Re: [sacm] Eric Rescorla's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
"Schmidt, Charles M." <cmschmidt@mitre.org> Tue, 20 February 2018 14:21 UTC
Return-Path: <cmschmidt@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C82AE127010; Tue, 20 Feb 2018 06:21:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yGm1xJ363LzW; Tue, 20 Feb 2018 06:21:34 -0800 (PST)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id D7009127698; Tue, 20 Feb 2018 06:21:33 -0800 (PST)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id E6CB36C0040; Tue, 20 Feb 2018 09:21:32 -0500 (EST)
Received: from imshyb02.MITRE.ORG (unknown [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id D32F66C001A; Tue, 20 Feb 2018 09:21:32 -0500 (EST)
Received: from imshyb02.MITRE.ORG (129.83.29.3) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 20 Feb 2018 09:21:32 -0500
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Tue, 20 Feb 2018 09:21:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tZnKEacPGrb0xgt5OylPeGEylfVcTO3Kng8d/PqTKRE=; b=Qdx+DP/33xxGSgoGPzt9kGyQnTuhpgsCrEFI9es1elT4x8xNDlHgs6CYKNLlKboDi3nYCTi8b9tPM1iExsIbhbOtm477nAqFaKgwqp4rSOI01hHi7eEZzZ9ar0tJcmShFn59Y3ksVOCHaSvhOWqMllpq6Ybo0hqiGwo9Ja0i8Xo=
Received: from DM5PR0901MB2375.namprd09.prod.outlook.com (52.132.133.18) by DM5PR0901MB2376.namprd09.prod.outlook.com (52.132.133.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Tue, 20 Feb 2018 14:21:30 +0000
Received: from DM5PR0901MB2375.namprd09.prod.outlook.com ([fe80::21b9:ccf6:187e:85e1]) by DM5PR0901MB2375.namprd09.prod.outlook.com ([fe80::21b9:ccf6:187e:85e1%13]) with mapi id 15.20.0506.023; Tue, 20 Feb 2018 14:21:30 +0000
From: "Schmidt, Charles M." <cmschmidt@mitre.org>
To: Eric Rescorla <ekr@rtfm.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-sacm-nea-swima-patnc@ietf.org" <draft-ietf-sacm-nea-swima-patnc@ietf.org>, "sacm@ietf.org" <sacm@ietf.org>, Karen O'Donoghue <odonoghue@isoc.org>, "sacm-chairs@ietf.org" <sacm-chairs@ietf.org>, "odonoghue@isoc.org" <odonoghue@isoc.org>, "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: Eric Rescorla's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
Thread-Index: AQHTqaJft4cD3GW5akqrc1AlBpEBAKOtUpFg
Date: Tue, 20 Feb 2018 14:21:30 +0000
Message-ID: <DM5PR0901MB2375D9F81A87C7FB44F934F1ABCF0@DM5PR0901MB2375.namprd09.prod.outlook.com>
References: <151905929469.18606.10098529260116686519.idtracker@ietfa.amsl.com>
In-Reply-To: <151905929469.18606.10098529260116686519.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cmschmidt@mitre.org;
x-originating-ip: [192.160.51.86]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR0901MB2376; 7:VfDjLi+tiXvHrHmsJI+JS10LFujH2ua7qUI8ueAWO714jAa5+z3jYpX7z6yFf5GfWaNYuGM7HR+HJgMRInIS94EuL+SmxB8kVlZmk+vBSiz6efy0ohnnZPjjxYfjJEvYnaI+EyIZ8hUhIxaeity8e1OlKm/IMBJJh+wzxzQYljBEexNS7ja3YkOFY7/G0YXEcbQE3Bp5jnrOR+uBrK5PLvy+8v/YhCFCNPtxanWIChi5zbPIDBhYezH35OfFnVdP
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 4624d92b-7164-4e7c-1813-08d5786d3c79
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:DM5PR0901MB2376;
x-ms-traffictypediagnostic: DM5PR0901MB2376:
x-microsoft-antispam-prvs: <DM5PR0901MB23761FFE1B88303E0B5362B2ABCF0@DM5PR0901MB2376.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(3231101)(944501161)(10201501046)(6055026)(6041288)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011); SRVR:DM5PR0901MB2376; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0901MB2376;
x-forefront-prvs: 05891FB07F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(39380400002)(346002)(366004)(396003)(13464003)(189003)(199004)(99286004)(81166006)(229853002)(81156014)(7736002)(7696005)(8676002)(316002)(25786009)(55016002)(186003)(8936002)(8666007)(5660300001)(6436002)(6116002)(5250100002)(68736007)(97736004)(2950100002)(3846002)(54906003)(106356001)(110136005)(74316002)(305945005)(2906002)(59450400001)(3660700001)(53546011)(33656002)(102836004)(3280700002)(53936002)(76176011)(966005)(66066001)(6506007)(6246003)(2900100001)(26005)(14454004)(86362001)(9686003)(478600001)(6306002)(105586002)(4326008)(486264002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0901MB2376; H:DM5PR0901MB2375.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
x-microsoft-antispam-message-info: +DRPVDNKkYpNraOpgx8UYOUyw/3wrcu3Pf4jWVdzb1TRlQvkURf7fOg8/vV72oT/53VXxcETnV9Y1Y0NsgQhiBEgL0cI28ZZKTSGsfvPJvZZHUquRCEhXjU0fus1etOshxz5n9L4YGbysvB77xs9ngigKyb8Vu7rvfcWcoNA6Us=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 4624d92b-7164-4e7c-1813-08d5786d3c79
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2018 14:21:30.3193 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0901MB2376
