[mile] [Issue #17] Additional values in Incident@purpose
"Roman D. Danyliw" <rdd@cert.org> Mon, 29 July 2013 13:54 UTC
Return-Path: <rdd@cert.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB63E21F9DD0 for <mile@ietfa.amsl.com>; Mon, 29 Jul 2013 06:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.995
X-Spam-Level:
X-Spam-Status: No, score=-5.995 tagged_above=-999 required=5 tests=[AWL=0.603, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlkRkxQfFezN for <mile@ietfa.amsl.com>; Mon, 29 Jul 2013 06:54:25 -0700 (PDT)
Received: from shetland.sei.cmu.edu (shetland.sei.cmu.edu [192.58.107.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5062D11E80A2 for <mile@ietf.org>; Mon, 29 Jul 2013 06:52:59 -0700 (PDT)
Received: from pawpaw.sei.cmu.edu (pawpaw.sei.cmu.edu [10.64.21.22]) by shetland.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id r6TDqrdW023828 for <mile@ietf.org>; Mon, 29 Jul 2013 09:52:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1375105973; bh=YN3t/8WXxB/muz04W++SwonjrdqHLarBbAkNJB8uHAU=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version:Sender:Reply-To:Cc: In-Reply-To:References; b=lQUbNLz11vUb5VqOuA7O/b4QGtLE8E+MxyhZLao3p2/ILH6Ltp0s0SK/TklQCFLAN mibDtdCjdrAJA0iXfhb4E1piBW45LnkXMfIYWDfnk2NAbMNlMHgtUcXSFZEhot7JCN v/sfpTa5mTEKOOmhiWsMRjCBBH6jaSofOrGgSP3Y=
Received: from CASSINA.ad.sei.cmu.edu (cassina.sei.cmu.edu [10.64.28.249]) by pawpaw.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id r6TDr21C024416 for <mile@ietf.org>; Mon, 29 Jul 2013 09:53:02 -0400
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.02.0318.004; Mon, 29 Jul 2013 09:52:53 -0400
From: "Roman D. Danyliw" <rdd@cert.org>
To: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [Issue #17] Additional values in Incident@purpose
Thread-Index: Ac6MYd7FymU8Ca+OQiGWe3LqYXfjsw==
Date: Mon, 29 Jul 2013 13:52:53 +0000
Message-ID: <359EC4B99E040048A7131E0F4E113AFC13C561E2@marathon>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.22.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [mile] [Issue #17] Additional values in Incident@purpose
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2013 13:54:42 -0000
Hi! Tracking at http://trac.tools.ietf.org/wg/mile/trac/ticket/17. The intent of the IODEF data model has expanded in scope with MILE. In addition to incident reporting and requesting mitigation, sending indicators and threat information is now done. This change likely warrants additional values in Incident@purpose. Currently, this attribute is defined as follows: 1. traceback. The document was sent for trace-back purposes. 2. mitigation. The document was sent to request aid in mitigating the described activity. 3. reporting. The document was sent to comply with reporting requirements. 4. other. The document was sent for purposes specified in the Expectation class. 5. ext-value. An escape value used to extend this attribute. See Section 5.1. I would propose adding two new values: 6. indicators. The document was sent to convey indicators to threat activity. 7. awareness. The document was sent to provide awareness of threat activity. Are there any other? Roman
- [mile] [Issue #17] Additional values in Incident@… Roman D. Danyliw