Re: [mile] I-D Action: draft-ietf-mile-rfc5070-bis-16.txt
"Roman D. Danyliw" <rdd@cert.org> Tue, 02 February 2016 02:44 UTC
Return-Path: <rdd@cert.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 217511A6EF0 for <mile@ietfa.amsl.com>; Mon, 1 Feb 2016 18:44:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.298
X-Spam-Level: **
X-Spam-Status: No, score=2.298 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FRT_STOCK2=3.988, J_CHICKENPOX_26=0.6, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_MED=-2.3, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hfmuaxiOahch for <mile@ietfa.amsl.com>; Mon, 1 Feb 2016 18:44:13 -0800 (PST)
Received: from plainfield.sei.cmu.edu (plainfield.sei.cmu.edu [192.58.107.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA6731A6EE9 for <mile@ietf.org>; Mon, 1 Feb 2016 18:44:12 -0800 (PST)
Received: from timber.sei.cmu.edu (timber.sei.cmu.edu [10.64.21.23]) by plainfield.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id u122iBu6015934 for <mile@ietf.org>; Mon, 1 Feb 2016 21:44:11 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1454381051; bh=qFTIQn4CpvZejQID4w0KF/bmqjq9d0KjwY6mgk7Yp4I=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version:Sender: Reply-To:Cc; b=m1FxxzOFhnQW2jxtsxHDbvt+VJbRNEcOPv3BhCwA/D3aWLjh1MnyBDWd+qddmyTVC 75r4+2mdYrCN488qPcpnbyANjgHd1mF/jst40XRH+owjCCJsrYb+yIfoRuxeHNPx9+ KjR3o25TAd3cTA7aWjNFzayHSI7T4r5cpquQk8SM=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by timber.sei.cmu.edu (8.14.4/8.14.4/1456) with ESMTP id u122i70c019152 for <mile@ietf.org>; Mon, 1 Feb 2016 21:44:07 -0500
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0266.001; Mon, 1 Feb 2016 21:44:06 -0500
From: "Roman D. Danyliw" <rdd@cert.org>
To: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [mile] I-D Action: draft-ietf-mile-rfc5070-bis-16.txt
Thread-Index: AQHRXT91TJA3LDC0mk2tekVZ52U1nZ8YDBZA
Date: Tue, 02 Feb 2016 02:44:05 +0000
Message-ID: <359EC4B99E040048A7131E0F4E113AFCD969F185@marathon>
References: <20160201220552.16506.51013.idtracker@ietfa.amsl.com>
In-Reply-To: <20160201220552.16506.51013.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.22.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/LXMv1y68sni7mzXzjz5EImrVYO4>
Subject: Re: [mile] I-D Action: draft-ietf-mile-rfc5070-bis-16.txt
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2016 02:44:15 -0000
The changelog for this draft is as follows: ** (schema) added XML declaration at the top of the schema ** (text) Improve write-up of @translation-id (Section 2.4) ** (text) Added the EXTENSION type (iodef:ExtensionType) and reference it for AdditionalData , RecordItem, FileProperties (Section 2.16) ** (schema) Added ExtensionType@name attribute to name the field (Section 2.16) ** (schema) Made iodef:SoftwareType be a formal UML type, SOFTWARE. Reference it for Application, Operating System and AssociatedSoftware (Section 2.17) ** (text) Defined 0:1 cardinality of IndicatorData in Incident consistent with schema (Section 3.2) ** (text) Fixed type of Incident@observable-id in diagram (Section 3.2) ** (schema) Made @restriction optional in the schema per the text (Section 3.3.1) ** (schema) Redefined PostalAddress, Email, Telephone and Fax for improved internationalization (Section 3.10.2-4) ** (text) Removed Section 2.12, Person or Organization (PERSON data type) as it was not used ** (text) Removed Section 3.11 that described the time classes (Section 3.11) ** (text) Clarify IntendedImpact (Section 3.14) ** (schema) Consistent cardinality in child classes of RelatedActivity (Section 3.6) ** (schema) Define ThreatActor/{ThreatActorID,Description} as O:M consistently in text, diagram and schema (Section 3.7) ** (schema) Define Campaign/{CampaignID,Description} as 0:M consistently in text, diagram and schema (Section 3.8) ** (schema) Added @ext-dtype to ExtensionType missing from the schema but in the text ** (schema) Added AdditionalData@observable-id attribute (Section 3.9) ** (schema) Redefined SystemImpact, BusinessImpact, IntendedImpact and NodeRole to have a child Description class instead of extending iodef:MLStringType per https://mailarchive.ietf.org/arch/msg/mile/ZFL57YU1nYr2vSobRHd1a-OohJQ (Section 3.13) ** (text) Use Reference as the field name in the description of Method (Section 3.13) ** (text) Fixed formatting of Reference class (Section 3.13.1) ** (text) Use enum:ReferenceName as the field name in the description of Reference (Section 3.13.1) ** (schema) {SystemImpact, BusinessImpact}@type is required with a default of 'unknown' per the text (Section 3.14.1 and Section 3.14.2) ** (schema) SystemImpact@{severity,completion} optional per the text (Section 3.14.1) ** (schema) Removed SystemImpact@type="admin" from schema (Section 3.14.1) ** (schema) Added TimeImpact@{ext-metric,ext-duration} to schema per the text (Section 3.14.3) ** (text) Corrected field names in the TimeImpact diagram (Section 3.14.3) ** (schema) Define Confidence as an extension of