Protocol Action: The Intrusion Detection Exchange Protocol (IDXP) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Wed, 18 December 2002 22:10 UTC
Received: from ran.ietf.org (ran.ietf.org [10.27.6.60]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA20122; Wed, 18 Dec 2002 17:10:59 -0500 (EST)
Received: from majordomo by ran.ietf.org with local (Exim 4.10) id 18OmDe-0001vu-00 for ietf-announce-list@ran.ietf.org; Wed, 18 Dec 2002 16:59:10 -0500
Received: from odin.ietf.org ([10.27.2.28] helo=ietf.org) by ran.ietf.org with esmtp (Exim 4.10) id 18OmCv-0001qk-00 for all-ietf@ran.ietf.org; Wed, 18 Dec 2002 16:58:25 -0500
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA19729; Wed, 18 Dec 2002 16:54:51 -0500 (EST)
Message-Id: <200212182154.QAA19729@ietf.org>
To: IETF-Announce:;
Cc: RFC Editor <rfc-editor@isi.edu>, Internet Architecture Board <iab@iab.org>, idwg-public@zurich.ibm.com
From: The IESG <iesg-secretary@ietf.org>
Subject: Protocol Action: The Intrusion Detection Exchange Protocol (IDXP) to Proposed Standard
Date: Wed, 18 Dec 2002 16:54:51 -0500
Sender: owner-ietf-announce@ietf.org
Precedence: bulk
The IESG has approved "The Intrusion Detection Exchange Protocol (IDXP)" <draft-ietf-idwg-beep-idxp-07.txt> and "The TUNNEL Profile" <draft-ietf-idwg-beep-tunnel-05.txt> as Proposed Standards. The IESG has approved the publication of "Intrusion Detection Message Exchange Requirements" <draft-ietf-idwg-requirements-10.txt> as an INFORMATIONAL RFC. These documents are the product of the Intrusion Detection Exchange Format Working Group. The IESG contact persons are Steve Bellovin and Jeff Schiller. Technical Summary In general Intrusion Detection Systems are divided into two classes of entities. There are detection "Analyzers" which sit at various points in the network, gather data and make intrusion determinations. "Managers" gather data from analyzers and present it for evaluation. Analyzers may communicate with many managers and managers may communicate both with many analyzers and other managers. IDXP is the protocol they use to communicate. This document set consists of three documents. The Requirements document defines the requirements established by the IDWG Working Group for the IDXP protocol. It is being published as an Informational document. The IDXP document defines the Intrusion Detection Exchange Protocol (IDXP). IDXP is an application-level protocol for exchanging data between intrusion detection entities. IDXP is itself layered on top of BEEP (RFC3080). The TUNNEL document defines a BEEP profile for having an application level BEEP proxy tunnel data between two BEEP peers. This facility is useful for controlled tunneling through firewalls. Because many Intrusion analyzers may be located behind firewalls, it is necessary for system managers to be able to tunnel data through appropriately authorized BEEP proxies to managers that may be located on the other side of the firewall. Although defined here for use in IDXP, the tunneling facility is a general purpose BEEP facility. Working Group Summary There was working group consensus on these documents. Protocol Quality These documents were reviewed by Jeff Schiller and Steve Bellovin for the IESG.