[domainrep] Informational RFC on reputation intelligence?
Tyson Macaulay <tmacaulay@2keys.ca> Sun, 15 April 2012 13:41 UTC
Return-Path: <tmacaulay@2keys.ca>
X-Original-To: domainrep@ietfa.amsl.com
Delivered-To: domainrep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0842421F87AB for <domainrep@ietfa.amsl.com>; Sun, 15 Apr 2012 06:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a7Kaji1Z4uqn for <domainrep@ietfa.amsl.com>; Sun, 15 Apr 2012 06:41:32 -0700 (PDT)
Received: from mail.2keys.ca (mail.2keys.ca [72.1.200.74]) by ietfa.amsl.com (Postfix) with ESMTP id CD86321F8751 for <domainrep@ietf.org>; Sun, 15 Apr 2012 06:41:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.2keys.ca (Postfix) with ESMTP id 76B0A281113 for <domainrep@ietf.org>; Sun, 15 Apr 2012 09:35:45 -0400 (EDT)
X-Virus-Scanned: amavisd-new at 2keys.ca
Received: from mail.2keys.ca ([127.0.0.1]) by localhost (mail.2keys.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzT8ai8AElF5 for <domainrep@ietf.org>; Sun, 15 Apr 2012 09:35:35 -0400 (EDT)
Received: from [192.168.1.62] (unknown [184.151.114.100]) by mail.2keys.ca (Postfix) with ESMTPSA id 183B328110B for <domainrep@ietf.org>; Sun, 15 Apr 2012 09:35:33 -0400 (EDT)
User-Agent: Microsoft-MacOutlook/14.14.0.111121
Date: Sun, 15 Apr 2012 09:41:08 -0400
From: Tyson Macaulay <tmacaulay@2keys.ca>
To: domainrep@ietf.org
Message-ID: <CBB04834.6479%tmacaulay@2keys.ca>
Thread-Topic: Informational RFC on reputation intelligence?
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Subject: [domainrep] Informational RFC on reputation intelligence?
X-BeenThere: domainrep@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Domain Reputation discussion list <domainrep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/domainrep>, <mailto:domainrep-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/domainrep>
List-Post: <mailto:domainrep@ietf.org>
List-Help: <mailto:domainrep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/domainrep>, <mailto:domainrep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Apr 2012 13:41:33 -0000
Everyone, I attended the domain rep session in Paris and went to the mic to mention an IPv6 Destination Option draft which described a delivery system for reputation information. (See https://datatracker.ietf.org/doc/draft-macaulay-6man-packet-stain/) Knowledgable 6man veterans have advised me that an informational RFC related to the problem-statement should be developed, circulated and accepted before driving forward with the v6-Destinatin Option draft. The problem statement under consideration would consist of: 1) a description of internet reputation intelligence and how it might be derived (spam logs, botnet C&C traffic, DDOS attacks, other indicators of intent or compromise) 2) the proactive capabilities and benefits of reputation intelligence 3) the challenges of legacy, signature and heuristic-based threat management systems 4) review of different reputation-delivery models My question to this group: has this already been done in full or in part elsewhere for IETF? I reviewed draft-dskoll-reputation-reporting-04 and the other related drafts but did not notice a detailed discussion of this nature. (Please forgive me if I have missed something that should be obvious). Thanks, Tyson -- Tyson Macaulay, BA CISSP CISA VP Technology 2Keys Security Solutions Phone: +1 613 292 9132 email: tmacaulay@2keys.ca
- [domainrep] Informational RFC on reputation intel… Tyson Macaulay
- Re: [domainrep] Informational RFC on reputation i… Murray S. Kucherawy
- Re: [domainrep] Informational RFC on reputation i… David F. Skoll
- Re: [domainrep] Informational RFC on reputation i… Tyson Macaulay