iodef:PositiveFloatType per the text (Section 3.14.5) ** (schema) Removed inline SystemImpact@completion definition ** (schema) Set System/Node to be 1:1 per the text (Section 3.19) ** (schema) Redefined RelatedDNS to be of type EXTENSION (Section 3.20) (Issue #39) ** (schema) Define Counter to be "xs:float" to be consistent with REAL from UML (Section 3.20) ** (schema) Added Counter@ext-unit missing from the schema but in the text (Section 3.20.3) ** (text) Added missing STRING definition of Address in the class diagram (Section 3.20.1) ** (text) Removed Node/DateTime from the Node diagram (Section 3.20) ** (schema) Removed Node/NodeRole from the schema per the text (Section 3.20) ** (text) Updated diagram of Address to reflect base type (Section 3.20.1) ** (schema) Make Address@category="ipv6-addr" the default (Section 3.20.1) ** (text) Consistent use of "Zero or more" and "One or more" to describe cardinality ** (schema) Removed yes-no-type from schema as it was not used ** (text) Renamed NodeRole@category="c2" to "c2-server" to make the text consistent with the schema (Section 3.20.2) ** (text) Added translation-id and/or xml:lang to diagrams/text where ML_STRING is used (Section 3.20.2) ** (text) Require that Nameserver/Address@category={"ipv4-addr" or "ipv6-addr"} (Section 3.21.2) ** (schema) Redefined ApplicationHeader to use iodef:ExtensionType and use the protocol information from a parent Service class (Section 3.21.2) ** (schema) Redefined EmailHeaderField to use iodef:ExtensionType (section 3.23) ** (text) Clarify cardinality of the classes in Assessment (Section 3.14) ** (text) Added reference to EMAIL data type in definition of EmailFrom (Section 3.24) ** (schema) Added EmailData/EmailTo (Section 3.24) ** (schema) Changed EmailTo, EmailFrom, EmailSubject and EmailX-Mailer to be xs:string (Section 3.24) ** (schema) Reference SignatureData and AssociatedSoftware in File per the text (Section 3.27.1) ** (schema) Added Indicator/AdditionalData per the text (Section 3.31) ** (schema) Added Indicator/{NodeRole, AttackPhase} (Section 3.31) ** (text) Consistent definitions of xml:lang in the text ** (text) Updated description of all ext-* attributes that doesn't include the use of the phrase "escape value" ** (text) Simplified Section 4.3, Validation, by removing the list of parsing considerations ** (text) Ensure all classes that are of defined types (e.g., STRING) reference their data type ** (text) Consistent use of cross references for sub-classes when defining the parent class ** (text) Consistent introduction of the attribute count in the description of a class ** (text) Consistent introduction of the sub-classes in the description of a class ** (text) Consistent documentation of classes that do not have child classes ** (text) Consistent depiction of class diagrams ** (text) Reference the element content of ML_STRING derived classes as STRING ** (schema) Define File/Application as "iodef:Application" (not a nested definition of type="iodef:SoftwareType") ** (schema) Consistent order of recurring attributes (e.g., restriction, observable-id) in all classes ** (text) Removed Paul Stoecker as editor per Chair direction ** (text) reformatted schema to have consistent spacing (Issue #54) > -----Original Message----- > From: mile [mailto:mile-bounces@ietf.org] On Behalf Of internet- > drafts@ietf.org > Sent: Monday, February 1, 2016 5:06 PM > To: i-d-announce@ietf.org > Cc: mile@ietf.org > Subject: [mile] I-D Action: draft-ietf-mile-rfc5070-bis-16.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Managed Incident Lightweight Exchange > Working Group of the IETF. > > Title : The Incident Object Description Exchange Format v2 > Author : Roman Danyliw > Filename : draft-ietf-mile-rfc5070-bis-16.txt > Pages : 163 > Date : 2016-02-01 > > Abstract: > The Incident Object Description Exchange Format (IODEF) defines a > data representation for sharing information commonly exchanged by > Computer Security Incident Response Teams (CSIRTs) about computer > security incidents. This document describes the information model > for the IODEF and provides an associated data model specified with > XML Schema. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-mile-rfc5070-bis/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-mile-rfc5070-bis-16 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-mile-rfc5070-bis-16 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile
- Re: [mile] I-D Action: draft-ietf-mile-rfc5070-bi… Alexey Melnikov
- [mile] I-D Action: draft-ietf-mile-rfc5070-bis-16… internet-drafts
- Re: [mile] I-D Action: draft-ietf-mile-rfc5070-bi… Roman D. Danyliw
- Re: [mile] I-D Action: draft-ietf-mile-rfc5070-bi… Alexey Melnikov
- Re: [mile] I-D Action: draft-ietf-mile-rfc5070-bi… Takeshi Takahashi
- Re: [mile] I-D Action: draft-ietf-mile-rfc5070-bi… Roman D. Danyliw
- Re: [mile] I-D Action: draft-ietf-mile-rfc5070-bi… Roman D. Danyliw
- Re: [mile] I-D Action: draft-ietf-mile-rfc5070-bi… Alexey Melnikov