Minutes interim-2019-sacm-02: Tue 13:00
minutes-interim-2019-sacm-02-201906251300-00

Meeting Minutes Security Automation and Continuous Monitoring (sacm) WG Snapshot
Title Minutes interim-2019-sacm-02: Tue 13:00
State Active
Other versions plain text
Last updated 2019-06-27

minutes-interim-2019-sacm-02-201906251300-00
2019-06-25: SACM Virtual Interim

Agenda:

        1       Administravia
        2       WGLC results for draft-ietf-sacm-rolie-softwaredescriptor
        3       Concise Software Identification Tags
        4       Endpoint Posture Collection Profile
        5       Next???
        6       AOB

NOTES:

1.  Administravia
All familiar with Note Well
        ◦       Adam is the note taker in lieu of Bill

2.  WGLC Results for draft-ietf-sacm-rolie-softwaredescriptor
        Sent out on June 4 for two weeks and received one comment - thanks to
        Jarret Difficult to make the call that it’s ready for publication -
        need to twist more arms PLAN: Extend for a week and review - Stephen
        would appreciate this very much Note: Jess is officially taken off the
        public shaming list 🙂

3.  CoSWID
        Henk and Dave have been working on an update to CoSWID draft
        Believes it addresses Chris’ comments and that the draft is ready for
        WGLC Brief summary of changes ▪       Item description clarification ▪ 
             Added two new IANA registries; has been socialized with ISO group
        maintaining SWID tags with some interest ▪       Grammatical/typo fixes
        Latest was recently published - looking for eyes on the draft PLAN:
        Chairs will run WGLC for 3 weeks, to close just before Montreal

4.  EPCP
        Posted new update a few days ago
        Some changes to update figures, some descriptions, and some
        clarifications Some discussion on how to handle MAC addresses as device
        IDs - ▪       should they be used or not used? ▪       Probably worth
        collecting at least for correlation. ▪       Addressing use of MACs may
        be future work. Looking for feedback, and the authors feel the draft is
        ready for WGLC ▪       Some private replies were received ▪      
        Nothing received on list Ira raises discussion about randomly cycled
        MAC addresses in automotive application ▪       Some discussion between
        Henk and Kathleen about how security controls would be implemented in
        such applications PLAN: Chairs will run WGLC for 3 weeks, to close just
        before Montreal

5.      Next???
        Things we talked about at the last meeting: Architecture
        ▪       Architecture - some folks willing to contribute/review
        ▪       Submission deadline is 8 July
        ▪       Would like this to be on the Montreal agenda
        ▪       Related hackathon activity
        ▪       Goal: Drive direction of draft to conclusion
        Expired: Terminology
        ▪       Don’t update until there’s something substantive to add
        Expired: ROLIE configuration checklist extension
        ▪       Don’t update until there’s something substantive to add
        Rumors of a reboot:  Information Model
        ▪       Stalled on Chris’ end with respect to coordination
        ▪       Expect a thin draft to be submitted by 8 July
        Hackathon
        ▪       Nothing related to SACM in the Hackathon wiki
        ▪       Bill will add something to the wiki
        ▪       Henk and Bill will coordinate
        Meeting in Montreal
        ▪       Thursday, 25 July, 17:40 - 19:10

6.      AOB
        Subject of US Government communications with Huawei came up, and we
        pointed them to the LLC statement and said to listen to your own lawyers
https://mailarchive.ietf.org/arch/msg/ietf-announce/0ywjgSS4LlO0DaWDoLJLRHxJdUk