Re: [openc2-actuator] Resolution of Yu comments to the stateless packet filter profile

[Allan Thomson <athomson@lookingglasscyber.com>]

Joe – Why not just state ‘mandatory’ without the TI part.

 

Mandatory is used in STIX/TAXII Interop Tests to indicate a mandatory test that must be passed to received STIXPreferred certification.

 

Requiring features to be implemented is a common thing across OASIS groups and I’m not sure why we need 2 different ways of saying it (or verifying it).

 

Allan Thomson

CTO (+1-408-331-6646)

LookingGlass Cyber Solutions

 

From: <openc2-actuator@lists.oasis-open.org> on behalf of "Brule, Joseph M" <jmbrule@radium.ncsc.mil>
Date: Thursday, May 31, 2018 at 6:09 AM
To: "openc2-actuator@lists.oasis-open.org" <openc2-actuator@lists.oasis-open.org>
Subject: [openc2-actuator] Resolution of Yu comments to the stateless packet filter profile

 

All,

 

Recall that we received sufficient votes on the firewall profile to be accepted as a CSD.   BTW, this is a bit of a milestone.  Many thanks to all of the contributors and to our firewall profile editors (Alex Everett and Duncan Sparrell).  

 

I am in the process of resolving the comments that were provided during the voting period.   The way I am going to proceed is:

·         Attempt to resolve the comment,

·         Contact the reviewer out of band to make sure I captured the comment correctly

·         Get an OK from them before forwarding it to the whole sub-committee. 

 

I gave you all of that boring information so that you would know why there is a lag between the comments and the proposed resolution to you. 

 

At the end of this email, I pasted in an exchange with Sounil.  For now, I will change the 'running' option to 'temporary'.  If there is a better term, then please provide.

 

The term 'Required' vs 'optional' has been a recurring issue.  In the context of the profile, the term 'required' means that it must be implemented, however required could be taken to mean 'required' for each command.   

 

I would like to use the phrase 'Mandatory to Implement' (MTI) so that it is obvious we mean required to implement vs required in each command.  I have been advised that MTI is not acceptable to OASIS.  If that is in fact the case, I would like to draft a proposal to allow the phrase and see if Chet and Robin are on board with it. 

 

VR

 

Joe B

 

======= tear line email exchange between Yu and Brule =====

Thanks for the update. I’m good with all the proposed changes. As for an alternative to “running”, I will generally defer to the router/switch guys, but if I had an option, permanent (survives reboot) or temporary (doesn’t survive reboot) would be a good alternative. 

 

Thanks

Sounil

 

From: Brule, Joseph M <jmbrule@radium.ncsc.mil>

Date: Wednesday, May 30, 2018, 3:54 PM

To: Yu, Sounil <sounil.yu@bankofamerica.com>

Subject: Resolution of your comments to the Stateless Packet Filter Profile

 

Sounil,

Here are your comments from the stateless packet filter profile: 

YU COMMENT:  Per comment provided by Sounil Yu. He advised the cross reference was incorrect and suggested 2.6.8.
PROPOSED RESOLUTION: I suggest removing the cross reference altogether as it is out of scope for this subsection

YU COMMENT:  Questions about the ap- prefix in the targets
PROPOSED RESOLUTION:  I removed all the ap- prefixes

YU COMMENT:  Comment per Sounil: " Based on the semantics specified, it appears that start-time, end-time, and duration are all optional, not required" PROPOSED RESOLUTION:  This is an artifact of the OASIS language. Required could be interpreted as 'required for each command', but in the context of OASIS, means 'Mandatory to Implement'.  I think we should adopt the phrases 'Mandatory to Implement (MTI)' and 'Optional to Implement'

YU COMMENT:  Comment per Sounil Yu: " Need a header for the commands. Is "file" a command?"
PROPOSED RESOLUTION:  The y axis are targets, the x axis are actions.  The intersection is a command (labeled as either Required or Optional)  I will add explanatory text.  I removed 'file' as a target.  File was a valid target for the update command, but removed per suggestion by Duncan Sparrell

YU COMMENT:  Comment per Sounil Yu: "If the "response" option has a default of "None", then it should be considered "Optional", not "Required". For start-time, end-time, and duration, if the same semantic apply as in Table 3, then these should all be "Optional" too"
PROPOSED RESOLUTION:   'Required' in this context means 'mandatory to implement', again, I think we should adopt MTI and OPT

YU COMMENT:  Change 'complete' to 'deceive'
PROPOSED RESOLUTION:  Made the change

YU COMMENT:  Comment per Sounil Yu: 'running' seems to0 vendor specific. Suggest changing
PROPOSED RESOLUTION:  Nothing yet, do you have a suggested new name? 

YU COMMENT:  Comment per Sounil Yu "General comments: Make sure that we use straight quotes and not curly quotes: (e.g., "response":"Ack"). Make sure that naming conventions for specifiers are consistent with lower case and no spaces (e.g., Named Group)."
PROPOSED RESOLUTION:  I will make it a point ot do an end to end scrub, but have not done so yet.