Re: [mile] early AD-review of draft-ietf-mile-template
<kathleen.moriarty@emc.com> Thu, 26 April 2012 19:31 UTC
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 718E521E8175 for <mile@ietfa.amsl.com>; Thu, 26 Apr 2012 12:31:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.539
X-Spam-Level:
X-Spam-Status: No, score=-10.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G+UFGxs-sh7l for <mile@ietfa.amsl.com>; Thu, 26 Apr 2012 12:31:21 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id 7156521F8764 for <mile@ietf.org>; Thu, 26 Apr 2012 12:31:21 -0700 (PDT)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q3QJVJ5d023115 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 Apr 2012 15:31:19 -0400
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.222.130]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor); Thu, 26 Apr 2012 15:31:14 -0400
Received: from mxhub08.corp.emc.com (mxhub08.corp.emc.com [128.222.70.205]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q3QJVCx3003305; Thu, 26 Apr 2012 15:31:12 -0400
Received: from mxhub39.corp.emc.com (128.222.70.106) by mxhub08.corp.emc.com (128.222.70.205) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 26 Apr 2012 15:30:25 -0400
Received: from mx06a.corp.emc.com ([169.254.1.106]) by mxhub39.corp.emc.com ([128.222.70.106]) with mapi; Thu, 26 Apr 2012 15:31:07 -0400
From: kathleen.moriarty@emc.com
To: turners@ieca.com, mile@ietf.org
Date: Thu, 26 Apr 2012 15:31:10 -0400
Thread-Topic: [mile] early AD-review of draft-ietf-mile-template
Thread-Index: Ac0j4gU5GR4ZpJXPRQuEiWvNjdmg8AAAHUZA
Message-ID: <AE31510960917D478171C79369B660FA0E9532A1CD@MX06A.corp.emc.com>
References: <4F999FB4.5070403@ieca.com>
In-Reply-To: <4F999FB4.5070403@ieca.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: Re: [mile] early AD-review of draft-ietf-mile-template
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2012 19:31:22 -0000
Thanks, Sean! In an attempt to help at #2, we could also consider the following definition of an incident (section 2.2.7) from early work setting the initial IODE requirements. The definition covers a security incident and an IT incident. http://tools.ietf.org/html/rfc3067 Thanks, Kathleen -----Original Message----- From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On Behalf Of Sean Turner Sent: Thursday, April 26, 2012 3:19 PM To: mile@ietf.org Subject: [mile] early AD-review of draft-ietf-mile-template Here's my early AD-review. spt -------------- 1) s1: r/a section Appendix A/a section (Appendix A) 2) s1: r/of an Internet-Draft/for an Internet-Draft 3) s2, bullet 1: Definition of "incident": Not sure if you want to do this, but there's a definition in RFC 4949 (the internet security glossary) for incident and that points to security incident: $ security incident 1. (I) A security event that involves a security violation. (See: CERT, security event, security intrusion, security violation.) I think this is also pretty vague, but it might give those who need a clue maybe some more clue. Basically just add an informative reference to RFC 4949. Up to you. 4) s2, bullet 2: Contains the following statement: If, after detailed examination of the problem area and the IODEF specification, ... How about we add the concept of examination *and consultation* to not so subtly suggest that people openly talk about their idea with this community (or at least somebody in the know) before embarking on doing an internet-draft. So maybe: If, after detailed examination and consultation (possibly with the IODEF Expert reviewer) of the problem area and the IODEF specification, ... * Trying to figure out where the IODEF expert will be listed so we can point to it, but we can add the pointer later. 5) s7.1: The reference for 5226 is probably now informative? Update the reference to 6545. Drop reference to 3688. 6) Appendix A: I'm mildly concerned that somebody will read this and say "well hold on there you might be conflicting with the RFC editor's requirements." I think you probably need to add some text in the intro that says that any rules, as specified by the RFC editor, obviously take precedent to anything in this draft and that the latest version of the RFC editor's style guide should be consulted (http://www.rfc-editor.org/styleguide.html) for additional instructions. Might also be worth mentioning that you're not going to talk about the abstract, status of this memo, copy right, and author addresses sections. 7) A.4.1: Can the types be extended/updated? If so, then should that be mentioned here? 8) In A.5 it's worth noting that this section is required by the RFC editor. You might also be worth an informative reference to RFC 3552 - though some people dislike this RFC (adding this reference is up to you). 9) A.6: Isn't the point of an extension document is that something is *always* registered? If it is, then isn't this section always required? 10) A.7: Worth pointing out that this is required by the RFC editor. 11) A.8: r/should/will in the following: Each of the examples in section Appendix A.9 should be verified to validate against this schema by automated tools. Under what circumstance would they not be? 12) A.8 and A.9 and I guess all appendices in this draft, should we require that they explicitly be marked as normative parts of the document? 13) Appendix B: Should we make up something to register as opposed to using something real? Maybe something like lottery #? _______________________________________________ mile mailing list mile@ietf.org https://www.ietf.org/mailman/listinfo/mile
- [mile] early AD-review of draft-ietf-mile-template Sean Turner
- Re: [mile] early AD-review of draft-ietf-mile-tem… kathleen.moriarty
- Re: [mile] early AD-review of draft-ietf-mile-tem… Sean Turner
- Re: [mile] early AD-review of draft-ietf-mile-tem… Brian Trammell
- Re: [mile] early AD-review of draft-ietf-mile-tem… Sean Turner
- Re: [mile] early AD-review of draft-ietf-mile-tem… Brian Trammell
- Re: [mile] early AD-review of draft-ietf-mile-tem… Sean Trner
- Re: [mile] early AD-review of draft-ietf-mile-tem… kathleen.moriarty