attachment
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Arial Unicode MS";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@Arial Unicode MS";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Arial Unicode MS","sans-serif";
font-variant:normal !important;
color:#1F497D;
text-transform:none;
text-shadow:none;
text-decoration:none none;
vertical-align:baseline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple style='word-wrap: break-word;
-webkit-nbsp-mode: space;-webkit-line-break: after-white-space'>
<div class=Section1>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'>Randy,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'>I was going to originally be very tongue in cheek and indicate
Certification State as “possibly, maybe eventually to be defined”.
I think that best indicates the current (background) thinking on what
Certification State is/will be. It is more a standardized common criteria
certification that the generic configuration change detection mechanism of
Configuration State. Could there be some overlap? Yes. Will there
be? Depends on the vendor, but I would suspect the answer would be yes
for at least a few parameters.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'>Joe<o:p></o:p></span></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<p class=MsoNormal>Hi Joe,<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>I think I understand "Configuration State", but to
your point, I still don't completely understand what "Certification
State" is supposed to represent. Do the parameters that are used to
calculate the "Configuration State" overlap or intersect with the parameters
that are used to calculate "Certification State", or are these
parameters disjoint? Or can the parameter sets used for Configuration State and
Certification State be identical?<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Randy<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<div>
<div>
<p class=MsoNormal>On Aug 15, 2008, at 12:02 PM, Murdock, Joe wrote:<o:p></o:p></p>
</div>
<p class=MsoNormal><br>
<br>
<o:p></o:p></p>
<div>
<div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'>Randy,</span><span style='color:black'><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'> </span><span style='color:black'><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'>Don’t confuse the explicitly vendor specific opaque “Configuration
State” value with the to be defined “Certification State”.
Configuration State is not necessarily intended to be remediated (except,
perhaps, by some vendor supplied mechanism). Certification State may, depending
on its final definition, be remediable.</span><span style='color:black'><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'> </span><span style='color:black'><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'>Joe Murdock</span><span style='color:black'><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'>Sharp Labs of America</span><span style='color:black'><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'> </span><span style='color:black'><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";
color:#1F497D'> </span><span style='color:black'><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='color:black'>Hi Dave,<o:p></o:p></span></p>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>In the proposal, I just indicated
that the "value" is a hash - it's currently 32 bytes which only
allows for a 256-bit hash. If we mandate that it should be able<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>to hold a SHA-512 as well, we'll
have to double it's length. I think just getting agreement for the
existence of the attribute is the goal, we can flex the size of the<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>field once we have consensus on
the acceptance of the attribute.<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>I agree with your comment about
which values to include in the hash, but from a protocol perspective, the
mechanisms would work pretty much the same way.<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>Even though a vendor could allow
customers to indicate which parameters are included in the hash, the
"management tool in the sky" would have to know which<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>parameters make up the hash, on a
per-device basis, in order to potentially remediate the situation. Given this
constraint, I think vendors should supply a factory<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>default set of params that make up
the hash, a set that makes sense in the majority of cases, and allow customers
to override this, provided they "sync up" their<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>remediation infrastructure with
the same info...<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>Randy<o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class=MsoNormal><span style='color:black'> <o:p></o:p></span></p>
</div>
<div>
<div>
<div>
<p class=MsoNormal><span style='color:black'>On Aug 15, 2008, at 10:31 AM, Dave
Whitehead wrote:<o:p></o:p></span></p>
</div>
</div>
<div>
<p class=MsoNormal><span style='color:black'><br>
<br>
<br>
<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='color:black'><br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>Randy,</span><span class=apple-converted-space><span
style='color:black'> </span></span><span style='color:black'><br>
<br>