X-OriginatorOrg: mitre.org
X-MITRE: 8GQsMWxq66rxk57w
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/xcsZaETiWbvVs0Z7NSQFhDYl6Sw>
Subject: Re: [sacm] Eric Rescorla's No Objection on draft-ietf-sacm-nea-swima-patnc-02: (with COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2018 14:21:37 -0000
Hello Eric,
Thank you very much for the comments. I have only two follow-up questions:
> An EID is a 4-byte unsigned integer that the SWIMA-PC assigns
> sequentially to each observed event (whether detected in real-time or
> What byte order?
Section 5.3 (Message Diagram Syntax) states that "Multi-octet fields representing numeric values MUST be sent in network (big-endian) byte order." I have tweaked this to simply say "All fields representing numeric values MUST be sent in network (big-endian) byte order". Is this sufficient or do feel that this should be reiterated in the individual field descriptions? (I did go through and make sure that every integer is explicitly "unsigned", per your other comment.)
> event records MUST only contain events with EIDs that all come from
> the current Epoch.
> How does the SWIMA-PC garbage collect? It seems like the answer is it can
> just change epochs?
You are correct. The second paragraph of section 3.7.1 (Event Identifiers) states that "In the case where a SWIMA-PC needs to reset its EID counter, either because it has exhausted all available EID values or because the SWIMA-PC's event log becomes corrupted, then a new EID Epoch MUST be selected." Apart from that passing mention, I don't believe the document makes any comment. Do you feel additional emphasis on this topic is necessary?
Finally, an aesthetic check on repeated fields. I have attempted the following:
--------------
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | Event Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Request ID Copy / Subscription ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID Epoch |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Last EID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Last Consulted EID |
=================================================================
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Timestamp
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Timestamp
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Timestamp
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Timestamp |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Record Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Model Type PEN |Data Model Type|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Id Num | Action | Software Identifier Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Software Identifier (variable length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Software Locator Length |Software Locator (variable len)|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8: Software Identifier Events Attribute
Everything after the line of double bars (======) is repeated a
number of times equal to Event Count.
-------------
Do you feel that this clarifies the repeated fields in the diagram? The alternative would be to do something like:
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | Event Count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Request ID Copy / Subscription ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID Epoch |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Last EID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Last Consulted EID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| SUB-BLOCK (Event Count times) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure n: Main message
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| EID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Timestamp
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Timestamp
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Timestamp
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Timestamp |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Record Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Model Type PEN |Data Model Type|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Id Num | Action | Software Identifier Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Software Identifier (variable length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Software Locator Length |Software Locator (variable len)|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure M: Sub-block
I'm interested in your thoughts as to which of these better clarifies the nature of the repeated fields.
Thanks again for your help.
