Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-05.txt
Mio SUZUKI <mio@nict.go.jp> Mon, 04 April 2016 20:38 UTC
Return-Path: <mio@nict.go.jp>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF23112D825; Mon, 4 Apr 2016 13:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0QHcNVHRaitR; Mon, 4 Apr 2016 13:38:50 -0700 (PDT)
Received: from ns2.nict.go.jp (ns2.nict.go.jp [IPv6:2001:df0:232:300::2]) by ietfa.amsl.com (Postfix) with ESMTP id C03FC12D898; Mon, 4 Apr 2016 13:38:49 -0700 (PDT)
Received: from gw2.nict.go.jp (gw2.nict.go.jp [133.243.18.251]) by ns2.nict.go.jp with ESMTP id u34KcmWB022485; Tue, 5 Apr 2016 05:38:48 +0900 (JST)
Received: from mail1.nict.go.jp (mail1.nict.go.jp [133.243.18.14]) by gw2.nict.go.jp with ESMTP id u34KcmgB022481; Tue, 5 Apr 2016 05:38:48 +0900 (JST)
Received: from [127.0.0.1] (ssh1.nict.go.jp [133.243.3.49]) by mail1.nict.go.jp (NICT Mail Spool Server1) with ESMTP id 139505F7D; Tue, 5 Apr 2016 05:38:44 +0900 (JST)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_1C01352E-D902-493A-856A-005AA3AA1BE0"; protocol="application/pkcs7-signature"; micalg="sha1"
From: Mio SUZUKI <mio@nict.go.jp>
In-Reply-To: <20160404201245.15630.59387.idtracker@ietfa.amsl.com>
Date: Mon, 04 Apr 2016 17:38:42 -0300
Message-Id: <4EC0DE5B-8298-4F29-B8D8-98C2F4EF37AB@nict.go.jp>
References: <20160404201245.15630.59387.idtracker@ietfa.amsl.com>
To: internet-drafts@ietf.org
X-Mailer: Apple Mail (2.3124)
X-Virus-Scanned: clamav-milter 0.98.7 at zenith2
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/Hupktwr_763-YbJFB_-2Y5QgcpE>
Cc: mile@ietf.org, i-d-announce@ietf.org
Subject: Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-05.txt
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 20:38:52 -0000
Hello all,
This is Mio from NICT.
So sorry for my slow work.
Except for examples in “Appendix” section, almost all sections have been filled.
Could you please give me all sorts of comments or feedbacks?
The summaries of this -05 update are
(1) Fix some sentences following Panos-san’s suggestion
(2) Changed section title from "Restrictions in IODEF" to "Disclosure level of IODEF" and added some description
(3) Mixed "Recommended classes to implement" section with "Unnecessary Fields" section into "Minimal IODEF document" section
(4) Added description to "Decide what IODEF will be used for" section, "Implementations" section, and "Security Considerations” section
To-Do lists are
(1) Convert and add examples of spear phishing and watchlist/malware to "Appendix".
(2) Modify examples in "Appendix" to follow the current schema.
Following IODEFv2 is better? Currently, only “Malware Delivery URL” sample follows IODEFv2 schema.
Regards,
mio
> 2016/04/04 17:12, internet-drafts@ietf.org:
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Managed Incident Lightweight Exchange of the IETF.
>
> Title : IODEF Usage Guidance
> Authors : Mio Suzuki
> Panos Kampanakis
> Filename : draft-ietf-mile-iodef-guidance-05.txt
> Pages : 28
> Date : 2016-04-04
>
> Abstract:
> The Incident Object Description Exchange Format [RFC5070] defines a
> data representation that provides a framework for sharing information
> commonly exchanged by Computer Security Incident Response Teams
> (CSIRTs) about computer security incidents. Since the IODEF model
> includes a wealth of available options that can be used to describe a
> security incident or issue, it can be challenging for implementers to
> develop tools that can Leverage IODEF for incident sharing. This
> document provides guidelines for IODEF implementers. It will also
> address how common security indicators can be represented in IODEF
> and use-cases of how IODEF is being used so far. The goal of this
> document is to make IODEF's adoption by vendors easier and encourage
> faster and wider adoption of the model by Computer Security Incident
> Response Teams (CSIRTs) around the world.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-mile-iodef-guidance/
>
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-mile-iodef-guidance-05
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-mile-iodef-guidance-05
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> mile mailing list
> mile@ietf.org
> https://www.ietf.org/mailman/listinfo/mile
- [mile] I-D Action: draft-ietf-mile-iodef-guidance… internet-drafts
- Re: [mile] I-D Action: draft-ietf-mile-iodef-guid… Mio SUZUKI