Re: [mile] New Version Notification - draft-ietf-mile-rolie-02.txt
"Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov> Fri, 03 June 2016 15:29 UTC
Return-Path: <stephen.banghart@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8747912D6EA for <mile@ietfa.amsl.com>; Fri, 3 Jun 2016 08:29:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.891
X-Spam-Level:
X-Spam-Status: No, score=-1.891 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MPUb23dkL3dK for <mile@ietfa.amsl.com>; Fri, 3 Jun 2016 08:29:42 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0118.outbound.protection.outlook.com [23.103.200.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95D1412B010 for <mile@ietf.org>; Fri, 3 Jun 2016 08:20:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wXVoJ0SVNrpixdbMJA1NfD5SVB6UMWhg6i0tSPoexig=; b=qUso91hVfeP2QxGOW3BsyQ3v7JSObFJ6gc92F/38MxLwOGtzX4MaL1MaWGEEdOmPzi+cUaViYhvkmuElow0jrf2JsyucWEuwm+P1R6pMXOn1jH7p8C2aXrKI5aCkfcbTyNYq3tzdl/xJnOowU7PQJdWGrplZEZIrZTAS968W50Y=
Received: from BY1PR09MB0389.namprd09.prod.outlook.com (10.160.106.141) by BY1PR09MB0390.namprd09.prod.outlook.com (10.160.106.142) with Microsoft SMTP Server (TLS) id 15.1.506.9; Fri, 3 Jun 2016 15:20:39 +0000
Received: from BY1PR09MB0389.namprd09.prod.outlook.com ([10.160.106.141]) by BY1PR09MB0389.namprd09.prod.outlook.com ([10.160.106.141]) with mapi id 15.01.0506.013; Fri, 3 Jun 2016 15:20:39 +0000
From: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
To: "mile@ietf.org" <mile@ietf.org>, "mile-chairs@tools.ietf.org" <mile-chairs@tools.ietf.org>, Nancy Cam-Winget <ncamwing@cisco.com>
Thread-Topic: RE: [mile] New Version Notification - draft-ietf-mile-rolie-02.txt
Thread-Index: AdG9q2P7kf5XZMOATp+UEEfHpn459w==
Date: Fri, 03 Jun 2016 15:20:39 +0000
Message-ID: <BY1PR09MB0389CA1E1625945DE38C8CCDF0590@BY1PR09MB0389.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.227.79]
x-ms-office365-filtering-correlation-id: 0d4ec54d-ddef-4323-ea05-08d38bc29eea
x-microsoft-exchange-diagnostics: 1; BY1PR09MB0390; 5:TSitf3G/0TvdplqYCD+g52Fm7qqr6QXb0OFX938wtZioPJwgWUInlyZ4LwgPXfGFB4LckgG4qg06UMC4rCq0sEiz5EJ+36urfjg6zX1PJIyc1BFiOqYvbOyraN5bwSUeA6QmxhbHexTJlgYjAcSF8Q==; 24:0m5jq2j7T4XaBvxi7jc4F8x1qgOESMIVxkGUoMrUCyiY6AsNT4BcFQNEJLIlwiQz2lvacrkFqR4E7tGjjo0q0pLAngMljMjfspFH+wkJhHo=; 7:xpTekk3Fph7nuxmGjiSP5U+HhGE/OYHVH/ejXj2Nd6DkvLpfYSP3r4E5D6nNFwWBljhvuYLmYNz1rOlYRk0oKWmftY38k6m4XUTtAkCNcMdh210H0tqrQXvAfiiIvlqFqu/SBt75fBWDSE4CHxhqWmzdxG1ilSc+9iIDrEaQzg+LEntIXsWz8FMDg63r0e7aCMd2XHLwlFndcc63ij/FqcOpAgMevdn8kQkjvMlw8z8=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR09MB0390;
x-microsoft-antispam-prvs: <BY1PR09MB039072218216C553207E6993F0590@BY1PR09MB0390.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(166708455590820)(192374486261705)(95692535739014)(21748063052155)(17755550239193);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:BY1PR09MB0390; BCL:0; PCL:0; RULEID:; SRVR:BY1PR09MB0390;
x-forefront-prvs: 0962D394D2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(13464003)(5001770100001)(2501003)(8936002)(2420400007)(2900100001)(8676002)(9686002)(66066001)(102836003)(586003)(3660700001)(3846002)(15975445007)(15650500001)(77096005)(10710500007)(122556002)(189998001)(790700001)(81166006)(6116002)(87936001)(3280700002)(2906002)(7110500001)(107886002)(92566002)(74316001)(19580405001)(86362001)(5004730100002)(16236675004)(19580395003)(19625215002)(230783001)(19300405004)(54356999)(50986999)(5003600100002)(76576001)(10400500002)(11100500001)(19617315012)(99286002)(5008740100001)(5002640100001)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR09MB0390; H:BY1PR09MB0389.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY1PR09MB0389CA1E1625945DE38C8CCDF0590BY1PR09MB0389namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2016 15:20:39.1577 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR09MB0390
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/QMbZlf0ErxT_9ue0kMmoFmrptb8>
Subject: Re: [mile] New Version Notification - draft-ietf-mile-rolie-02.txt
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2016 15:29:44 -0000
