rather that the access control consider multiple attributes. >> >> - ARCH-004: "The fact that a centralized or >> decentralized deployment is used SHOULD be invisible to a consumer." >> Can you elaborate on why? Might not a consumer want to consider the nature of a >> data source? >> [NCW] Yes, which is why it is a SHOULD….that is a consumer may not care or, to your >> point, want to know the nature of the data source (and provenance). >> >> - 2.6: The section switches between saying "transport protocols" and "transfer >> protocols" Please be consistent. >> [NCW] Thanks, yes….I’ve made the global update to “transfer” vs “transport” >> >> - T-001: I think this needs some elaboration, or a citation to elaboration >> somewhere else. Otherwise, it seems like this assertion opens the door for a >> lot of complexity and lack of interoperability. >> [NCW] I’ve added an example with citations of where multiple transports may be applicable >> when using NEA. >> >> >> >> > > > > -- > > Best regards, > Kathleen
- [sacm] Ben Campbell's Discuss on draft-ietf-sacm-… Ben Campbell
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Nancy Cam-Winget (ncamwing)
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Kathleen Moriarty
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Ben Campbell
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Ben Campbell
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Nancy Cam-Winget (ncamwing)
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Ben Campbell
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Nancy Cam-Winget (ncamwing)
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Ben Campbell
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Nancy Cam-Winget (ncamwing)
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Ben Campbell
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Kathleen Moriarty
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Nancy Cam-Winget (ncamwing)
- Re: [sacm] Ben Campbell's Discuss on draft-ietf-s… Ben Campbell