Re: [Smart] CLESS side meeting notes
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 21 October 2019 13:38 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EB26120099 for <smart@ietfa.amsl.com>; Mon, 21 Oct 2019 06:38:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pl4Z_ed1DH3j for <smart@ietfa.amsl.com>; Mon, 21 Oct 2019 06:38:19 -0700 (PDT)
Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34737120033 for <smart@irtf.org>; Mon, 21 Oct 2019 06:38:19 -0700 (PDT)
Received: by mail-oi1-x235.google.com with SMTP id d140so6729340oib.5 for <smart@irtf.org>; Mon, 21 Oct 2019 06:38:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7bOMCyst1VzZfFR9ieGTeyqefuscTYeuGO007XUntgE=; b=C+gCMuVKKKnbR9UPKd7YfBnYbRCvwV/z+KOWgj1NyEYTq69OSEECD6j9gkeVV8qhI5 N08VGu4BgMSxA2aPYKKp8dNhemdBiVH4JZLZIeyuyboOZ0F+ihDhXrl125GDE5mSnwrV JCHYJ758k2BbrbPMUXxnjwnwLwYHkcltZNHBitq4Oq4/z8AJr8OotQvyZfshBh7LPuP7 Q9A3R0HGTObkVCEpZJo64ksX23sEbO2a2MAf4EEsTqWoHVDLOiH7/kMJndNquR5M61Ba ixN5zpvUA336uZDtT9dOZj4wX8SyIKikhJhBTQ4YAwZbdzXZje/0wsqPgxiHKojWiDkT 3NDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7bOMCyst1VzZfFR9ieGTeyqefuscTYeuGO007XUntgE=; b=Pdi1e7MwmONkeBSDaS0iSeoyz8H/ZyHH5f2PrVOfxLuD+OJm6wumTYWTenEbSg3jBo 2kC9MaKkqTzCeJEvrEKCBaTuecnb72cXps69v1r0iB9UruZAzEU7DnNgjArOdIISiiz+ nhNhZM88a5420SLcA+2n7vjsoUKRkBVvXYfgI4DLXo91wzBuhqHf3hMCm0gKHf95e9/f kM3eaqtDSKQb2Lule9nC9xlxYOZ0tLEB1143OyxPpq1yjkswKNUvgQHTWluT4VhPhgg3 /4mRX5b5XrGdxFw2yNoPysONZ1jskn8syzUnN01jeloK47yz3jAPvFJP4Zo4i7oEKFsu zw9w==
X-Gm-Message-State: APjAAAVXW9NWP6957jOCBm1a3l6iPYxGFsU38Ol2TUbR5G2+YFGdNgIY A47o8fJ+dFA6dqhuZUH5nuDM+1axEJ+ce+CcbL8=
X-Google-Smtp-Source: APXvYqxTKm5Qon+gR8SkFcucS3Epx6ARkp9CA2xfSUN7PBp59ukrxESk+PBXFuQHABUYTUGUuG2ZD2HAw5oDBREYhEg=
X-Received: by 2002:aca:4744:: with SMTP id u65mr14572491oia.164.1571665098384; Mon, 21 Oct 2019 06:38:18 -0700 (PDT)
MIME-Version: 1.0
References: <iI1R6zX8RdgTzj9yYp7PD3ciJd_5uUiZbcIuLnDIOipeOlPBRSX4BELclJiQ5K4x99arl1MV7E2Lf9DW0QcLslbRMJwO-lYqaEoddbDQjC4=@protonmail.com> <FCE398EA-0DEE-470D-B484-A788E771B767@gmail.com>
In-Reply-To: <FCE398EA-0DEE-470D-B484-A788E771B767@gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 21 Oct 2019 09:37:42 -0400
Message-ID: <CAHbuEH7UuKXb9TosNubO=2ELrQO_8br44sfDavnMo1b11q3_kg@mail.gmail.com>
To: Adam Montville <adam.montville.sdo@gmail.com>
Cc: "Arnaud.Taddei.IETF" <Arnaud.Taddei.IETF@protonmail.com>, "smart@irtf.org" <smart@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000e52a2305956bcb1d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/_DMF_PetIlSyV48NX3igkuoP2Wo>
Subject: Re: [Smart] CLESS side meeting notes
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 13:38:21 -0000
Hello! Thanks again for your work on these drafts! I just scanned CLESS and the taxonomy draft and have some high-level feedback. I'd like to get some folks internal to my organization to help build it out further. I think combining the OS and execution environment into one bucket is large and it involves multiple vendors in many circumstances, so these should be separated out. I am assuming with your execution environment, you are including all the functions and keys on a TEE (random number generator, keys, etc), firmware and BIOS. Since we already have the RATS working group, references to white listing capabilities that include code signing type functions should also include attestation. The MUD [RFC8520] work should also be referenced as it provides a way to detect unexpected behavior patterns for devices with a small profile. Being able to do this in a similar way that scales for larger systems is still an open are of research. The draft should also call out compromises in code or even hardware prior to the vendor providing an attestation or signing code as that is an open area of research. If a backdoor is placed by a hacker and does not behave in ways that signal unexpected behavior or remains idle, there's no way to detect it. There is some duplication that editing can resolve. I'll have more time for helping with that in the future, but wanted to at least look at the current revisions now. Best regards, Kathleen On Sun, Oct 20, 2019 at 1:51 PM Adam Montville <adam.montville.sdo@gmail.com> wrote: > All: > > The below is snipped from the original message. Is the taxonomy draft > going to be updated prior to Singapore? > > Kind regards, > > Adam > > > On Jul 31, 2019, at 07:36, Arnaud.Taddei.IETF <Arnaud.Taddei.IETF= > 40protonmail.com@dmarc.ietf.org> wrote: > > > > Plan PART 1: Mark McFadden wrote endpoint-taxonomy-cless to describe the > endpoints more accurately and give a language for working with these. Reach > out to Henk to work on this. Suggestion to make things less qualitative and > more quantitative. Due to virtualization and containerization, this varies > – IoT characteristic work done elsewhere (David NIST gives reference: RFC > 7228). He plans to issue revision in August based on comments from > Montreal; and get another version for this before Singapore. Needs to group > virtualized environments with their devices, have more detail on the > taxonomy. Should it be a taxonomy or a categorization? (How deep to go?) > > -- > Smart mailing list > Smart@irtf.org > https://www.irtf.org/mailman/listinfo/smart > -- Best regards, Kathleen
- [Smart] CLESS side meeting notes Arnaud.Taddei.IETF
- Re: [Smart] CLESS side meeting notes Adam Montville
- Re: [Smart] CLESS side meeting notes Kathleen Moriarty