IETF Logo Mail Archive

[mile] Updated charter for review

"Moriarty, Kathleen" <kathleen.moriarty@emc.com> Tue, 26 March 2013 20:48 UTC

Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6E7521F8600 for <mile@ietfa.amsl.com>; Tue, 26 Mar 2013 13:48:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s+ME8qglYAoR for <mile@ietfa.amsl.com>; Tue, 26 Mar 2013 13:48:10 -0700 (PDT)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id EA8D221F8554 for <mile@ietf.org>; Tue, 26 Mar 2013 13:48:02 -0700 (PDT)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r2QKm0xk029143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <mile@ietf.org>; Tue, 26 Mar 2013 16:48:01 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd02.lss.emc.com [10.254.221.253]) by hop04-l1d11-si02.isus.emc.com (RSA Interceptor) for <mile@ietf.org>; Tue, 26 Mar 2013 16:47:41 -0400
Received: from mxhub33.corp.emc.com (mxhub33.corp.emc.com [10.254.93.81]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r2QKlfhv013443 for <mile@ietf.org>; Tue, 26 Mar 2013 16:47:41 -0400
Received: from mx15a.corp.emc.com ([169.254.1.81]) by mxhub33.corp.emc.com ([::1]) with mapi; Tue, 26 Mar 2013 16:47:40 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: "mile@ietf.org" <mile@ietf.org>
Date: Tue, 26 Mar 2013 16:47:39 -0400
Thread-Topic: Updated charter for review
Thread-Index: Ac4qYye3LkhMGx3rQjuIbJ1ARFHetA==
Message-ID: <F5063677821E3B4F81ACFB7905573F24DA7FE28C@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_F5063677821E3B4F81ACFB7905573F24DA7FE28CMX15Acorpemccom_"
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: [mile] Updated charter for review
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2013 20:48:11 -0000

As discussed at the MILE meeting, we need to revise the charter.  Brian and I updated the charter and it is attached for review and comment to the list.

Thank you in advance!

Best regards,
Kathleen & Brian



Managed Incident Lightweight Exchange (mile)
--------------------------------------------

 Charter

 Current Status: Active

 Chairs:
     Kathleen Moriarty
     Brian Trammell

 Security Area Directors:
     Stephen Farrell
     Sean Turner

 Security Area Advisor:
     Sean Turner

 Mailing Lists:
     General Discussion: mile@ietf.org
     To Subscribe:       https://www.ietf.org/mailman/listinfo/mile
     Archive:            http://www.ietf.org/mail-archive/web/mile/

Description of Working Group:


    The Managed Incident Lightweight Exchange (MILE) working group will develop
    standards for the purpose of improving incident and indicator information
    sharing and handling capabilities based on the work developed in the IETF
    Extended INCident Handling (INCH) working group. The Incident Object
    Description Exchange Format (IODEF) in RFC5070 and Real-time Inter-network
    Defense (RID) in RFC6045 were developed in the INCH working group by
    international Computer Security Incident Response Teams (CSIRTs) and
    industry to meet the needs of a global community interested in sharing,
    handling, and exchanging incident and indicator information.

    The working group will define enhancements and extensions to IODEF and RID
    and provide guidance for applying them. It will also focus on improving the
    interoperability of existing and new IODEF implementations, and the
    interoperation of IODEF and its extensions and enhancements with related
    standards for information sharing. The extensions and guidance created by
    the MILE working group assists with the daily operations of CSIRTs at an
    organization, service providers, law enforcement, and at the national level.

    The working group has completed Proposed Standard revisions of RID (RFC 6545)
    and RID transport (RFC 6546). Given that this transport supports a specific
    workflow, and other workflows may be used by other communities, the working
    group will consider the development of alternate transport or bindings for RID and
    IODEF information.

    An incident could be a benign configuration issue, IT incident, an
    infraction to a service level agreement (SLA), a system compromise,
    socially engineered phishing attack, or a denial-of-service (DoS)
    attack, etc.  When an incident is detected, the response may include
    simply filing a report, notification to the source of the incident, a
    request to a third party for resolution/mitigation, information sharing on identified indicators of compromise, or a request to
    locate the source.  IODEF defines a data representation that provides a
    standard format for sharing information commonly exchanged about
    computer security incidents, which includes indicators with or without the relevant context information.  IODEF will be updated to meet the current and future needs, maintaining the built in extensibility, of information sharing where indicators with rich context for actionable sharing is provided.  RID enables the secure exchange of
    incident related information in an IODEF format providing options for
    security, privacy, and policy setting.

    MILE leverages collaboration and sharing experiences with the work
    developed in the INCH working group which includes the data model
    detailed in the IODEF, existing extensions to the IODEF for
    Anti-phishing (RFC5901), and RID (RFC6045, RFC6046) for the secure
    exchange of information.  MILE will also leverage the experience gained
    in using IODEF and RID in operational contexts. Related work, drafted
    outside of INCH will also be reviewed and includes RFC5941, Sharing
    Transaction Fraud Data.

    The MILE working group provides coordination for these various extension
    efforts to improve the capabilities for exchanging indicator and incident information.
    MILE has several objectives including the update of IODEF coupled with guidance information
    to enhance interoperability, deployment ease, and applicability to current
    information security data sharing use cases. MILE also describes a
    generalization of RID for secure exchange of other security-relevant XML
    formats. MILE produces additional guidance needed for the successful
    exchange of incident information for new use cases according to policy,
    security, and privacy requirements. Finally, MILE produces a document
    template with guidance for defining IODEF extensions to be followed when
    producing extensions to IODEF as appropriate.

    [Removed laundry list of drafts -- outdated. We should update the milestones below as well]

Goals and Milestones:
  Done     - WGLC Real-time Inter-network Defense (RID)
  Done     - WGLC Transport for Real-time Inter-network Defense (RID)
  Done     - Submit Real-time Inter-network Defense (RID) to IESG for consideration as Standards Track document
  Done     - Submit Transport Real-time Inter-network Defense (RID) to IESG for consideration as Standards Track document
  Done     - WGLC Template for extensions to IODEF
  Done     - WGLC IODEF Extensions in IANA XML Registry
  Apr 2013 - WGLC IODEF Extension to support structured cybersecurity information
  Done     - Submit Template for extensions to IODEF to IESG for consideration as Informational document
  Done     - Submit IODEF Extensions in IANA XML Registry to IESG for consideration as Standards Track document
  Jun 2013 - Submit IODEF Extension to support structured cybersecurity information to IESG for consideration as Standards Track document.
  TBD      - WGLC RFC 5070bis
  TBD      - Submit RFC 5070bis to IESG for consideration as a Standards Track document
  TBD      - WGLC IODEF Reference Format
  TBD      - Submit IODEF Reference Format to IESG for consideration as a Standards Track document
  TBD      - WGLC Resource-Oriented Indicator Exchange
  TBD      - Submit Resource-Oriented Indicator Exchange to IESG for consideration as a Standards Track document

  [ old milestone bits below ]

  [no doc]- WGLC IODEF Guidance
  [no doc] - Submit IODEF Extension Labeling for data protection, retention, policies, and regulations to IESG for consideration as Standards Track document
  [no doc] - Submit WGLC IODEF Guidance to IESG for consideration as Informational document
  May 2012 - WGLC GRC Report Exchange [stalled]
  Jun 2012 - Submit GRC Report Exchange to IESG for consideration as Standards Track document [stalled]
  Jun 2012 - WGLC Forensics extension [stalled]
  Jul 2012 - Submit IODEF Forensics extension to IESG for consideration as Standards Track document [stalled]

v2.23.0 | Report a Bug | By Email