Re: [mile] [EXT] WGLC for CSIRT draft

"Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov> Mon, 28 October 2019 16:07 UTC

Return-Path: <stephen.banghart@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 703EB1208E5 for <mile@ietfa.amsl.com>; Mon, 28 Oct 2019 09:07:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tspu1uleTdPK for <mile@ietfa.amsl.com>; Mon, 28 Oct 2019 09:07:05 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2091.outbound.protection.outlook.com [40.107.91.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FDCC1208E1 for <mile@ietf.org>; Mon, 28 Oct 2019 09:07:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gh57zx5XT34eh6z2v/sGgLIfSyXQz0gF/PDukzeb6xreDCWi9YazBfajY/ayCEYj3TE/KXfs5X8n1+eNZ9XdR0NPlIaWvv+SbWjlHd5UTycbZvrV5u4pH+Bg1YoOD05a5FcJpjqHvnrjhGieNsB/20zvVM6AtM16g4/26f/Ba06amVldTp+3oJpcsAtBZZ/02PC2QZ1phuVbNBqgXmRMNTEXTRQ5w4FmRLgYWCRJ/k6d6g8xUrUtCgupqVOIHtnmYgY8ESTwkQoRFRF1gXzIMIP11PJFYcEIudJRXx83MphsyPytLimI4CAKEz8D1wriJiSKH/e4CRdi9gppRhxQ/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pfCfwFgVUAWaJHKQWAjyVN0rxtKV+56UqQ7NsV2i77A=; b=cuHaGwvMIyqwpyI6guMIRbDfKPvWCmsaHUzAOfdiUh3rMDPTk+CBm3/PQpfe8+c972wydW7fGKtzW+DTe+epeok7x/Hr5CCWzmmEwOZRNfqGdUXDAU5pE9rOHYm+gkmRfszbaiUK6/hhp2p6MtmiAVKzGGwL0Cl4FzgL4m3gAr5O+XenN8dUOJIx8c2LOgZMHnklQLNMXwnX0/OLBaCL66YYCfPL7oOf/k27epc8RxAU/AWSUowwxB4Qnx5sJqAIwfIUw4whllT205EV8t5rnS6ybmm+wjwqxa0g6Yaj89ItCF+aKvjmIAbvoasH/xzubYxaTGZmp4xTD5G2meFQ4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pfCfwFgVUAWaJHKQWAjyVN0rxtKV+56UqQ7NsV2i77A=; b=DsoEF6/edCVz8T09pGtZYS7W71cGEtW4gGfZ8roNkise8t62/Hlmcv0VPzowXyJ3pybD8JhiuS4p05FhDGbItDlpgsck0P4EC7LBgUt9hbdNAqrrPMER0CMZ7mfDWA3pUaRuPLh6DLegJ7f1B2c5csgNwVOjNvWkAt8Eg+Njxdw=
Received: from BY5PR09MB4456.namprd09.prod.outlook.com (52.135.40.19) by BY5PR09MB4168.namprd09.prod.outlook.com (52.135.42.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Mon, 28 Oct 2019 16:07:03 +0000
Received: from BY5PR09MB4456.namprd09.prod.outlook.com ([fe80::6055:205c:8957:7d8b]) by BY5PR09MB4456.namprd09.prod.outlook.com ([fe80::6055:205c:8957:7d8b%5]) with mapi id 15.20.2387.023; Mon, 28 Oct 2019 16:07:03 +0000
From: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
To: Jessica Fitzgerald-McKay <jmfmckay@gmail.com>, "Haynes Jr., Dan" <dhaynes@mitre.org>
CC: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [mile] [EXT] WGLC for CSIRT draft
Thread-Index: AQHViFx2RYxizVK7YUaQlaW5MRjemadwPV5w
Date: Mon, 28 Oct 2019 16:07:02 +0000
Message-ID: <BY5PR09MB44563C21498A498CA2497816F0660@BY5PR09MB4456.namprd09.prod.outlook.com>
