Re: [sacm] Milestones for recharter - FEEDBACK needed ASAP
Adam Montville <adam.w.montville@gmail.com> Thu, 16 November 2017 03:59 UTC
Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B99A0127010 for <sacm@ietfa.amsl.com>; Wed, 15 Nov 2017 19:59:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z0ZWa6vQF4WZ for <sacm@ietfa.amsl.com>; Wed, 15 Nov 2017 19:59:43 -0800 (PST)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63CFE124BE8 for <sacm@ietf.org>; Wed, 15 Nov 2017 19:59:43 -0800 (PST)
Received: by mail-io0-x234.google.com with SMTP id 134so3876505ioo.0 for <sacm@ietf.org>; Wed, 15 Nov 2017 19:59:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JoB5FCPBeDxcbZ2acmYo9maahIrCrJfTAIUIBLaQsLs=; b=TQl6iX5rTB0dJYLMFX7MNVVKSyTt8wmGDndUNMyyXVLhg/Vg/GoNCfkOQm2PiYkP+O 10a6mXoyUGAgc7c0mnLiLo4PNhk+3U9TgD2MX6+//K7kLIwiX9zhzXC1AwG9dS7Niz4s iSWhxF7RTRB3jYQouXTjDojlpfR/AcaPP0DkgCeHPzGvIsWCl7xm8juWsCwxC/ByuK3Q 3OT83nHtRJNQXpL4hyj4YzurzYUFQntYxMJVe3M4bml12KiiS3KlC5SddXRGy5PSji9F /1mKrnmIpzxNBrRJft+14aXBZdyKBGl1ySw2qsif9r4c3sQCzWsgVbTyCf8yXT6hNC29 UFkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JoB5FCPBeDxcbZ2acmYo9maahIrCrJfTAIUIBLaQsLs=; b=SwMKmSekCnPpROHLasQrqKYl6s3dqrwil+Aw02COORm3omtIZqOWX15C+hHrvUIdXO qr39KVOl1U0DMV1gfQqWo5WGI716RZ+ZX7Yvs+6ttPqZBexvh9CmTz/zQ1iElR4GdzUI DyIFWCPrRrpYPb0ysLWZ5SX757EJ0ucCVlaX82ZC4K4LWeCiV6EvAprKL+iu/+ql1mq7 QDyl4nusoiQ81+R/nareNBl6hZo9VJi3IaX+pR+iVJPlMISbnolc/BO4YF8139EkuxPT 8RqOQi1uCmnuT4SgIvprwWVbds96chz8P7L3PcEZRaa0qw9aiRH9wGGBeNjo23y5yLFp E4XQ==
X-Gm-Message-State: AJaThX7TFTnGoOjXGGFr2Nk2yJjHRnHhCKoPQY1a3MuyXqE7ypt7S+f2 zZwKX3Ok4yHTVOMEjLvknmir0BvgVXBA+HWwaK3qyQ==
X-Google-Smtp-Source: AGs4zMbNci3JXx/JZw2uHoC/yEa6GQQx87e12EKZvvENATkww7sQODgogAaUd+jsZA4740pEO1NcjBIdf0M2SuUBhvg=
X-Received: by 10.107.33.18 with SMTP id h18mr287383ioh.167.1510804782136; Wed, 15 Nov 2017 19:59:42 -0800 (PST)
MIME-Version: 1.0
References: <etPan.5a0bd4f3.4a5e4576.17eb5@cert.org> <CACknUNUP3nM1OxWvExtSLm-RL-YjEsk+Tr9gTjYZybf-HoQ1hA@mail.gmail.com> <5ed05603-8132-e254-5ad6-17e20eef6b9c@sit.fraunhofer.de>
In-Reply-To: <5ed05603-8132-e254-5ad6-17e20eef6b9c@sit.fraunhofer.de>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Thu, 16 Nov 2017 03:59:31 +0000
Message-ID: <CACknUNWZWw3SGUwcA9E_ww-=ZdKLUF8sXeLJb5bjYA8CWfCe3g@mail.gmail.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Cc: sacm@ietf.org
Content-Type: multipart/alternative; boundary="001a1141bbf65d41c3055e11a64b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/wfUpBFc8iB7eSZvqbSzND8FwjCE>
Subject: Re: [sacm] Milestones for recharter - FEEDBACK needed ASAP
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 03:59:47 -0000
Henk, thanks for the comments. They seem reasonable. Interested in what others think of the list. Chairs, is this getting us toward relating milestones to specific work items in the charter? On Thu, Nov 16, 2017 at 11:23 AM Henk Birkholz < henk.birkholz@sit.fraunhofer.de> wrote: > Hi Adam, > > comments inline. > > Viele Grüße, > > Henk > > > > On 11/15/2017 03:09 PM, Adam Montville wrote: > > Chris & Karen, > > > > Thanks for sending this out. Here are some thoughts that Bill and I have > > on getting milestones built out from our possible work items. I've > > organized this note by work item in the order they appear in our draft > > charter presently under consideration. Before getting into the > > per-work-item notes, I thought it would be good to list the drafts we > > think could be created in pursuit of fulfilling our charter. > > > > =========== > > > > *Draft Suggestions (without timelines):* > > Given all of the above, the following could be milestone items (i.e. > > drafts): > > > > * Endpoint identification and targeting > > * Endpoint element description > > * ECP > > * SWIMA > > * Criteria/evaluation language > > * Datastream over transfer mechanism > > * ECP over transfer mechanism > > * YANG-push over transfer mechanism > > * IPFIX over transfer mechanism > > * CoSWID > > * General purpose OS posture collection best practice > > * Web server posture collection best practice > > * Database server posture collection best practice > > * ROLIE software descriptor > > * ROLIE configuration checklist information type > > * ROLIE configuration descriptor > > * ROLIE vulnerability information descriptor > > > > Other drafts: > > > > * Terminology > > * Architecture / data interchange api/concept of operations > > * > > Transfer protocol(s) - spring 2019 (PT-TLS/XMPP-Grid/others) > > * > > Lang/api for developing guidance - fall 2019 (orchestration) > > > > (These last three may be useful for supporting development of the drafts > > previously listed.) > > > > ============ > > > > *First Possible Work Item:* > > "Define a way to provide three types of guidance to the correct SACM > > collectors: 1) Which target endpoints to collect from and, 2) what to > > collect from these target endpoints, and 3) How quickly after an > > attribute change information must be collected." > > > > First, we have the opinion that the third type of guidance presumes a > > specific solution and on that basis should be considered for removal (I > > know this might be late). > > "Transfer protocol(s) - spring 2019 (PT-TLS/XMPP-Grid/others)" seem(s) > to be able to provide these features? Respectively, see 2nd work item > below: "define extensions". > > > > > Second, given that this is an item to /provide/ three types of guidance > > to the correct SACM collectors, we need at least one delivery mechanism. > > It seems that ROLIE or XMPP-Grid could fulfill this need. We feel that > > there is probably a role for both. > > > > Third, this work item also implies that we have some manner of: > > > > 1. Endpoint identification and targeting > Target Endpoint Characterization? > > > 2. Endpoint element description > Target Endpoint Profiles? > > Both imply the definition of corresponding repository capabilities, I > think (maybe because we just created a PoC imperative guidance repo SACM > component at the Hackathon). > > > > > > > *Second Possible Work Item:* > > Define an extension of IETF NEA [https://ietf.org/wg/concluded/nea.html] > > to collect and deliver information about firmware, operating systems, > > and software installed on an endpoint. > > > > Here we feel that ECP (PT-TLS), along with SWIMA (software IDs over > > PT-TLS), provides the NEA extension. > > > > *Third Possible Work Item:* > > Describe a criteria language capable of being evaluated against endpoint > > posture information to produce a standardized result. > > > > This is TBD, but Dave and Stephen expressed interest in this item at > > IETF 99, and we assume that interest persists. > > Might need more specifica about the data at rest? Not sure if in scope, > though. > > > > > > > *Fourth Possible Work Item:* > > Define a control plane function to enable the discovery and > > orchestration between devices that can provide the requisite information > > sought by posture collectors, posture evaluators or both. > > > > The more we read this one the more we were confused by it. The intent > > seems to mean how information sources flow through the transfer > > mechanism (i.e. XMPP-Grid). From this perspective, we may need to define > > how many information sources are transferred over the given mechanism > > (i.e. XMPP-Grid). > > > > * Datastream (XCCDF+OVAL, etc.) > > * ECP (which may end up being more than SWIMA) > > * YANG-push > > * IPFIX > > * Etc. > > This seems to be a mix of transfer methods and payload definitions? In > regard to negotiation/selection of the corresponding data plane streams > there are always (at least) the two options of either an intermediary > (e.g. a broker) or a direct end-2-end data plane flow (which could also > be brokered/orchestrated). > > > > > > > *Fifth Possible Work Item:* > > Define a method of expressing software metadata that is suitable for use > > by