Re: [mile] AD Review of RFC5070-bis IODEFv2
"Roman D. Danyliw" <rdd@cert.org> Wed, 27 April 2016 13:49 UTC
Return-Path: <rdd@cert.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13CB512D5AC for <mile@ietfa.amsl.com>; Wed, 27 Apr 2016 06:49:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.29
X-Spam-Level:
X-Spam-Status: No, score=-4.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sq5zlP6KGoDd for <mile@ietfa.amsl.com>; Wed, 27 Apr 2016 06:49:53 -0700 (PDT)
Received: from shetland.sei.cmu.edu (shetland.sei.cmu.edu [192.58.107.44]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1ACE12D1E1 for <mile@ietf.org>; Wed, 27 Apr 2016 06:49:53 -0700 (PDT)
Received: from pawpaw.sei.cmu.edu (pawpaw.sei.cmu.edu [10.64.21.22]) by shetland.sei.cmu.edu (8.14.4/8.14.4/1543) with ESMTP id u3RDnqua011573; Wed, 27 Apr 2016 09:49:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1461764992; bh=E/j+EhrF6cdTBiBQrLWVMR1m0628rcwIahIVLckFwuI=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version:Sender: Reply-To; b=PvY/InGmucuZIojlEcqYNphghhJj6JpOnO0QexVhtnZSOEV13SNSbsr6yhnEIh3wW 19bRsytReNMc/wHqN2EiJma70CU+vceYdLJGBYLSPm6WXugYHWiHxKzyI7nYBIrdAL a50qmGZH+1dDzQppNLO00X+KOL4Xk0j1Y92BcVY8=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by pawpaw.sei.cmu.edu (8.14.4/8.14.4/1543) with ESMTP id u3RDnp5o019667; Wed, 27 Apr 2016 09:49:51 -0400
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0279.002; Wed, 27 Apr 2016 09:49:51 -0400
From: "Roman D. Danyliw" <rdd@cert.org>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: [mile] AD Review of RFC5070-bis IODEFv2
Thread-Index: AQHRn+RJNF8xVzLT20a1VP1fCDq0jZ+d142u
Date: Wed, 27 Apr 2016 13:49:50 +0000
Message-ID: <139CF3DE-EE09-4583-8C7C-4D92F29C51BE@cert.org>
References: <CAHbuEH7ta3=LLeMoF_QJ+xepd2BU-o9Ubt326BCX0-Euw+REdg@mail.gmail.com>
In-Reply-To: <CAHbuEH7ta3=LLeMoF_QJ+xepd2BU-o9Ubt326BCX0-Euw+REdg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/FIlvIBcMNLP6C63pfnNbnfzDK9M>
Cc: MILE IETF <mile@ietf.org>
Subject: Re: [mile] AD Review of RFC5070-bis IODEFv2
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2016 13:49:56 -0000
Thanks for this detailed review! I'll make the necessary changes. Roman > On Apr 26, 2016, at 1:51 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > Thank you very much for your work on this draft! It's a complex > document and it reads very well. I have a mix of comments and nits to > be addressed before this goes to IESG review. I also see that the > IANA changes are requested to be done in the RFC editor queue, can we > do that sooner to prevent multiple reviewers from commenting on the > same thing? I can find someone to help if needed. > > In the introduction, there should be a summary of changes from > RFC5070. Change logs are usually deleted upon publication and last > call reviewers usually look for this in the introduction. A pointer > to section 4.4 would be good as well here. > > Section 3.3.1 > Did the WG discuss (sorry if I missed it), just replacing the values > for TLP with what is there now? Or are there other groups using what > was there in v1? Having duplication means that applications have to > program in the equivalence, which is fine, just one more thing to do > or that could cause confusion. > > Section 3.9 Contact class > > I noticed that nothing is required and wanted to make sure that is > what the WG wanted for this class. The class can be used with no > required elements. > > 3.18.2 > the category list is impressive! > > Section 3.19 > Shouldn't this be TimeDomainWasChecked? > DateDomainWasChecked > Zero or one. DATETIME. A timestamp of when the domain listed in > the Name class was resolved. > > I had to read the description to realize it was a full timestamp, > which is good as that's what incident handlers need. > > 3.26 > I like the improvements to the HashData class! > > 3.29.5 > The new way to represent expressions is pretty clear/easy to > understand, which is good! Especially for those that don't read. > > Security Considerations section: > > First paragraph - please explicitly mention that the data can be both > security and privacy sensitive here. Details can come later in a > privacy section that needs to be added. > > The privacy section should to include options for handling data in > sensitive fields, such as using role based contact information instead > of individuals contact info as well as protecting sensitive data with > encryption (object level and transport MUST - but is covered in a > transport). > > Contact info (email, telephone, postalAddress, etc.), IPs, > target/source information, any identifiers that can be linked to > individuals. > > RFC6973 is a great resource and a quick read. > > Nits: > > Section 2.15.1, "a" is repeated twice at the end of the flowing text: > spec-name > Required. ENUM. Identifies the format and semantics of the > element body of this class. Formal standards and specifications > can be referenced as well as a free-form text description with a a > > Section 3.10.1 > change describes to described in the last line of the first paragraph: > From: "to be describes in either free-form or machine readable form." > To: "to be described in either free-form or machine readable form." > > Section 3.14, 4th line, EvenData should be EventData > "recursive definition of EvenData allows for the grouping of related" > > Section 5, line 4, change "ad" to "add" > There is support to ad additional enumerated values and new classes. > > Schema/UML comparison > > There is a mismatch between PostalAddress in the UML and the Schema in > the Contact class. The UML has it as 0-1 and the schema has it as > 0-unbounded > > <xs:element name="Contact"> > <xs:complexType> > <xs:sequence> > <xs:element ref="iodef:ContactName" > minOccurs="0" maxOccurs="unbounded"/> > <xs:element ref="iodef:ContactTitle" > minOccurs="0" maxOccurs="unbounded"/> > <xs:element ref="iodef:Description" > minOccurs="0" maxOccurs="unbounded"/> > <xs:element ref="iodef:RegistryHandle" > minOccurs="0" maxOccurs="unbounded"/> > <xs:element ref="iodef:PostalAddress" > minOccurs="0" maxOccurs="unbounded"/> > > DomainData Class - > This isn't an error, just a point of inconsistency. MaxOccurs value > is explicitly set here and not in other places since 1 is the default. > > > Thank you! > -- > > Best regards, > Kathleen > > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile >
- [mile] AD Review of RFC5070-bis IODEFv2 Kathleen Moriarty
- Re: [mile] AD Review of RFC5070-bis IODEFv2 Roman D. Danyliw
- Re: [mile] AD Review of RFC5070-bis IODEFv2 Roman D. Danyliw