IETF Logo Mail Archive

[domainrep] Informational RFC on reputation intelligence?

Tyson Macaulay <tmacaulay@2keys.ca> Sun, 15 April 2012 13:41 UTC

Return-Path: <tmacaulay@2keys.ca>
X-Original-To: domainrep@ietfa.amsl.com
Delivered-To: domainrep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0842421F87AB for <domainrep@ietfa.amsl.com>; Sun, 15 Apr 2012 06:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a7Kaji1Z4uqn for <domainrep@ietfa.amsl.com>; Sun, 15 Apr 2012 06:41:32 -0700 (PDT)
Received: from mail.2keys.ca (mail.2keys.ca [72.1.200.74]) by ietfa.amsl.com (Postfix) with ESMTP id CD86321F8751 for <domainrep@ietf.org>; Sun, 15 Apr 2012 06:41:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.2keys.ca (Postfix) with ESMTP id 76B0A281113 for <domainrep@ietf.org>; Sun, 15 Apr 2012 09:35:45 -0400 (EDT)
X-Virus-Scanned: amavisd-new at 2keys.ca
Received: from mail.2keys.ca ([127.0.0.1]) by localhost (mail.2keys.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzT8ai8AElF5 for <domainrep@ietf.org>; Sun, 15 Apr 2012 09:35:35 -0400 (EDT)
Received: from [192.168.1.62] (unknown [184.151.114.100]) by mail.2keys.ca (Postfix) with ESMTPSA id 183B328110B for <domainrep@ietf.org>; Sun, 15 Apr 2012 09:35:33 -0400 (EDT)
User-Agent: Microsoft-MacOutlook/14.14.0.111121
Date: Sun, 15 Apr 2012 09:41:08 -0400
From: Tyson Macaulay <tmacaulay@2keys.ca>
To: domainrep@ietf.org
Message-ID: <CBB04834.6479%tmacaulay@2keys.ca>
Thread-Topic: Informational RFC on reputation intelligence?
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Subject: [domainrep] Informational RFC on reputation intelligence?
X-BeenThere: domainrep@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Domain Reputation discussion list <domainrep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/domainrep>, <mailto:domainrep-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/domainrep>
List-Post: <mailto:domainrep@ietf.org>
List-Help: <mailto:domainrep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/domainrep>, <mailto:domainrep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Apr 2012 13:41:33 -0000

Everyone,

I attended the domain rep session in Paris and went to the mic to mention
an IPv6 Destination Option draft which described a delivery system for
reputation information.  (See
https://datatracker.ietf.org/doc/draft-macaulay-6man-packet-stain/)

Knowledgable 6man veterans have advised me that an informational RFC
related to the problem-statement should be developed, circulated and
accepted before driving forward with the v6-Destinatin Option draft.

The problem statement under consideration would consist of:

1) a description of internet reputation intelligence and how it might be
derived (spam logs, botnet C&C traffic, DDOS attacks, other indicators of
intent or compromise)
2) the proactive capabilities and benefits of  reputation intelligence
3) the challenges of legacy, signature and heuristic-based threat
management systems
4) review of different reputation-delivery models


My question to this group: has this already been done in full or in part
elsewhere for IETF?

I reviewed draft-dskoll-reputation-reporting-04 and the other related
drafts but did not notice a detailed discussion of this nature.  (Please
forgive me if I have missed something that should be obvious).

Thanks,

Tyson


-- 
Tyson Macaulay, BA CISSP CISA
VP ­ Technology
2Keys Security Solutions
Phone: +1 613 292 9132
email: tmacaulay@2keys.ca

v2.23.0 | Report a Bug | By Email