Charles
> -----Original Message-----
> From: Eric Rescorla [mailto:ekr@rtfm.com]
> Sent: Monday, February 19, 2018 10:55 AM
> To: The IESG <iesg@ietf.org>
> Cc: draft-ietf-sacm-nea-swima-patnc@ietf.org; sacm@ietf.org; Karen
> O'Donoghue <odonoghue@isoc.org>; sacm-chairs@ietf.org;
> odonoghue@isoc.org; sacm@ietf.org
> Subject: Eric Rescorla's No Objection on draft-ietf-sacm-nea-swima-patnc-02:
> (with COMMENT)
>
> Eric Rescorla has entered the following ballot position for
> draft-ietf-sacm-nea-swima-patnc-02: No Objection
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> More detail in context at: https://mozphab-
> ietf.devsvcdev.mozaws.net/D3336
>
> IMPORTANT
> I consider the following comment important, though I have chosen to make
> it a comment rather than a discuss.
>
> Software records on an endpoint are generally not considered to be
> sensitive, although there can be exceptions to this generalization as
> noted in the section on Privacy Considerations. In general, an
>
> I'm not sure where "generally" comes from. I consider it
> sensitive and we know that people have been jailed for running certain
> software. Even the rest of this section provides strong evidence that
> this is sensitive. So I think you should remove this claim and rewrite
> this paragraph to acknowledge that this is sensitive information
>
> MINOR
> The primary use of exchanging software inventory information over the
> PA-TNC interface is to enable a challenger (e.g. NEA Server) to
> obtain inventory evidence about some system in a way that conforms to
> Nit: e.g.,
>
> endpoint is providing false information, either through malice or
> error, but instead focuses on correctly and reliably providing the
> reported Software Inventory Evidence Collection to the NEA Server.
> This seems like a pretty significant narrowing of the use cases. Can you
> explain what use cases this is useful for if the machine can lie?
>
> A Record Identifier is a 4-byte integer generated by the SWIMA-PC
> that is uniquely associated with a specific record within the
> In what byte order? Signed or unsigned? If it's actually an integer this is
> important.
>
> that SWIMA-PV), the SWIMA-PC MUST assign that source a Source
> Identification Number, which is an 8-bit unsigned integer. Each item
> reported includes the Source Identification Number that provided that
> What happens if you have 256 sources? Must these be sequential?
>
> record that is no longer available, the SWIMA-PC SHOULD return a
> 0-length record.
> Is this different from what happens if you are requested to send something
> that
> never existed? If so, is this a recipe for unlimited growth.
>
> An EID is a 4-byte unsigned integer that the SWIMA-PC assigns
> sequentially to each observed event (whether detected in real-time or
> What byte order?
>
> very first recorded event in a SWIMA-PC's records within an EID Epoch
> MUST be assigned a value of 1 or greater. Note that EID and EID
> Epoch values are assigned by the SWIMA-PC without regard to whether
> Why "or greater" this is the only place you allow a gap.
>
> event records MUST only contain events with EIDs that all come from
> the current Epoch.
> How does the SWIMA-PC garbage collect? It seems like the answer is it can
> just
> change epochs?
>
> records. This ensures that every partial list of event records is
> always complete within its indicated range.
> Is the point here that the list must be consecutive?
>
> | | (8) | PA-TNC specification [RFC5792]. |
> +--------------+------------+---------------------------------------+
> It's up to you, but isn't this table largely duplicative of S 5.2?
>
> | Software Identifier Length | Software Identifier (var len) |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> OK, I think I see what's going on here: you can have an arbitrary number of
> instances of this block. Maybe you should show more than one in the
> diagram
> with an indication that it's controlled by SWID Count? Or a .... or something?
> This comment applies to the other PDUs in this document as well.
>
> | Timestamp |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> | Timestamp |
> I would not put lines between these timestamp fields because they are
> actually
> one giant field
>
>
- [sacm] Eric Rescorla's No Objection on draft-ietf… Eric Rescorla
- Re: [sacm] Eric Rescorla's No Objection on draft-… Schmidt, Charles M.
- Re: [sacm] Eric Rescorla's No Objection on draft-… Eric Rescorla
- Re: [sacm] Eric Rescorla's No Objection on draft-… Schmidt, Charles M.