[mile] AD Review of RFC5070-bis IODEFv2
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 26 April 2016 17:51 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44AFF12D552 for <mile@ietfa.amsl.com>; Tue, 26 Apr 2016 10:51:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.69
X-Spam-Level:
X-Spam-Status: No, score=-2.69 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D9lyAEK5Gk3N for <mile@ietfa.amsl.com>; Tue, 26 Apr 2016 10:51:25 -0700 (PDT)
Received: from mail-yw0-x235.google.com (mail-yw0-x235.google.com [IPv6:2607:f8b0:4002:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D08B12D52E for <mile@ietf.org>; Tue, 26 Apr 2016 10:51:25 -0700 (PDT)
Received: by mail-yw0-x235.google.com with SMTP id j74so23715132ywg.1 for <mile@ietf.org>; Tue, 26 Apr 2016 10:51:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=fZVklAPG0jN7wx/8WPNtup6u14IqqbmhFpdzhwqpXdU=; b=BJdrA+WMnmWmurl89tAuO3mOvn9VNwnfvfHGY3XHQqzbRre6kwY9R/Ia2qJl8SFKhf 0xpwpTvheMmLA+IkQhoNzP5AWBoZT5wwMMxhRRUTX4+lgs4KHy9kQSmaRF7FtICs7Tj8 iD203xl8Ob5bS0d2lZwLLGY603si84ckPqOv+NRS10XCrWwXz0Wr/Xb5C2CsJAlTx5V+ p1j1dC9ukh/0+x3Ojm6ZCytxbQ7wjnu9vEOpGmHF9bUsDa8reW5i+U5sNsTodAUco0nC cT2uIf6+NaGCly9RAFcptA+57jSR5ry24ovy9wANQZV2ty6T1ZTyz7d6t+Wp+6Y6A+b9 rKjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=fZVklAPG0jN7wx/8WPNtup6u14IqqbmhFpdzhwqpXdU=; b=UrQuPH+vxPDqPXyo1paiquny0zNwg5jfOCZiHdcswPXhuFszP7SF4OmaAcMtVJcYrg 3QcswqiZL178A9Fj3yUOsTyctmB5RdjS0AW+fZKJMlLTKC3Bq37rZVMGY6+4Gp6bsfXC XTL9BBPTCgMNMZnRLH0sGv4JtP3xNNR+RJUVzGeBb9y9qGrscPt9xDqLbAWXskKSAoMf xYlNm6nKoYJNtFulCSq0UpoPtWy9s/+UMZzNO+jB4S5U/uMQKFoVIw9VN8+UeHSpP4Dk D5V3xj8n3dH4uaYildDUgJV8l6uFVGvYCQrAvEj7KPWzTG1XB0vL5Wr7yXWh1kRRKRv3 5Lhg==
X-Gm-Message-State: AOPr4FXwKcA2TJCkOQzV7HGdY2zpdsxefONeC2tw+wk5djOq5zbU8X/f3YcD9/IOisEVNWH0IHyyZtgSchjJNA==
MIME-Version: 1.0
X-Received: by 10.159.36.148 with SMTP id 20mr1800660uar.156.1461693084562; Tue, 26 Apr 2016 10:51:24 -0700 (PDT)
Received: by 10.159.54.231 with HTTP; Tue, 26 Apr 2016 10:51:24 -0700 (PDT)
Date: Tue, 26 Apr 2016 13:51:24 -0400
Message-ID: <CAHbuEH7ta3=LLeMoF_QJ+xepd2BU-o9Ubt326BCX0-Euw+REdg@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: MILE IETF <mile@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/BUVKxyBqKhchEle9hqt46Uj6OC8>
Subject: [mile] AD Review of RFC5070-bis IODEFv2
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 17:51:27 -0000
Thank you very much for your work on this draft! It's a complex
document and it reads very well. I have a mix of comments and nits to
be addressed before this goes to IESG review. I also see that the
IANA changes are requested to be done in the RFC editor queue, can we
do that sooner to prevent multiple reviewers from commenting on the
same thing? I can find someone to help if needed.
In the introduction, there should be a summary of changes from
RFC5070. Change logs are usually deleted upon publication and last
call reviewers usually look for this in the introduction. A pointer
to section 4.4 would be good as well here.
Section 3.3.1
Did the WG discuss (sorry if I missed it), just replacing the values
for TLP with what is there now? Or are there other groups using what
was there in v1? Having duplication means that applications have to
program in the equivalence, which is fine, just one more thing to do
or that could cause confusion.
Section 3.9 Contact class
I noticed that nothing is required and wanted to make sure that is
what the WG wanted for this class. The class can be used with no
required elements.
3.18.2
the category list is impressive!
Section 3.19
Shouldn't this be TimeDomainWasChecked?
DateDomainWasChecked
Zero or one. DATETIME. A timestamp of when the domain listed in
the Name class was resolved.
I had to read the description to realize it was a full timestamp,
which is good as that's what incident handlers need.
3.26
I like the improvements to the HashData class!
3.29.5
The new way to represent expressions is pretty clear/easy to
understand, which is good! Especially for those that don't read.
Security Considerations section:
First paragraph - please explicitly mention that the data can be both
security and privacy sensitive here. Details can come later in a
privacy section that needs to be added.
The privacy section should to include options for handling data in
sensitive fields, such as using role based contact information instead
of individuals contact info as well as protecting sensitive data with
encryption (object level and transport MUST - but is covered in a
transport).
Contact info (email, telephone, postalAddress, etc.), IPs,
target/source information, any identifiers that can be linked to
individuals.
RFC6973 is a great resource and a quick read.
Nits:
Section 2.15.1, "a" is repeated twice at the end of the flowing text:
spec-name
Required. ENUM. Identifies the format and semantics of the
element body of this class. Formal standards and specifications
can be referenced as well as a free-form text description with a a
Section 3.10.1
change describes to described in the last line of the first paragraph:
From: "to be describes in either free-form or machine readable form."
To: "to be described in either free-form or machine readable form."
Section 3.14, 4th line, EvenData should be EventData
"recursive definition of EvenData allows for the grouping of related"
Section 5, line 4, change "ad" to "add"
There is support to ad additional enumerated values and new classes.
Schema/UML comparison
There is a mismatch between PostalAddress in the UML and the Schema in
the Contact class. The UML has it as 0-1 and the schema has it as
0-unbounded
<xs:element name="Contact">
<xs:complexType>
<xs:sequence>
<xs:element ref="iodef:ContactName"
minOccurs="0" maxOccurs="unbounded"/>
<xs:element ref="iodef:ContactTitle"
minOccurs="0" maxOccurs="unbounded"/>
<xs:element ref="iodef:Description"
minOccurs="0" maxOccurs="unbounded"/>
<xs:element ref="iodef:RegistryHandle"
minOccurs="0" maxOccurs="unbounded"/>
<xs:element ref="iodef:PostalAddress"
minOccurs="0" maxOccurs="unbounded"/>
DomainData Class -
This isn't an error, just a point of inconsistency. MaxOccurs value
is explicitly set here and not in other places since 1 is the default.
Thank you!
--
Best regards,
Kathleen
- [mile] AD Review of RFC5070-bis IODEFv2 Kathleen Moriarty
- Re: [mile] AD Review of RFC5070-bis IODEFv2 Roman D. Danyliw
- Re: [mile] AD Review of RFC5070-bis IODEFv2 Roman D. Danyliw