constrained devices including a CBOR-based format derived from the > > ISO/IEC 19770-2 Software Identification (SWID) tag standard. > > > > This is, to us, clearly CoSWID. > > > > *Sixth Possible Work Item:* > > Define best practices for the collection of posture information from > > endpoints and its delivery to a collector, from which it can be > > distributed using the SACM messaging standards. > > > > For network devices, this has something like Frank and crew have cooked > > up, with the network device baselines (we'll reserve our comments on use > > of the term baseline for another discussion). But, this also implies > > that there are more such things to consider for things like Web servers, > > database servers, general purpose operating systems, real-time operating > > systems, IoT devices, and so on. > > I maybe wouldn't call this bas... oh, nvm, reserved for another > discussion ;) > > > > > *Seventh Possible Work Item:* > > Extend existing standards for information exchange to support the > > sharing of software, configuration information, and other forms of > > imperative guidance including extensions to the Resource-Oriented > > Lightweight Information Exchange (ROLIE). > > > > Obviously, this is leaning toward ROLIE, and we've got some drafts > > in-flight for such extensions already. We note, however, that this work > > item is not exclusive to ROLIE. Nevertheless, we have discussed software > > descriptors, configuration descriptors, checklist information type > > descriptor, vulnerability information descriptor, and so on. > > > > However, we also note that this seventh work item is strikingly similar > > to the fourth, and suggest that this seventh item be considered as a > > special case of the fourth. > > > > ============= > > > > Hopefully, this starts to elicit further discussion with respect to our > > milestones. > > > > Kind regards, > > > > Adam > > > > PS: Bill, please correct anything that I got wrong or missed from our > > discussion. > > > > > > > > > > On Wed, Nov 15, 2017 at 1:47 PM Chris Inacio <inacio@cert.org > > <mailto:inacio@cert.org>> wrote: > > > > For everyone in the room (in person or virtual) we discussed > > milestones that we would present along with our new charter text. > > This is what I captured during the meeting – admittedly with some > > significant liberties on my part: > > > > Milestones: > > ========== > > > > CoSWID - WGLC early 2018. (SWID data) (Collection) > > ROLIE SW extension - WGLC early 2018 (SWID data) (Share/Collect) > > ECP - mid 2018 (PT-TLS/IETF NEA data) (Collection/) > > > > Terminology - end of 2018 > > Architecture / data interchange api/concept of operations - end of > 2018 > > > > Transfer protocol(s) - spring 2019 (PT-TLS/XMPP-Grid/others) > > > > Lang/api for developing guidance - fall 2019 (orchestration) > > > > > > Please provide feedback ASAP so that the chairs can finish > > submitting the re-charter information by the end of the week. > > > > Thank you, > > Chris & Karen > > > > -- > > Chris Inacio > > inacio@cert.org <mailto:inacio@cert.org> > > > > _______________________________________________ > > sacm mailing list > > sacm@ietf.org <mailto:sacm@ietf.org> > > https://www.ietf.org/mailman/listinfo/sacm > > > > > > > > _______________________________________________ > > sacm mailing list > > sacm@ietf.org > > https://www.ietf.org/mailman/listinfo/sacm > > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm >
- [sacm] Milestones for recharter - FEEDBACK needed… Chris Inacio
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Adam Montville
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Henk Birkholz
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Adam Montville
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Waltermire, David A. (Fed)
- Re: [sacm] Milestones for recharter - FEEDBACK ne… Adam Montville
- [sacm] 答复: Milestones for recharter - FEEDBACK ne… Xialiang (Frank)