Re: [openc2-lang] Re: [EXT] RE: [openc2-lang] mandatory vs optional, Header, id, version, timestamp, sender

[Dave Lemire <dave.lemire@g2-inc.com>]

Duncan,

I tried to follow the pointer in your use case document for the CSA SPA information and wound up on a page where it looked like I need to sign up in order to see the protocol document.  Do you have a pointer to a document / briefing / tutorial that explains how the communications channel you're using works, and whether / how it provides the information (probably other than version) that's proposed here for the command options / header?

David P. Lemire, CISSP

OpenC2 Implementation Considerations SC Co-chair

Contractor support to NSA

Office: 301-575-5190

On Thu, Jan 25, 2018 at 9:21 AM, Bret Jordan <Bret_Jordan@symantec.com> wrote:

I agree with Allan.  

Bret 

Sent from my Commodore 64 

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

On Jan 24, 2018, at 9:08 PM, "duncan@sfractal.com" <duncan@sfractal.com> wrote:

Allan,

We can agree to disagree. Your opinions are based on your 'experience of protocol and product development making it easier to develop and debug production code.'. Mine is based on my experience doing the same. I'm guessing, but I don't know, that I put less emphasis than you do on 'design/debug' and more about steady state operations.

If there are architectures/transport protocols/actuators where they  are mandatory, then make them mandatory in those specs - not in the language. I've explained my reasons why I don't think they should be mandatory in the Language Spec for every command every time in all architectures/transports/actuators. You disagree. Our views cancel each other out. Let's hear from others.

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

-------- Original Message --------
Subject: Re: [openc2-lang] mandatory vs optional, Header, id, version,
timestamp, sender
From: Allan Thomson <athomson@lookingglasscyber.com>
Date: Wed, January 24, 2018 6:24 pm
To: "duncan@sfractal.com" <duncan@sfractal.com>, openc2-lang
<openc2-lang@lists.oasis-open.org>

Duncan  et al –

 

The suggestion to add these parameters was based on experience of protocol and product development making it easier to develop and debug production code. I agree in some use cases these parameters might not be needed when things just work or everything is homogenous environment but we are designing a specification for a protocol that must support different tools, different versions, different environments and therefore we need to design the protocol for those cases. Including these fields is not a major problem for *any* programming environment. All of the data is known by the programming and environment that any tool will be deployed in. What harm exists if these parameters mandatory? The # of bytes added to the message is minimal. That is not a strong argument for making them optional.

 

Command-Id -> there is no reason why this can’t be mandatory. This is a common construct across many protocols and applications using those protocols. Optionality just introduces complexity when implementations can easily support creating such a parameter. This parameter is useful for tracking and also matching up responses to commands. It allows products to show to users that commands have been received correctly and what their responses were. If a use case does not require this capability then just set the command-id to an incrementing number and ignore the response’s value returning it.

 

Version -> A version of protocol/schema being used to construct a message is 100% always known. Programmers that write code have to know what version of the protocol they’re writing to. Including this parameter in the messages is useful for compatibility checking, verification that one system is talking to another that is compatibility and is just common sense for debugging problems. If there are problems connecting systems together this will be one of the first questions a developer will want on why the commands are not executing correctly. For systems that don’t care about this checking then just hard-code the value and ignore compability checks.

 

Timestamp -> Same rationale as version. Every logging function on the planet generates log messages with timestamps. Time is known when a message is created. It is easily available to be included in messages. Its useful for debugging and cross-correlation across systems. If a system doesn’t care about it then just ignore its value. Mandating that the field be filled in is hardly a problem for any programmer to include a timestamp.

