OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

openc2-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: Support IP Address CIDR/Subnets

OpenC2 Technical Committee, 

Suggest the following substantive change to the "Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0"  

As currently written the 'ip_addr' target in section is not consistent with the Language Specification and if corrected to be consistent with the language specification, then the SLPF will no longer support CIDR notation.

Add a new target to the language specification to accommodate CIDR notation for IPv4 and IPv6 addresses  
Modify table 2.1.2-1 in the SLPF to include the new targets.
Update table 2.3-1 to in the SLPF to include the new targets in the command matrix 
Add new subsection to section 2.3.1 to indicate that the new target is appropriate for the 'allow' action
Update table 3-1 in the SLPF to include the commands affected by the new target
Update the conformance targets in section 3 of the SLPF to reflect the new target

The Technical Committee has identified use cases such that the ability to allow (or deny) a range of addresses with a single command is warranted.  

Respectfully Submitted,

Joe Brule 

Subject: Support IP Address CIDR/Subnets

    From: "STAIR, MICHAEL A" <ms1784@att.com>
    To: "openc2-comment@lists.oasis-open.org" <openc2-comment@lists.oasis-open.org>
    Date: Wed, 28 Nov 2018 13:46:51 +0000

Earlier CSDs supported (via example at least) the ability to provide CIDR notation for IP addresses. The proposed IP serialization in the CD removes this option. Supporting the CIDR capability is important, especially in proactive scenarios.



Michael Stair
Lead Member of Technical Staff
AT&T Chief Security Office (CSO)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]