Re: [scap_interest] Scope of standards potentially moving to IETF

Sean Turner <turners@ieca.com> Thu, 16 February 2012 12:58 UTC

Return-Path: <turners@ieca.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B59221F8733 for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 04:58:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.265
X-Spam-Level:
X-Spam-Status: No, score=-103.265 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, GB_I_LETTER=-2, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iEUZJrxBdz07 for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 04:58:09 -0800 (PST)
Received: from gateway16.websitewelcome.com (gateway16.websitewelcome.com [69.56.185.3]) by ietfa.amsl.com (Postfix) with ESMTP id 1088421F872B for <scap_interest@ietf.org>; Thu, 16 Feb 2012 04:58:09 -0800 (PST)
Received: by gateway16.websitewelcome.com (Postfix, from userid 5007) id 48A6FB920B89A; Thu, 16 Feb 2012 06:58:08 -0600 (CST)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway16.websitewelcome.com (Postfix) with ESMTP id 3B1E8B920B879 for <scap_interest@ietf.org>; Thu, 16 Feb 2012 06:58:08 -0600 (CST)
Received: from [71.191.6.218] (port=49091 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <turners@ieca.com>) id 1Ry0uU-0001Da-W4; Thu, 16 Feb 2012 06:58:07 -0600
Message-ID: <4F3CFD5E.2080106@ieca.com>
Date: Thu, 16 Feb 2012 07:58:06 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.1) Gecko/20120208 Thunderbird/10.0.1
MIME-Version: 1.0
To: Adam Montville <amontville@tripwire.com>, "david.oliva@verizon.net" <david.oliva@verizon.net>
References: <CB6120FE.935D%amontville@tripwire.com>
In-Reply-To: <CB6120FE.935D%amontville@tripwire.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-71-191-6-218.washdc.east.verizon.net (thunderfish.local) [71.191.6.218]:49091
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 2
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: "scap_interest@ietf.org" <scap_interest@ietf.org>
Subject: Re: [scap_interest] Scope of standards potentially moving to IETF
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2012 12:58:13 -0000

(assuming there is a WG) It's mostly up to the WG.  There's still 
IETF-wide, IESG and external party review of WG charters.

More inline below ...

spt

On 2/15/12 11:50 AM, Adam Montville wrote:
> Hi David,
>
> I think the answer to all three of your questions is really that it's all up to the working group.  The WG has an interest in ensuring interoperability, and standards are created based on running code.  USG may continue to require validation outside the context of the WG.  Finally, as the IETF is an open organization, participation from any organization, including USG, would be welcomed.
>
> Adam
>
> From:<david.oliva@verizon.net<mailto:david.oliva@verizon.net>>
> Date: Wed, 15 Feb 2012 10:42:34 -0600
> To:<mchernin@dtcc.com<mailto:mchernin@dtcc.com>>, kent_landfield<kent_landfield@mcafee.com<mailto:kent_landfield@mcafee.com>>,<scap_interest@ietf.org<mailto:scap_interest@ietf.org>>
> Subject: Re: [scap_interest] Scope of standards potentially moving to IETF
>
> Hello all:
>
> I also believe that SCAP can be used worlwide and should be marketted accordingly.
> Maybe allowing IETF to endorse them is a good idea.
>
> I just have a few questions.
>
> 1.  Would IETF also take a role in validating products?

Some lurking greybeards may correct me, but I can't think of a time when 
the IETF validated products - but maybe that depends on what you mean. 
I can think of many bake-offs/interop events and reports of such events 
that listed product x, y, and z and whether they interoperated on tests 
a, b, and c.  If by validation you're thinking a letter/certificate from 
the IETF saying product x is compliant with RFC ####, then I think that 
won't happen.

> 2.  What mechanisms does IETF provide that encourage the cooperation needed for incorporation future specifications?

An open, consensus driven standardization process would be my answer. 
List are open to anyone and drafts/RFCs are available for free.

> 3.  How would IETF take into account the input of U.S. Federal agencies in future specifications?

On USG participation, all participants in the IETF (including those of 
the USG or any other Gov't) participate as individuals.  They're free 
(in fact encouraged) to bring in-scope proposals to the WG.  Assuming 
there's a debate about a particular feature/option in their proposal, 
I'd expect them to defend their proposal just like everybody else does. 
  Rationale like "We're the USG and you shalt do it this way" isn't 
going to fly.  Rough consensus will rule the day.