 

Allan Thomson,

CTO, Lookingglass Cyber Solutions

This electronic message transmission contains information from LookingGlass Cyber Solutions, Inc. which may be attorney-client privileged, proprietary and/or confidential. The information in this message is intended only for use by the individual(s) to whom it is addressed.  If you believe that you have received this message in error, please contact the sender, delete this message, and be aware that any review, use, disclosure, copying or distribution of the contents contained within is strictly prohibited

 

From: <openc2-lang@lists.oasis-open.org> on behalf of "duncan@sfractal.com" <duncan@sfractal.com>
Date: Wednesday, January 24, 2018 at 6:51 AM
To: openc2-lang <openc2-lang@lists.oasis-open.org>
Subject: [openc2-lang] mandatory vs optional, Header, id, version, timestamp, sender

 

I’m sending this email as sFractal Consulting, not as LSC cochair, as a followup to yesterday’s discussions at the LSC.

 

Optional/Mandatory - Language/Actuator/Implementation

There was discussion of whether a field should be mandatory or optional. I think we need to take into account the mandatory/optional decision is made in several places. If we make a field mandatory in the language specification then it is mandatory in all implementations in all architectures for all profiles. We should remember that a field can be optional in the language specification but required by either a profile (eg all firewalls SHALL implement COMMAND-ID per language spec blah blah) or by an implementation specification (eg all OpenDSS OC2 implementations SHALL implement COMMAND-ID ...). I say this so you have context for what follows in the email. In the LSC, we can only determine the optional/mandatory for the Language Specification and will leave it to the AP-SC for profiles and IC-SC for implementation. 

 

COMMAND-ID

Yesterday at the LSC I think we reached consensus among those present that a COMMAND-ID capability should go in the language. I propose the field name be “id”, not “command-id”. I am distinguishing between what we humans refer to the field (COMMAND-ID in upper case) vs the ascii string that goes in the JSON (“id” in lower case). I think it’s important to remember there is hierarchical context within the JSON and we don’t need to burden the field names with information humans need when discussing it. “id” would be unambiguous in the JSON to both machines and humans.

 

In the case of COMMAND-ID, my gut says it should be optional in the language specification but I could be convinced to make it mandatory. In my use cases, I need it sometimes and not others. Ie I have use cases where I don’t need it but I don’t see it as an burden to add it for those use cases.

 

HEADER, VERSION, TIMESTAMP, SENDER

Where I feel more strongly is in the discussions of other field we lumped with COMMAND-ID. For the benefit of those not present at the discussion (and to record it for posterity since it’s bound to resurface) there is a proposal on the table to distinguish between two types of fields that are currently lumped under COMMAND-OPTIONS. The proposal was made to pull out what (I think it was Allan) called ‘HEADER’ or (I think it was Danny) called ‘METADATA’. I.e. they aren’t really options in the sense that they are part of executing the command like the ‘DELAY’ option is. I believe the “options” that got lumped in the HEADER category include VERSION, TIMESTAMP, SENDER, and COMMAND-ID.

 

Although I maybe could be convinced to make COMMAND-ID mandatory, I feel strongly that VERSION, TIMESTAMP, SENDER should be optional in the Language Spec. One suggestion was to make HEADER optional - but, if included, then ID, VERSION, TIMESTAMP, SENDER are mandatory. I disagree with that approach - i.e. I would like to optionally use ID without being forced to include the others.

 

SENDER

In my use cases, I only send commands over a secure, mutually-authenticated communications channel. I personally would never recommend executing a security command based on the SENDER field - I’d need something more for authentication, and if I had it - then I wouldn’t need the SENDER field. I’d welcome someone documenting a use case, that they need and would implement, where SENDER is needed. I recognize I don’t know everything, but I would insist someone pull out their black pen and document that they will use it (i.e. I personally won’t be swayed by hypothetical, but I would agree based on a stated need by a member that they need it and would use it). In the past, it seems to come up in discussions where STIX COA use cases are mentioned. Maybe I just don’t understand that use case and I’d welcome someone documenting it. Assuming such a use case gets documented, I’d agree to it as an option but not as mandatory. This might get us into the 80/20 discussions of which uses are more common (with implication that if 80%, make it mandatory). But I feel those arguments belong in AP-SC and IC-SC since I feel they will be actuator and architecture dependent.