</span><span style='font-family:"Helvetica","sans-serif";color:black'>Looks
good. Two comments about Configuration State:</span><span
class=apple-converted-space><span style='color:black'> </span></span><span
style='color:black'><br>
<br>
</span><span style='font-family:"Helvetica","sans-serif";color:black'>1>
We should mandate the use of a cryptographically secure hash function
(SHA256/512)</span><span class=apple-converted-space><span style='color:black'> </span></span><span
style='color:black'><br>
<br>
</span><span style='font-family:"Helvetica","sans-serif";color:black'>2>
Vendors provide the set of available configuration items but the customer
selects which items to include in the hash -- some they care about, some they
don't.</span><span class=apple-converted-space><span style='color:black'> </span></span><span
style='color:black'><br>
<br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>David H. Whitehead<br>
Development Engineer<br>
Lexmark International, Inc.<br>
859.825.4914<br>
davidatlexmarkdotcom</span><span class=apple-converted-space><span
style='color:black'> </span></span><span style='color:black'><br>
<br>
<br>
<o:p></o:p></span></p>
</div>
<table class=MsoNormalTable border=0 cellpadding=0 width="100%"
style='width:100.0%'>
<tr>
<td width="40%" valign=top style='width:40.0%;padding:.75pt .75pt .75pt .75pt'>
<div>
<p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>Randy
Turner <<a href="mailto:rturner@amalfisystems.com">rturner@amalfisystems.com</a>></span></b><span
class=apple-converted-space><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'> </span></span><br>
<span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>Sent by:<span
class=apple-converted-space> </span><a href="mailto:owner-ids@pwg.org">owner-ids@pwg.org</a></span><o:p></o:p></p>
</div>
<p><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>08/15/08
04:02 AM</span><o:p></o:p></p>
</td>
<td width="59%" valign=top style='width:59.0%;padding:.75pt .75pt .75pt .75pt'>
<table class=MsoNormalTable border=0 cellpadding=0 width="100%"
style='width:100.0%'>
<tr>
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal align=right style='text-align:right'><span
style='font-size:7.5pt;font-family:"Arial","sans-serif"'>To</span><o:p></o:p></p>
</td>
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
<div>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'><a
href="mailto:ids@pwg.org">ids@pwg.org</a></span><o:p></o:p></p>
</div>
</td>
</tr>
<tr>
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal align=right style='text-align:right'><span
style='font-size:7.5pt;font-family:"Arial","sans-serif"'>cc</span><o:p></o:p></p>
</td>
<td valign=top style='padding:.75pt .75pt .75pt .75pt'></td>
</tr>
<tr>
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal align=right style='text-align:right'><span
style='font-size:7.5pt;font-family:"Arial","sans-serif"'>Subject</span><o:p></o:p></p>
</td>
<td valign=top style='padding:.75pt .75pt .75pt .75pt'>
<div>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>IDS>
DRAFT: IETF NEA proposal</span><o:p></o:p></p>
</div>
</td>
</tr>
</table>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<table class=MsoNormalTable border=0 cellpadding=0>
<tr>
<td valign=top style='padding:.75pt .75pt .75pt .75pt'></td>
<td valign=top style='padding:.75pt .75pt .75pt .75pt'></td>
</tr>
</table>
</td>
</tr>
</table>
<div>
<p class=MsoNormal><span style='color:black'><br>
<br>
<br>
</span><tt><span style='font-size:10.0pt;color:black'>Hi All,</span></tt><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><br>
</span><span style='color:black'><br>
</span><tt><span style='font-size:10.0pt;color:black'>Please read the attached
RTF and provide any feedback you may have...</span></tt><span style='font-size:
10.0pt;font-family:"Courier New";color:black'><br>
</span><span style='color:black'><br>
</span><tt><span style='font-size:10.0pt;color:black'>Please excuse the VERY
simple, raw formatting I'm using - this has to be</span></tt><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><br>
</span><tt><span style='font-size:10.0pt;color:black'>in the simplest ASCII
text form possible for eventual emailing to the</span></tt><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><br>
</span><tt><span style='font-size:10.0pt;color:black'>NEA</span></tt><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><br>
</span><tt><span style='font-size:10.0pt;color:black'>mailing list.</span></tt><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><br>
</span><span style='color:black'><br>
</span><tt><span style='font-size:10.0pt;color:black'>For now, just concentrate
on the content :) :)</span></tt><span style='font-size:10.0pt;font-family:"Courier New";
color:black'><br>
</span><span style='color:black'><br>
</span><tt><span style='font-size:10.0pt;color:black'>Thanks!</span></tt><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><br>
</span><tt><span style='font-size:10.0pt;color:black'>Randy</span></tt><span
style='font-size:10.0pt;font-family:"Courier New";color:black'><br>
</span><span style='color:black'><br>
<br>
</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:black'>[attachment "draft-nea-proposal.rtf" deleted by Dave
Whitehead/Lex/Lexmark]<span class=apple-converted-space> </span></span><span
style='color:black'><br>
<br>
<br>
<o:p></o:p></span></p>
</div>
</div>
<div>
<p class=MsoNormal><span style='color:black'> <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>