IETF Logo Mail Archive

[mile] Alissa Cooper's Discuss on draft-ietf-mile-rfc5070-bis-22: (with DISCUSS and COMMENT)

"Alissa Cooper" <alissa@cooperw.in> Tue, 31 May 2016 23:23 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: mile@ietf.org
Delivered-To: mile@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9542212D10D; Tue, 31 May 2016 16:23:47 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper <alissa@cooperw.in>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.21.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160531232347.20263.30439.idtracker@ietfa.amsl.com>
Date: Tue, 31 May 2016 16:23:47 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/7ju5pqweVGlyMUecNz0lGi3P6VY>
Cc: mile-chairs@tools.ietf.org, mile-chairs@ietf.org, mile@ietf.org, draft-ietf-mile-rfc5070-bis@ietf.org
Subject: [mile] Alissa Cooper's Discuss on draft-ietf-mile-rfc5070-bis-22: (with DISCUSS and COMMENT)
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2016 23:23:47 -0000

Alissa Cooper has entered the following ballot position for
draft-ietf-mile-rfc5070-bis-22: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-mile-rfc5070-bis/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

The Confidence class as defined in 3.12.5 seems underspecified. It does
not specify a max value, so some implementations might use 1 as the max
while others might use 100. 

It's also hard to understand how a single confidence value is supposed to
be applied to elements with multiple fields, as in 3.12 and 3.29. What do
I do if I have high confidence in my estimate of SystemImpact but low
confidence in my estimate of MonetaryImpact?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

(1) Section 1: It would be useful to define "cyber," "cyber indicator"
(somewhere before 3.29), "cyber threat," and "cyber event." I chuckled
when I wrote that, but I'm serious. The term "cyber" did not appear in
RFC 5070. It has clearly taken on some (mythical, perhaps) meaning in
venues external to the IETF. I think if this document is going to use the
term, it needs to explain what it means. If there are some external
definitions to point to or adopt, that would be fine.

(2) Section 3.19.2: If I want to list the admin contact for a particular
domain in a Contact element within a DomainContacts element, do I set the
role in the Contact to "admin" or to "zone"? I think this is not entirely
clear from how the roles are specified in 3.9 since most of the roles are
more generic than "zone."

v2.23.0 | Report a Bug | By Email