References: <4825_1569270505_5D892AE8_4825_140_1_3EDB65E2-A3CE-4A85-82CE-DFF0B7D02C1C@cisco.com> <D057D3CA-F560-41F1-80BF-EF9F2B7C425F@mitre.org> <CAM+R6NVaM9VYH2dNcsWFTj87y9ezGDNqTN7r_Dv0Jwrqsdhcew@mail.gmail.com>
In-Reply-To: <CAM+R6NVaM9VYH2dNcsWFTj87y9ezGDNqTN7r_Dv0Jwrqsdhcew@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=stephen.banghart@nist.gov;
x-originating-ip: [129.6.196.176]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 453f47c8-1839-427c-adbf-08d75bc0df0a
x-ms-traffictypediagnostic: BY5PR09MB4168:|BY5PR09MB4168:
x-ms-exchange-purlcount: 2
x-ld-processed: 2ab5d82f-d8fa-4797-a93e-054655c61dec,ExtAddr
x-microsoft-antispam-prvs: <BY5PR09MB41684A92F6BB9DB351DD5B08F0660@BY5PR09MB4168.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0204F0BDE2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(136003)(376002)(346002)(366004)(189003)(199004)(51914003)(478600001)(966005)(11346002)(33656002)(110136005)(7736002)(476003)(316002)(102836004)(53546011)(6506007)(55016002)(66556008)(66476007)(5660300002)(14454004)(6246003)(6306002)(64756008)(186003)(99286004)(236005)(606006)(76176011)(7696005)(14444005)(9686003)(54896002)(66446008)(256004)(790700001)(81166006)(6116002)(81156014)(8676002)(66574012)(3846002)(71190400001)(446003)(71200400001)(76116006)(26005)(5024004)(74316002)(229853002)(486006)(8936002)(52536014)(4326008)(2906002)(86362001)(6436002)(25786009)(66066001)(66946007)(5070765005); DIR:OUT; SFP:1102; SCL:1; SRVR:BY5PR09MB4168; H:BY5PR09MB4456.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nwqQFyONTvFLONhdrtvbpJY2DGcIEA5+aaPcZZ1ZglmjBYFWwr6qc6NmvzNU2VHjO/9ebsW5k8ZwbxBCqVX8OqdP9KnoaMDR5minYqLYRst93yo1r2623HkcPOCzFA/RO92kq41nIMkElck5L+rLCQql6TX/pVuX2/980Mq2iXrPb6cjMtRacKhFYoYYtg2J8SFfDw5CkLJRr2XDiXK25oh53NxmHwI1ajgFfw2jyIEqBvdiUmJpp2Ls4J2mGjvelydHdufpVE4wbPPaYFGTC227dSRmKQG5ASW0jMuAjFI2mQfgcQcCrYAn0XXJQ0XPwbZN12CrvDW4I9j40+egUzeB6ua3lZELfxAiK4wWA0SnvxhJP8YKK5m1pH8zWbhTYwBSsM6en/TR7nICVoq29EvT9FtxcwSQnYBL0+xmWtS6PhEafqm3X0gJpN0mFEK6eLPwAJaqVkqrpZzKMmqsb+wsETPvZBvWr4j47XsIWYY=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BY5PR09MB44563C21498A498CA2497816F0660BY5PR09MB4456namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 453f47c8-1839-427c-adbf-08d75bc0df0a
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2019 16:07:02.8907 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Mcaaiw81qtozqyaM8H4eh5LULbH8Vio4fJhQsf4bASgomknA+Tg1l83SBeU4JwOX
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR09MB4168
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/Stj1qszxyZ1jbSnDiuto--jdjP4>
Subject: Re: [mile] [EXT] WGLC for CSIRT draft
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2019 16:07:08 -0000