All, The following is a short summary of the changes we have made to ROLIE in latest draft update and some ideas on the path forward. This new draft is the first step in a series of planned changes and additions to the draft in order to generalize ROLIE to support more general sharing of cyber security information, support greater automation, and enhance the readability, usability, and extensibility of the draft. First and foremost, the major changes to ROLIE in this version of the draft are: * Changed the expansion of the acronym to "Resource-Oriented Lightweight Information Exchange" in order to reflect the idea that ROLIE will be used to exchange any cyber security information, including, but not limited to: Indicators, Incidents, Vulnerabilities, Configuration Checklists, and Software tags. * Rewrote and reduced much of the front matter of the document in order to recast ROLIE in light of its new title and expanded goal. This manifested primarily as removing the CSIRT focus of the Abstract, Introduction, and Background sections. * Created a new supplementary document that contains the CSIRT focused materials and examples. Some background revolving around CSIRT usage of ROLIE and all of the non-normative examples present in section 4 were moved into this document. Specific requirements and link relations for the IODEF and RID formats were also moved into this document. We will be posting this as a new personal draft in the near future. * Began re-working the normative requirements to allow for other information categories. This is ultimately the biggest area of change in the document, and sets up our plan moving forward with ROLIE. The plan for the normative requirements of the content model is to establish an "information-type" IANA table that lists the following: 1. A list of "information-type" category values supported by ROLIE (e.g. indicators, vulnerabilities, configuration checklists, software tags). 2. A short description of each information type. 3. A link to a specification that describes the definition of ROLIE entries for the information type. These additional specifications will describe the expected formats for a given information type, required link relations, and other requirements and usage guidance for an information type in ROLIE. As an example, consider the CSIRT draft as the specification for inclusion of incident and indicator entries in ROLIE. This draft will contain requirements and non-normative examples of using the CSIRT relevant formats (IODEF and RID) with ROLIE. These specifications would be written for each information type we'd like ROLIE to support. This provides for a great deal of extensibility in ROLIE going forward. In terms of the ROLIE draft, moving all format requirements and usage guidance into separate drafts greatly reduces the length and complexity of the ROLIE draft, and creates a more streamlined writing, editing, and reading process. The goal of this next set of changes is to define this IANA table enumerating the specifications for ROLIE information types. This will allow implementers of ROLIE to select the information types that are meaningful to their implementations, supporting the data formats that best suit their needs for their given implementation goals. The specifications in the associated IANA table entries would then provide the specific implementation guidance for the related formats inside ROLIE. Additional new features can be created later by creating extensions over the information type specifications as needed in the future. This draft represents our first steps in this direction. We will be working on the major changes listed above in the GitHub project at https://github.com/CISecurity/ROLIE. The next steps of changing the requirements, creating an IANA table, and writing the additional documents are our current focus of work. Questions, comments, and concerns are welcome. Thanks, Stephen Banghart -----Original Message----- From: mile [mailto:mile-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org Sent: Friday, June 03, 2016 11:07 AM To: mile@ietf.org; mile-chairs@tools.ietf.org; Nancy Cam-Winget <ncamwing@cisco.com> Subject: [mile] New Version Notification - draft-ietf-mile-rolie-02.txt A new version (-02) has been submitted for draft-ietf-mile-rolie: https://www.ietf.org/internet-drafts/draft-ietf-mile-rolie-02.txt The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-mile-rolie/ Diff from previous version: https://www.ietf.org/rfcdiff?url2=draft-ietf-mile-rolie-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. IETF Secretariat. _______________________________________________ mile mailing list mile@ietf.org<mailto:mile@ietf.org> https://www.ietf.org/mailman/listinfo/mile
- [mile] New Version Notification - draft-ietf-mile… internet-drafts
- Re: [mile] New Version Notification - draft-ietf-… Banghart, Stephen A. (Fed)