[mile] Updated charter for review
"Moriarty, Kathleen" <kathleen.moriarty@emc.com> Tue, 26 March 2013 20:48 UTC
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6E7521F8600 for <mile@ietfa.amsl.com>; Tue, 26 Mar 2013 13:48:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s+ME8qglYAoR for <mile@ietfa.amsl.com>; Tue, 26 Mar 2013 13:48:10 -0700 (PDT)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id EA8D221F8554 for <mile@ietf.org>; Tue, 26 Mar 2013 13:48:02 -0700 (PDT)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r2QKm0xk029143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <mile@ietf.org>; Tue, 26 Mar 2013 16:48:01 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd02.lss.emc.com [10.254.221.253]) by hop04-l1d11-si02.isus.emc.com (RSA Interceptor) for <mile@ietf.org>; Tue, 26 Mar 2013 16:47:41 -0400
Received: from mxhub33.corp.emc.com (mxhub33.corp.emc.com [10.254.93.81]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r2QKlfhv013443 for <mile@ietf.org>; Tue, 26 Mar 2013 16:47:41 -0400
Received: from mx15a.corp.emc.com ([169.254.1.81]) by mxhub33.corp.emc.com ([::1]) with mapi; Tue, 26 Mar 2013 16:47:40 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: "mile@ietf.org" <mile@ietf.org>
Date: Tue, 26 Mar 2013 16:47:39 -0400
Thread-Topic: Updated charter for review
Thread-Index: Ac4qYye3LkhMGx3rQjuIbJ1ARFHetA==
Message-ID: <F5063677821E3B4F81ACFB7905573F24DA7FE28C@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_F5063677821E3B4F81ACFB7905573F24DA7FE28CMX15Acorpemccom_"
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: [mile] Updated charter for review
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2013 20:48:11 -0000
As discussed at the MILE meeting, we need to revise the charter. Brian and I updated the charter and it is attached for review and comment to the list. Thank you in advance! Best regards, Kathleen & Brian Managed Incident Lightweight Exchange (mile) -------------------------------------------- Charter Current Status: Active Chairs: Kathleen Moriarty Brian Trammell Security Area Directors: Stephen Farrell Sean Turner Security Area Advisor: Sean Turner Mailing Lists: General Discussion: mile@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/mile Archive: http://www.ietf.org/mail-archive/web/mile/ Description of Working Group: The Managed Incident Lightweight Exchange (MILE) working group will develop standards for the purpose of improving incident and indicator information sharing and handling capabilities based on the work developed in the IETF Extended INCident Handling (INCH) working group. The Incident Object Description Exchange Format (IODEF) in RFC5070 and Real-time Inter-network Defense (RID) in RFC6045 were developed in the INCH working group by international Computer Security Incident Response Teams (CSIRTs) and industry to meet the needs of a global community interested in sharing, handling, and exchanging incident and indicator information. The working group will define enhancements and extensions to IODEF and RID and provide guidance for applying them. It will also focus on improving the interoperability of existing and new IODEF implementations, and the interoperation of IODEF and its extensions and enhancements with related standards for information sharing. The extensions and guidance created by the MILE working group assists with the daily operations of CSIRTs at an organization, service providers, law enforcement, and at the national level. The working group has completed Proposed Standard revisions of RID (RFC 6545) and RID transport (RFC 6546). Given that this transport supports a specific workflow, and other workflows may be used by other communities, the working group will consider the development of alternate transport or bindings for RID and IODEF information. An incident could be a benign configuration issue, IT incident, an infraction to a service level agreement (SLA), a system compromise, socially engineered phishing attack, or a denial-of-service (DoS) attack, etc. When an incident is detected, the response may include simply filing a report, notification to the source of the incident, a request to a third party for resolution/mitigation, information sharing on identified indicators of compromise, or a request to locate the source. IODEF defines a data representation that provides a standard format for sharing information commonly exchanged about computer security incidents, which includes indicators with or without the relevant context information. IODEF will be updated to meet the current and future needs, maintaining the built in extensibility, of information sharing where indicators with rich context for actionable sharing is provided. RID enables the secure exchange of incident related information in an IODEF format providing options for security, privacy, and policy setting. MILE leverages collaboration and sharing experiences with the work developed in the INCH working group which includes the data model detailed in the IODEF, existing extensions to the IODEF for Anti-phishing (RFC5901), and RID (RFC6045, RFC6046) for the secure exchange of information. MILE will also leverage the experience gained in using IODEF and RID in operational contexts. Related work, drafted outside of INCH will also be reviewed and includes RFC5941, Sharing Transaction Fraud Data. The MILE working group provides coordination for these various extension efforts to improve the capabilities for exchanging indicator and incident information. MILE has several objectives including the update of IODEF coupled with guidance information to enhance interoperability, deployment ease, and applicability to current information security data sharing use cases. MILE also describes a generalization of RID for secure exchange of other security-relevant XML formats. MILE produces additional guidance needed for the successful exchange of incident information for new use cases according to policy, security, and privacy requirements. Finally, MILE produces a document template with guidance for defining IODEF extensions to be followed when producing extensions to IODEF as appropriate. [Removed laundry list of drafts -- outdated. We should update the milestones below as well] Goals and Milestones: Done - WGLC Real-time Inter-network Defense (RID) Done - WGLC Transport for Real-time Inter-network Defense (RID) Done - Submit Real-time Inter-network Defense (RID) to IESG for consideration as Standards Track document Done - Submit Transport Real-time Inter-network Defense (RID) to IESG for consideration as Standards Track document Done - WGLC Template for extensions to IODEF Done - WGLC IODEF Extensions in IANA XML Registry Apr 2013 - WGLC IODEF Extension to support structured cybersecurity information Done - Submit Template for extensions to IODEF to IESG for consideration as Informational document Done - Submit IODEF Extensions in IANA XML Registry to IESG for consideration as Standards Track document Jun 2013 - Submit IODEF Extension to support structured cybersecurity information to IESG for consideration as Standards Track document. TBD - WGLC RFC 5070bis TBD - Submit RFC 5070bis to IESG for consideration as a Standards Track document TBD - WGLC IODEF Reference Format TBD - Submit IODEF Reference Format to IESG for consideration as a Standards Track document TBD - WGLC Resource-Oriented Indicator Exchange TBD - Submit Resource-Oriented Indicator Exchange to IESG for consideration as a Standards Track document [ old milestone bits below ] [no doc]- WGLC IODEF Guidance [no doc] - Submit IODEF Extension Labeling for data protection, retention, policies, and regulations to IESG for consideration as Standards Track document [no doc] - Submit WGLC IODEF Guidance to IESG for consideration as Informational document May 2012 - WGLC GRC Report Exchange [stalled] Jun 2012 - Submit GRC Report Exchange to IESG for consideration as Standards Track document [stalled] Jun 2012 - WGLC Forensics extension [stalled] Jul 2012 - Submit IODEF Forensics extension to IESG for consideration as Standards Track document [stalled]
- Re: [mile] Updated charter for review Moriarty, Kathleen
- [mile] Updated charter for review Moriarty, Kathleen
- Re: [mile] Updated charter for review Field, John
- Re: [mile] Updated charter for review Moriarty, Kathleen
- Re: [mile] Updated charter for review Field, John
- Re: [mile] Updated charter for review Sean Turner