Re: [mile] Hello, my comments on draft-banghart-mile-rolie-csirt-01:
"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Thu, 20 July 2017 15:06 UTC
Return-Path: <david.waltermire@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C08D51252BA for <mile@ietfa.amsl.com>; Thu, 20 Jul 2017 08:06:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FScQPxc3F8XC for <mile@ietfa.amsl.com>; Thu, 20 Jul 2017 08:06:01 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0110.outbound.protection.outlook.com [23.103.201.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13D48131CCA for <mile@ietf.org>; Thu, 20 Jul 2017 08:06:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6u7Jc2uXOSwRUBnAjM95nQc4z1UlAvl2148FIZJ9tJ0=; b=W0eYFbz5nyElTglllYsI9B0QKQW4pIkwC0rAB9JRkGL9YF0kQlOuF7AwiKFzGrqSqVdHg1w9bvh2T3f0x9bS6V/kZeHO/C/8m9fiShLxbfU0GvxeCs6jGzvgyetLfII8rCws4O7T2hCVS20bXWVFv8mxASKzGrqWzEiAwcjqPgM=
Received: from MWHPR09MB1440.namprd09.prod.outlook.com (10.173.50.14) by MWHPR09MB1438.namprd09.prod.outlook.com (10.173.50.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.13; Thu, 20 Jul 2017 15:05:59 +0000
Received: from MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) by MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) with mapi id 15.01.1261.024; Thu, 20 Jul 2017 15:05:59 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: "Xialiang (Frank)" <frank.xialiang@huawei.com>, "mile@ietf.org" <mile@ietf.org>
Thread-Topic: Hello, my comments on draft-banghart-mile-rolie-csirt-01:
Thread-Index: AdMBJ737fe7WDE1lSVyC0xwwfBCgbwAQamZw
Date: Thu, 20 Jul 2017 15:05:59 +0000
Message-ID: <MWHPR09MB1440133640271A5E94FDF696F0A70@MWHPR09MB1440.namprd09.prod.outlook.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12BB2527C@DGGEML502-MBX.china.huawei.com>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12BB2527C@DGGEML502-MBX.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: huawei.com; dkim=none (message not signed) header.d=none;huawei.com; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [2001:67c:370:128:b5a6:c156:31d7:2673]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR09MB1438; 7:+0nHH+UudiqTwoka36blSOAvLzM7IGE99zOWZdqTOMptUzuHV61yPBVtcn0N2quXveYlrbBPxLaIzas+Ds4qE2qUwqChRK+aLUqsmYNzCk0Al35eI3WDSVn7uam6wtgh9Mn/NQPv8huJIH1DTTzSOUXhS/C3ZRA0no4ldevVpfMqsdpN52cc7U8Ciee9mAgAvqHNSod7BgDoOO7TIM8lbkRWIU5bssqbI13z4x2nH57dsO1s/3dMLBeHlL8JIMOiVlyDYnbSyXNVq3sRtjdEougodmiI9smID7whiLa2MCYorpHCYZ8IPP7RPtz5xUHNPhihSOpf8OXb3w+QKCcAbQBiMhAmUh0+92ylIRXIoLRXD48HQd8tNd7jEvferWEgMlnQh0TkS9xSPSBmIHnP7XX4ThQyziVsoDpBPYCEtc7aRP6LYxocHx1XOKuGdoXC3tG2P6NJOb5WrnUP/OSl+cbYIUMHvR89RsHkL6Q2iFL+dJGO1u2YNxy8Ykudgt9D1k0C6Vqrna3UKGOPWfoTGWL6figS70PsfiyOReNuGTvZVX15hGka6j37fZP5axrfLNsdrOHkiMupAe33myF95bXNQs4Xcfn8x3g92H0tDAUBJHx8AaUhPLuKGDcXfqaKly6labC9rQQlppBZcGJCY7qfug+CtW91hn9N2vNuZpHMBB+9dSgAJLrGorKrwVwEErrKzI3OfHoraSNTNt+/kuPJokhveygW9EknsNiI5qSViqoZGgVfykva/1o8MJBP+9PDqx5lNJv3A2/4WYKIghbmVAmd5LuRnfR8Lr5pAlM=
x-ms-office365-filtering-correlation-id: 61f88555-7ca0-4359-7273-08d4cf80d494
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(48565401081)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:MWHPR09MB1438;
x-ms-traffictypediagnostic: MWHPR09MB1438:
x-exchange-antispam-report-test: UriScan:(236129657087228)(192374486261705)(131327999870524)(50582790962513)(48057245064654)(148574349560750)(209349559609743)(256282310955234);
x-microsoft-antispam-prvs: <MWHPR09MB14384B954066A6D648EFF759F0A70@MWHPR09MB1438.namprd09.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(2017060910075)(3002001)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123560025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR09MB1438; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR09MB1438;
x-forefront-prvs: 0374433C81
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39400400002)(39850400002)(39450400003)(39840400002)(377454003)(229853002)(478600001)(54896002)(2501003)(81166006)(5660300001)(6246003)(6606003)(54356999)(77096006)(33656002)(53546010)(7736002)(8676002)(8936002)(7696004)(102836003)(189998001)(2900100001)(53936002)(3660700001)(6116002)(25786009)(14454004)(9686003)(19627405001)(76176999)(99286003)(50986999)(55016002)(2950100002)(86362001)(38730400002)(6436002)(224903001)(230783001)(2906002)(3280700002)(74316002)(6506006); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB1438; H:MWHPR09MB1440.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR09MB1440133640271A5E94FDF696F0A70MWHPR09MB1440namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2017 15:05:59.2688 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1438
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/HyTaWEhPiHyaWnE6DsZmebFfMpg>
Subject: Re: [mile] Hello, my comments on draft-banghart-mile-rolie-csirt-01:
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 15:06:08 -0000
Frank, Your feedback is greatly appreciated. Thank you. Would you be interested in contributing any text to the draft based on your feedback? Also, with regards to your #2 comment, what other information types do you think would be useful to add? Thanks, Dave ________________________________ From: mile <mile-bounces@ietf.org> on behalf of Xialiang (Frank) <frank.xialiang@huawei.com> Sent: Thursday, July 20, 2017 3:13 AM To: mile@ietf.org Subject: [mile] Hello, my comments on draft-banghart-mile-rolie-csirt-01: Hi authors, I have reviewed this draft, it’s a useful extension of ROLIE for CSIRT team for security information sharing. Right now, I can see that this draft is generally not complicated so that in a good shape and well written. I just have several comments on it as follows: 1. Table 1~3 have the same title causing the difficulty to know what they are respectively for, it would be helpful to have more specific title for each table; 2. Current draft covers two primary types of information: incidents and indicators. Is there plan to add more types in future, given IODEF actually has more types of security related information that can be referenced? 3. For people who are not CSIRT experts, they may not be clear why you propose current information elements required for the CSIRT exchange in Section 6. Is it helpful to have some background information for explaining? Generally, I think this draft is useful and in a good direction, but I still find there are some parts missed or not fully described. So go ahead and encourage more discussions in WG~~ B.R. Frank
- [mile] Hello, my comments on draft-banghart-mile-… Xialiang (Frank)
- Re: [mile] Hello, my comments on draft-banghart-m… Waltermire, David A. (Fed)