> David Oliva
>
> On 02/15/12, Chernin, Michael A.<mchernin@dtcc.com<mailto:mchernin@dtcc.com>>  wrote:
>
> Kent, understood. Like the vendors, I do agree that certain standards need to go to IETF. But, today the only people that would be voting during IETF calls would be the federal government and security tool vendors. I am going to be hesitant in supporting a move of all standards until there are standards consumers (private sector customers) who will also be participating in IETF voting. I am trying to balance rapid development of standards using the IETF and complete vendor control of all standards. Once I see more consumer activity during voting, I will be more supportive of a large number of standards moving IETF.
>
> I know I am early and jumping the gun on this, but I just wanted to get my story out there. At this time no standards have been specifically identified and no specific action is required at this time.
>
> Aharon
>
> DTCC Non-Confidential (White)
> ---------------------------------------------------
> Michael "Aharon" Chernin
> Security Automation Program Manager
> Corporate Information Security -Depository Trust&  Clearing Corporation
> O: 813-470-2173
>
> From: Kent_Landfield@McAfee.com<mailto:Kent_Landfield@McAfee.com>  [mailto:Kent_Landfield@McAfee.com]
> Sent: Tuesday, February 14, 2012 6:09 PM
> To: Chernin, Michael A.; scap_interest@ietf.org<mailto:scap_interest@ietf.org>
> Subject: Re: [scap_interest] Scope of standards potentially moving to IETF
>
>> From my perspective TBD.
>
> There are some that are unencumbered from and IPR perspective and those are potential candidates. Others will have to move as the appropriate consensus  is achieved and IPR issues are addressed.
>
> The idea here from my perspective is to figure that out.
>
> Kent Landfield
> Director Content Strategy, Architecture and Standards
>
> McAfee | An Intel Company
> 5000 Headquarters Dr.
> Plano, Texas 75024
>
> Direct: +1.972.963.7096
> Mobile: +1.817.637.8026
> Web: www.mcafee.com<http://www.mcafee.com/>
>
> From: Michael Aharon Chernin<mchernin@dtcc.com<mailto:mchernin@dtcc.com>>
> Date: Tue, 14 Feb 2012 16:04:43 -0600
> To: "scap_interest@ietf.org<mailto:scap_interest@ietf.org>"<scap_interest@ietf.org<mailto:scap_interest@ietf.org>>
> Subject: [scap_interest] Scope of standards potentially moving to IETF
>
> I am just going to jump right on out there and ask. Which standards are we looking to go to IETF? Specific SCAP standards or the entire SCAP umbrella?
>
> Aharon
>
> DTCC Non-Confidential (White)
> ---------------------------------------------------
> Michael "Aharon" Chernin
> Security Automation Program Manager
> Corporate Information Security -Depository Trust&  Clearing Corporation
> O: 813-470-2173
>
> <BR>_____________________________________________________________
> <FONT size=2><BR>
> DTCC DISCLAIMER: This email and any files transmitted with it are
> confidential and intended solely for the use of the individual or
> entity to whom they are addressed. If you have received this email
> in error, please notify us immediately and delete the email and any
> attachments from your system. The recipient should check this email
> and any attachments for the presence of viruses.  The company
> accepts no liability for any damage caused by any virus transmitted
> by this email.</FONT>
> _______________________________________________
> scap_interest mailing list
> scap_interest@ietf.org<mailto:scap_interest@ietf.org>
> https://www.ietf.org/mailman/listinfo/scap_interest
>
>
> ________________________________
>
> _______________________________________________
> scap_interest mailing list
> scap_interest@ietf.org<mailto:scap_interest@ietf.org>
> https://www.ietf.org/mailman/listinfo/scap_interest
> _______________________________________________ scap_interest mailing list scap_interest@ietf.org<mailto:scap_interest@ietf.org>  https://www.ietf.org/mailman/listinfo/scap_interest
>
> _______________________________________________
> scap_interest mailing list
> scap_interest@ietf.org
> https://www.ietf.org/mailman/listinfo/scap_interest
>