 

TIMESTAMP

In my use cases, I at the moment only send commands point-to-point between a security orchestrator (SO) and an actuator (A) over mutually authenticated (read the use case for details of CSA SPA used) link carrying an API. In my use cases I do not need a TIMESTAMP in the sense of ‘when was the command sent?’. As shown in my use cases, I do need (as an option, i.e. not on every command, but sometimes) the COMMAND-OPTION of allowing for the command to have a duration associated with it (i.e. ‘classic’ command options). I recognize in the future my security orchestrator may receive commands from ‘elsewhere’ (eg if the Small Business Administration offered a STIX/TAXII feed with COA in it, or my cloud providers, Amazon and/or RackSpace, send me openc2 about stuff they found). So I will distinguish between the SO-A and SO-SO and confess I don't have fleshed out SO-SO use cases and maybe TIMESTAMP makes sense there. If someone were to submit a black pen use case that they need the HEADER TIMESTAMP, I’d agree to it as an option but not as mandatory.

 

I’ll use a fictitious example to make my point on language-optional, implementation-mandatory. Maybe the pubsub implementors all feel TIMESTAMP is required on all OpenDSS implementations (this is for explanatory purposes, I don’t know OpenDSS well enough to know it this is true); then the OC2-on-OpenDSS spec by the IC-SC could make TIMESTAMP mandatory while at the same time their HTTPS-API spec specifies it SHALL NOT be used (again for illustrative purposes). My point is it should be optional (if exists at all - someone supply a use case) not mandatory in the Language Specification.

 

VERSION

Although I do agree we should future proof the language specification to the extent possible, I don’t feel we need to go overboard on future proofing. My use cases are all software in the cloud so are less constrained then those dealing with hardware or less updatable software. I feel that since no one implements OC2 yet, it's not unreasonable to assume future implementations will have updatable software. All my use cases are API’s. I believe API versioning is dependent on language versioning and will suffice for all my needs. Ie the language does not need to include a version in every command since the API will. I will defer to what the IC-SC decides for OC2-on-API but I will recommend in that group that the version be part of the URL (as opposed to a passed parameter) - ie it will be mandatory. I recognize there are other architectures than https API. Assuming such a use case where VERSION is needed gets documented, I’d agree to VERSION as an option but not as mandatory.

 

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://clicktime.symantec.com/a/1/T4FN43O1nY42QUdcB1qeO5mkYQVczwKcIQfd2QF1Xsw=?d=x1ioEHdAkN9GJJARu0FD9HFokTc46yN7xo_XJwqWvvJyXy4M5cmg5rgWkD8p_uUTRu_Q3_QnJdETBN4__8fkVSmGeHHZ6ERrEHTknExDWxPV15V9i_Ek1TtJ5AMwF0uPwqAv-MgcCfpTygG-x3KsFou25-Ckz-EYED-FGLcyGQKO55ITO35-upguWK08PfqXKUfdIm-diBhJhIvxbNjuCLPTbI8pydAff61n71p8a1loTqBLsOOpRwMBjvzsZ0ijVslGlUiB69JjpNgyssvfByBj3u761RcWdqozAYxO9puD1i3wpITA-ZaLrF-rFcoonAYT55sBU30hWegF5WUqtYTG4s9oqx6jWqKuT9U3rWps7InXL4Jp2siP0Uz_v9Qfeye1vO8Ol3xbot9J9jBNe0R68wXSe4o_KsV3OjMKOAi4N26x_gHMD6UWMihn_iEpHAd0ugLCrP1Uol3gyDk-aezn2UGD0IB9vn8ZF5myNx_4sDTk7gTTxuCy2T6u5u1snK64qFBdCrnypTJwinzrfGQkgcaLACJh3MLl&u=https%3A%2F%2Fwww.oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php