IETF Logo Mail Archive

Re: [mile] AD Review of RFC5070-bis IODEFv2

"Roman D. Danyliw" <rdd@cert.org> Wed, 27 April 2016 13:49 UTC

Return-Path: <rdd@cert.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13CB512D5AC for <mile@ietfa.amsl.com>; Wed, 27 Apr 2016 06:49:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.29
X-Spam-Level:
X-Spam-Status: No, score=-4.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sq5zlP6KGoDd for <mile@ietfa.amsl.com>; Wed, 27 Apr 2016 06:49:53 -0700 (PDT)
Received: from shetland.sei.cmu.edu (shetland.sei.cmu.edu [192.58.107.44]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1ACE12D1E1 for <mile@ietf.org>; Wed, 27 Apr 2016 06:49:53 -0700 (PDT)
Received: from pawpaw.sei.cmu.edu (pawpaw.sei.cmu.edu [10.64.21.22]) by shetland.sei.cmu.edu (8.14.4/8.14.4/1543) with ESMTP id u3RDnqua011573; Wed, 27 Apr 2016 09:49:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1461764992; bh=E/j+EhrF6cdTBiBQrLWVMR1m0628rcwIahIVLckFwuI=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version:Sender: Reply-To; b=PvY/InGmucuZIojlEcqYNphghhJj6JpOnO0QexVhtnZSOEV13SNSbsr6yhnEIh3wW 19bRsytReNMc/wHqN2EiJma70CU+vceYdLJGBYLSPm6WXugYHWiHxKzyI7nYBIrdAL a50qmGZH+1dDzQppNLO00X+KOL4Xk0j1Y92BcVY8=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by pawpaw.sei.cmu.edu (8.14.4/8.14.4/1543) with ESMTP id u3RDnp5o019667; Wed, 27 Apr 2016 09:49:51 -0400
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0279.002; Wed, 27 Apr 2016 09:49:51 -0400
From: "Roman D. Danyliw" <rdd@cert.org>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: [mile] AD Review of RFC5070-bis IODEFv2
Thread-Index: AQHRn+RJNF8xVzLT20a1VP1fCDq0jZ+d142u
Date: Wed, 27 Apr 2016 13:49:50 +0000
Message-ID: <139CF3DE-EE09-4583-8C7C-4D92F29C51BE@cert.org>
References: <CAHbuEH7ta3=LLeMoF_QJ+xepd2BU-o9Ubt326BCX0-Euw+REdg@mail.gmail.com>
In-Reply-To: <CAHbuEH7ta3=LLeMoF_QJ+xepd2BU-o9Ubt326BCX0-Euw+REdg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/FIlvIBcMNLP6C63pfnNbnfzDK9M>
Cc: MILE IETF <mile@ietf.org>
Subject: Re: [mile] AD Review of RFC5070-bis IODEFv2
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2016 13:49:56 -0000

Thanks for this detailed review! I'll make the necessary changes.

Roman

> On Apr 26, 2016, at 1:51 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
> 
> Thank you very much for your work on this draft!  It's a complex
> document and it reads very well.  I have a mix of comments and nits to
> be addressed before this goes to IESG review.  I also see that the
> IANA changes are requested to be done in the RFC editor queue, can we
> do that sooner to prevent multiple reviewers from commenting on the
> same thing?  I can find someone to help if needed.
> 
> In the introduction, there should be a summary of changes from
> RFC5070.  Change logs are usually deleted upon publication and last
> call reviewers usually look for this in the introduction.  A pointer
> to section 4.4 would be good as well here.
> 
> Section 3.3.1
> Did the WG discuss (sorry if I missed it), just replacing the values
> for TLP with what is there now?  Or are there other groups using what
> was there in v1?  Having duplication means that applications have to
> program in the equivalence, which is fine, just one more thing to do
> or that could cause confusion.
> 
> Section 3.9 Contact class
> 
> I noticed that nothing is required and wanted to make sure that is
> what the WG wanted for this class.  The class can be used with no
> required elements.
> 
> 3.18.2
> the category list is impressive!
> 
> Section 3.19
> Shouldn't this be TimeDomainWasChecked?
> DateDomainWasChecked
>      Zero or one.  DATETIME.  A timestamp of when the domain listed in
>      the Name class was resolved.
> 
> I had to read the description to realize it was a full timestamp,
> which is good as that's what incident handlers need.
> 
> 3.26
> I like the improvements to the HashData class!
> 
> 3.29.5
> The new way to represent expressions is pretty clear/easy to
> understand, which is good!  Especially for those that don't read.
> 
> Security Considerations section:
> 
> First paragraph - please explicitly mention that the data can be both
> security and privacy sensitive here.  Details can come later in a
> privacy section that needs to be added.
> 
> The privacy section should to include options for handling data in
> sensitive fields, such as using role based contact information instead
> of individuals contact info as well as protecting sensitive data with
> encryption (object level and transport MUST - but is covered in a
> transport).
> 
> Contact info (email, telephone, postalAddress, etc.), IPs,
> target/source information, any identifiers that can be linked to
> individuals.
> 
> RFC6973 is a great resource and a quick read.
> 
> Nits:
> 
> Section 2.15.1, "a" is repeated twice at the end of the flowing text:
> spec-name
>      Required.  ENUM.  Identifies the format and semantics of the
>      element body of this class.  Formal standards and specifications
>      can be referenced as well as a free-form text description with a a
> 
> Section 3.10.1
> change describes to described in the last line of the first paragraph:
> From: "to be describes in either free-form or machine readable form."
> To: "to be described in either free-form or machine readable form."
> 
> Section 3.14, 4th line, EvenData should be EventData
> "recursive definition of EvenData allows for the grouping of related"
> 
> Section 5, line 4, change "ad" to "add"
> There is support to ad additional enumerated values and new classes.
> 
> Schema/UML comparison
> 
> There is a mismatch between PostalAddress in the UML and the Schema in
> the Contact class.  The UML has it as 0-1 and the schema has it as
> 0-unbounded
> 
> <xs:element name="Contact">
>      <xs:complexType>
>        <xs:sequence>
>          <xs:element ref="iodef:ContactName"
>                      minOccurs="0" maxOccurs="unbounded"/>
>          <xs:element ref="iodef:ContactTitle"
>                      minOccurs="0" maxOccurs="unbounded"/>
>          <xs:element ref="iodef:Description"
>                      minOccurs="0" maxOccurs="unbounded"/>
>          <xs:element ref="iodef:RegistryHandle"
>                      minOccurs="0" maxOccurs="unbounded"/>
>          <xs:element ref="iodef:PostalAddress"
>                      minOccurs="0" maxOccurs="unbounded"/>
> 
> DomainData Class -
> This isn't an error, just a point of inconsistency.  MaxOccurs value
> is explicitly set here and not in other places since 1 is the default.
> 
> 
> Thank you!
> -- 
> 
> Best regards,
> Kathleen
> 
> _______________________________________________
> mile mailing list
> mile@ietf.org
> https://www.ietf.org/mailman/listinfo/mile
>

v2.23.0 | Report a Bug | By Email