Jess and Danny,

Thanks for the reviews, I’ll provide my responses to both of your comments inline below.

From: mile <mile-bounces@ietf.org>; On Behalf Of Jessica Fitzgerald-McKay
Sent: Monday, October 21, 2019 6:11 PM
To: Haynes Jr., Dan <dhaynes@mitre.org>;
Cc: mile@ietf.org
Subject: Re: [mile] [EXT] WGLC for CSIRT draft

A few more nits. When these and Danny's edits are addresses, this document is ready to move forward.

Thanks,
Jess

Introduction- Expand CSIRT on first use

The first use is in the abstract and is expanded, I’ll expand it in the introduction as well.

                  - change "ensure the security of their systems" to "improve the security of their systems"

Changed

Section 4.3- edit MISP document section to avoid ending on a preposition ("actively being worked on")


Updated to “MISP is defined by a family of internet drafts currently being developed in the IETF”.

  - link to the MISP drafts, as informative references

Moved from normative to informative

Section 8- edit first comma in first sentence to a semi colon or period

Changed


On Mon, Oct 21, 2019 at 4:38 PM Haynes Jr., Dan <dhaynes@mitre..org<mailto:dhaynes@mitre.org>> wrote:
Hi Nancy and Stephen,

I have some minor nits and questions.


  *   Abstract

     *   Change “This document extends…to add the information type categories…(CSIRT) use cases.” to “This document extends…to add the indicator and incident information type categories…(CSIRT) use cases.”
     *   Remove “The indicator and incident information types are defined as ROLIE extensions.”

Updated both of these.

  *   Section 2

     *   Should this also reference RFC 8174?

Changed

  *   Section 3.1

     *   Change “…that in is the abstract realm…” to “…that is in the abstract realm…”.

Fixed

  *   Section 3.1

     *   Change “Some examples of indicator information is provided below,…” to “Some examples of indicator information are provided below,…”.

Fixed

  *   Section 4.2.2

     *   Is “Feed” a defined term?

I added text in the terminology section that references RFC8322

  *   Section 4.3

     *   Change “day-to=day” should be “day-to-day”.

Fixed

  *   Section 4.3.1

     *   Bullet 4: Change “…element in the attached MISP Event .” to “…element in the attached MISP Event.”.
     *   Bullet 5: Change “This ensures better compatibility…and a MISP Manifest” to “This ensures better compatibility…and a MISP Manifest.”.

Fixed

  *   Section 5.1

     *   Change “If a ROLIE server supports…MUST be support” to “If a ROLIE server supports the incident information-type, then these link relations MUST be supported.”

  *   Section 5.2

     *   Change “If a ROLIE server supports…MUST be supported.” to “If a ROLIE server supports the indicator information-type, then these link relations MUST be supported.”

  *   Section 8

     *   Change “When sharing IODEF 2 documents…” to “When sharing IODEF Version 2 documents.”.



All fixed.

Beyond that, I am comfortable with moving this draft forward.

Thanks,

Danny

From: mile <mile-bounces@ietf.org<mailto:mile-bounces@ietf.org>> on behalf of "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>
Date: Monday, September 23, 2019 at 4:29 PM
To: "mile@ietf.org<mailto:mile@ietf.org>" <mile@ietf.org<mailto:mile@ietf.org>>
Subject: [EXT] [mile] WGLC for CSIRT draft

Fellow MILE participants,

This is a Working Group Last Call for https://datatracker.ietf.org/doc/draft-ietf-mile-rolie-csirt/<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-mile-rolie-csirt%2F&data=02%7C01%7Cstephen.banghart%40nist.gov%7C8aa124fb649e4a5e8c8508d75673984b%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637072926786418770&sdata=3juX7azJHBlXLcsIYcuxo6ft7bbwOtyjjQ88YBMV6jc%3D&reserved=0>

Please provide your review and feedback to the draft’s readiness by Oct 21st so that we can move it forward.

Warm regards,
                Nancy
_______________________________________________
mile mailing list
mile@ietf.org<mailto:mile@ietf.org>
https://www.ietf.org/mailman/listinfo/mile<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fmile&data=02%7C01%7Cstephen.banghart%40nist.gov%7C8aa124fb649e4a5e8c8508d75673984b%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637072926786418770&sdata=7Lv4FDm7hiJz%2BmYfWkH93vTu5BcE9%2BpSLGDXcIaX1s8%3D&reserved=0>