[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Support IP Address CIDR/Subnets
OpenC2 Technical Committee, Suggest the following substantive change to the "Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0" BACKGROUND: As currently written the 'ip_addr' target in section 2.1.2.1 is not consistent with the Language Specification and if corrected to be consistent with the language specification, then the SLPF will no longer support CIDR notation. PROPOSED CHANGE: Add a new target to the language specification to accommodate CIDR notation for IPv4 and IPv6 addresses Modify table 2.1.2-1 in the SLPF to include the new targets. Update table 2.3-1 to in the SLPF to include the new targets in the command matrix Add new subsection to section 2.3.1 to indicate that the new target is appropriate for the 'allow' action Update table 3-1 in the SLPF to include the commands affected by the new target Update the conformance targets in section 3 of the SLPF to reflect the new target JUSTIFICATION: The Technical Committee has identified use cases such that the ability to allow (or deny) a range of addresses with a single command is warranted. Respectfully Submitted, Joe Brule Subject: Support IP Address CIDR/Subnets From: "STAIR, MICHAEL A" <ms1784@att.com> To: "openc2-comment@lists.oasis-open.org" <openc2-comment@lists.oasis-open.org> Date: Wed, 28 Nov 2018 13:46:51 +0000 Earlier CSDs supported (via example at least) the ability to provide CIDR notation for IP addresses. The proposed IP serialization in the CD removes this option. Supporting the CIDR capability is important, especially in proactive scenarios. Mike _____________________________ Michael Stair Lead Member of Technical Staff AT&T Chief Security Office (CSO) 301.401.8449 mstair@att.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]