Re: [mile] [Issue #9] Mapping @restriction to TLP
Jerome Athias <athiasjerome@gmail.com> Mon, 29 July 2013 14:03 UTC
Return-Path: <athiasjerome@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF32D21F96DA for <mile@ietfa.amsl.com>; Mon, 29 Jul 2013 07:03:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.194
X-Spam-Level:
X-Spam-Status: No, score=-2.194 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, URI_HEX=0.368]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xliKwEVNnKsP for <mile@ietfa.amsl.com>; Mon, 29 Jul 2013 07:03:51 -0700 (PDT)
Received: from mail-pb0-x229.google.com (mail-pb0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 5F7D321F961F for <mile@ietf.org>; Mon, 29 Jul 2013 07:03:51 -0700 (PDT)
Received: by mail-pb0-f41.google.com with SMTP id rp16so4732489pbb.28 for <mile@ietf.org>; Mon, 29 Jul 2013 07:03:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=azeorWJnx++d7upbt9K6Hyd3pHN0IzXXBPcC+94h5Es=; b=CqHaBalu4ocLQe9XdnPuyZPdZ9Vjf6zPV23updbRFnLHaAGXA7M6u1dr25aaYjDFQT SyvAG6aiKHcvcwj7pw2DI7pYhUmBbpU4kLUBqdcOi0+lJCUJcWSyG77LoJMM3XTy/Wv7 DPscFf9R/s+viu7KESxyTiu/tT1s9v78k+WapzUts+Noasxtcl34CdB3wUFv73dCPscx doY+7ALG5LqkONk3fRhzUPBLIBkwqHe8gdD58zSgdZjxhuPdF6SZbmifplsQNml3FB+h 03md+lE9l6n4LloEzzGu8z5Nx/EyCNPbXCsScoInHuNJdzHX9PmOwSptXYDGZUn5okN7 w7hA==
MIME-Version: 1.0
X-Received: by 10.69.8.65 with SMTP id di1mr60851569pbd.32.1375106631097; Mon, 29 Jul 2013 07:03:51 -0700 (PDT)
Received: by 10.70.103.46 with HTTP; Mon, 29 Jul 2013 07:03:51 -0700 (PDT)
In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC13C561DA@marathon>
References: <359EC4B99E040048A7131E0F4E113AFC13C561DA@marathon>
Date: Mon, 29 Jul 2013 16:03:51 +0200
Message-ID: <CAA=AuEdZKcNYbgGxJFF133CFjFTCuedUC2bvxj7ZUw_wmTB-BA@mail.gmail.com>
From: Jerome Athias <athiasjerome@gmail.com>
To: "Roman D. Danyliw" <rdd@cert.org>
Content-Type: multipart/alternative; boundary="047d7b5d48dc46676b04e2a6f634"
Cc: "mile@ietf.org" <mile@ietf.org>
Subject: Re: [mile] [Issue #9] Mapping @restriction to TLP
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2013 14:03:53 -0000
Hi, It makes sense for me :) (I will cross-post this to this STIX discution http://making-security-measurable.1364806.n2.nabble.com/STIX-Profiles-td7580626.html) 2013/7/29 Roman D. Danyliw <rdd@cert.org> > Hi! > > See http://trac.tools.ietf.org/wg/mile/trac/ticket/9. > > The @restriction attribute is currently defined as follows: > > 1. public. There are no restrictions placed in the information. > > 2. need-to-know. The information may be shared with other > parties that are involved in the incident as determined by the > recipient of this document (e.g., multiple victim sites can be > informed of each other). > > 3. private. The information may not be shared. > > 4. default. The information can be shared according to an > information disclosure policy pre-arranged by the > communicating parties. > > Would there be interest in migrating this definition to align with the > Traffic Light Protocol originally developed by the UK National > Infrastructure Security Coordination Centre, now Center for the Protection > of National Infrastructure (http://www.cpni.gov.uk/)? See the following: > > US-CERT description, www.us-cert.gov/tlp > > Wikipedia reference, http://en.wikipedia.org/wiki/Traffic_Light_Protocol > > The current @restriction would require redefinition as the current > 'need-to-know' does not map to a defined TLP category. The proposal is to > map as follows: > > red <--> private > amber <--> need-to-know > green <--> (new proposed value) partner > white <--> public > > 1. public. The information may be freely distributed without restriction. > > 2. partner. The information may be shared within a closed community of > peers, partners, or affected parties, but cannot be published openly. > > 3. need-to-know. The information may be shared only with members of > their own organization that have a need to know. > > 4. private. The information may not be shared. It is intended only for > the named recipients. > > 5. default. The information can be shared according to an information > disclosure policy pre-arranged by the communicating parties. > > 6. white. Same as public. > > 7. green. Same as partner. > > 8. amber. Same as need-to-know. > > 9. red. Same as private. > > The down-side of this proposal is that IODEFv2 (MILE) will have different > semantics for an identical value present in IODEFv1 (INCH). Any community > or application accustomed to tagging data as @restriction="need-to-know" in > v1 would now need to use @restriction="partner" or "green" otherwise the > information will be restricted more than intended. However, > 'partner'/'green' might be too permissive depending on the definition of > the consortium. > > Roman > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile >
- [mile] [Issue #9] Mapping @restriction to TLP Roman D. Danyliw
- Re: [mile] [Issue #9] Mapping @restriction to TLP Jerome Athias
- Re: [mile] [Issue #9] Mapping @restriction to TLP Patrick Curry