Hi Linda, Thanks for answering the call for review and having a look at this work.
Concerning your 'little disappointment': This I-D needs to be read in the context of the current charter of the SACM WG. The WG charter focus for this phase is on the 'endpoint posture' and on the 'enterprise use case'. Maybe this makes things somehow more clear. Regards, Dan From: sacm [mailto:[email protected]] On Behalf Of Linda Dunbar Sent: Thursday, November 19, 2015 10:36 PM To: Romascanu, Dan (Dan); [email protected]; [email protected] Cc: [email protected] Subject: Re: [sacm] [OPSAWG] Feedback on the SACM Vulnerability Assessment Scenario Reading through the document has made me feel that the Title of the draft is misleading. Based on the title I was expecting to see the Vulnerability Assessment of various network scenarios, which will be very useful information for enterprise and service provider network administrators to put in adequate tools to protect those vulnerability. But the document only describes the procedure in authenticating a end user/points and states that you need to compare with the Vulnerability report (almost like a common sense ) without saying how and what. I guess I had too high the expectation, but a little disappointed of not finding the information I was looking for. Linda Dunbar From: OPSAWG [mailto:[email protected]] On Behalf Of Romascanu, Dan (Dan) Sent: Thursday, November 19, 2015 7:51 AM To: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: [OPSAWG] Feedback on the SACM Vulnerability Assessment Scenario Hi, I am reiterating a request that I made at IETF 94 in the OPSAWG meeting, and also sent to the mail lists of opsec and opsawg. The SACM WG is considering a document https://datatracker.ietf.org/doc/draft-coffin-sacm-vuln-scenario/<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dcoffin-2Dsacm-2Dvuln-2Dscenario_&d=BQMFAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=I4dzGxR31OcNXCJfQzvlsiLQfucBXRucPvdrphpBsFA&m=DXOABUhWgQkWYGVviFzuEvwgbivmgrBaeyHQ3_W-Hyg&s=S_CieVlne2x4XqE2cNL0Y_mb0dcPAGm4cN6hKa5k-6Q&e=> that describes the operational practice of vulnerability reports, which we believe is an important use case in the security assessment life cycle. We are requiring feedback from operators about the scenario describe in this document - does it make sense? Is it similar with what you do in operational real life? Are you using similar or different methods for vulnerability assessment in your networks? A quick reading and short feedback would be greatly appreciated. Thanks and Regards, Dan
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
