Re: [mile] MILE WG draft adoption for RFC6045-bis
"Martin, Robert A." <ramartin@mitre.org> Fri, 28 October 2011 17:31 UTC
Return-Path: <ramartin@mitre.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAE0F21F86D0 for <mile@ietfa.amsl.com>; Fri, 28 Oct 2011 10:31:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E+j-4R+-Fj6O for <mile@ietfa.amsl.com>; Fri, 28 Oct 2011 10:31:10 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id C9F5C21F84BA for <mile@ietf.org>; Fri, 28 Oct 2011 10:31:09 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 31F1721B0E2F; Fri, 28 Oct 2011 13:31:07 -0400 (EDT)
Received: from IMCCAS04.MITRE.ORG (imccas04.mitre.org [129.83.29.81]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 29CEE21B0A9D; Fri, 28 Oct 2011 13:31:07 -0400 (EDT)
Received: from MM169528-pc.local (129.83.31.51) by IMCCAS04.MITRE.ORG (129.83.29.81) with Microsoft SMTP Server id 14.1.339.1; Fri, 28 Oct 2011 13:31:06 -0400
Message-ID: <4EAAE6DA.4080708@mitre.org>
Date: Fri, 28 Oct 2011 13:31:06 -0400
From: "Martin, Robert A." <ramartin@mitre.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: "kathleen.moriarty@emc.com" <kathleen.moriarty@emc.com>
References: <AE31510960917D478171C79369B660FA0E0939FE18@MX06A.corp.emc.com>
In-Reply-To: <AE31510960917D478171C79369B660FA0E0939FE18@MX06A.corp.emc.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "mile@ietf.org" <mile@ietf.org>
Subject: Re: [mile] MILE WG draft adoption for RFC6045-bis
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2011 17:31:11 -0000
Congratualations to all for getting this work area started. RFC6045 should definetly be adopted by the MILE Working Group. It fills a needed and critical part of the functionality needed to support automation in incident handling amongst organizations. Bob On 10/25/11 6:25 PM, kathleen.moriarty@emc.com wrote: > Hello, > > Thank you all for your hard work in helping to move us to a WG status! The next step is to ask for adoption of drafts. > > The first document in which I would like to request working group adoption is RFC6045-bis with my hat on as editor of the document. Please respond to the mailing list within a week (Nov 2nd) stating if you support RFC6045-bis adoption by the working group. Also, please include if you are willing to review the draft in your response on adoption. > > http://tools.ietf.org/html/draft-moriarty-mile-rfc6045-bis-01 > > A consensus call will follow from Brian Trammell as Working Group chair. > > Thank you! > Kathleen > > -----Original Message----- > From: IESG Secretary [mailto:iesg-secretary@ietf.org] > Sent: Tuesday, October 25, 2011 12:46 PM > To: IETF Announcement list > Cc: Moriarty, Kathleen; trammell@tik.ee.ethz.ch; mile@ietf.org > Subject: WG Action: Managed Incident Lightweight Exchange (mile) > > A new IETF working group has been formed in the Security Area. For > additional information, please contact the Area Directors or the WG > Chairs. > > Managed Incident Lightweight Exchange (mile) > -------------------------------------------- > Status: Proposed Working Group Charter > Last Updated: 2011-09-21 > > Chairs: > Kathleen Moriarty<Kathleen.Moriarty@emc.com> > Brian Trammell<trammell@tik.ee.ethz.ch> > > Security Area Directors: > Stephen Farrell<stephen.farrell@cs.tcd.ie> > Sean Turner<turners@ieca.com> > > Security Area Advisor: > Sean Turner<turners@ieca.com> > > Mailing Lists: > General Discussion: mile@ietf.org > To Subscribe: http://www.ietf.org/mailman/listinfo/mile > Archive: http://www.ietf.org/mail-archive/web/mile > > Description: > > The Managed Incident Lightweight Exchange (MILE) working group will > develop standards and extensions for the purpose of improving incident > information sharing and handling capabilities based on the work > developed in the IETF Extended INCident Handling (INCH) working group. > The Incident Object Description Exchange Format (IODEF) in RFC5070 and > Real-time Inter-network Defense (RID) in RFC6045 were developed in the > INCH working group by international Computer Security Incident Response > Teams (CSIRTs) and industry to meet the needs of a global community > interested in sharing, handling, and exchanging incident information. > The extensions and guidance created by the MILE working group assists > with the daily operations of CSIRTs at an organization, service > provider, law enforcement, and at the country level. The application of > IODEF and RID to interdomain incident information cooperative exchange > and sharing has recently expanded and the need for extensions has become > more important. Efforts continue to deploy IODEF and RID, as well as to > extend them to support specific use cases covering reporting and > mitigation of current threats such as anti-phishing extensions. > > An incident could be a benign configuration issue, IT incident, an > infraction to a service level agreement (SLA), a system compromise, > socially engineered phishing attack, or a denial-of-service (DoS) > attack, etc. When an incident is detected, the response may include > simply filing a report, notification to the source of the incident, a > request to a third party for resolution/mitigation, or a request to > locate the source. IODEF defines a data representation that provides a > standard format for sharing information commonly exchanged about > computer security incidents. RID enables the secure exchange of > incident related information in an IODEF format providing options for > security, privacy, and policy setting. > > MILE leverages collaboration and sharing experiences with the work > developed in the INCH working group which includes the data model > detailed in the IODEF, existing extensions to the IODEF for > Anti-phishing (RFC5901), and RID (RFC6045, RFC6046) for the secure > exchange of information. MILE will also leverage the experience gained > in using IODEF and RID in operational contexts. Related work, drafted > outside of INCH will also be reviewed and includes RFC5941, Sharing > Transaction Fraud Data. > > The MILE working group provides coordination for these various extension > efforts to improve the capabilities for exchanging incident information. > MILE has several objectives with the first being a description a > subset of IODEF focused on ease of deployment and applicability to > current information security data sharing use cases. MILE also > describes a generalization of RID for secure exchange of other > security-relevant XML formats. MILE produces additional guidance needed > for the successful exchange of incident information for new use cases > according to policy, security, and privacy requirements. Finally, MILE > produces a document template with guidance for defining IODEF extensions > to be followed when producing extensions to IODEF as appropriate, for: > > * labeling incident reports with data protection, data retention, and > other policies, regulations, and > laws restricting the handling of those reports > * referencing structured security information from within incident > reports > * reporting forensic data generated during an incident investigation > (computer or accounting) > > The WG will produce the following: > > * An informational document on IODEF Guidance. > * A Standards Track document specifying the Real-time Inter-network > Defense (RID). > * A Standards Track document specifying the transport for RID. > * An informational template for extensions to IODEF. > * A Standards Track document for IODEF Extensions in IANA XML Registry. > * A Standards Track document for IODEF Extension to support > structured cybersecurity information. > * A Standards Track document for Labeling for data protection, > retention, policies, and regulations. > * A Standards Track document for GRC Report Exchange. > * A Standards Track document for IODEF Extension to support forensics. > > The drafts under consideration as WG items include: > * Real-time Inter-network Defense (RID) bis: > draft-moriarty-mile-rfc6045-bis-01 > * Transport of Real-time Inter-network Defense (RID) Messages bis: > draft-trammell-mile-rfc6046-bis-00 > * Template for extensions to IODEF: > draft-trammell-mile-template-01.txt > * IODEF Extensions in IANA XML Registry: > draft-trammell-mile-iodef-xmlreg-00.txt > * GRC Report Exchange (Generalized RID for XML reports/documents): > draft-moriarty-mile-grc-exchange-00.txt > * IODEF-extension to support structured cybersecurity information: > draft-takahashi-mile-sci-00.txt > > Milestones > > WGLC = Working Group Last Call > > 2011-11 - WGLC Real-time Inter-network Defense (RID) > 2011-11 - WGLC Transport for Real-time Inter-network Defense (RID) > 2011-12 - Submit Real-time Inter-network Defense (RID) to IESG for > consideration as Standards Track document > 2011-12 - Submit Transport Real-time Inter-network Defense (RID) to > IESG for consideration as Standards Track document > 2011-12 - WGLC Template for extensions to IODEF > 2011-12 - WGLC IODEF Extensions in IANA XML Registry > 2011-12 - WGLC IODEF Extension to support structured cybersecurity > information > 2012-02 - Submit Template for extensions to IODEF to IESG for > consideration as Informational document > 2012-02 - Submit IODEF Extensions in IANA XML Registry to IESG for > consideration as Standards Track document > 2012-02 - Submit IODEF Extension to support structured cybersecurity > information to IESG for consideration as Standards Track > document > 2012-03 - WGLC IODEF Extension Labeling for data protection, retention, > policies, and regulations > 2012-03 - WGLC IODEF Guidance > 2012-04 - Submit IODEF Extension Labeling for data protection, > retention, policies, and regulations to IESG for > consideration as Standards Track document > 2012-04 - Submit WGLC IODEF Guidance to IESG for consideration as > Informational document > 2012-05 - WGLC GRC Report Exchange > 2012-06 - Submit GRC Report Exchange to IESG for consideration as > Standards Track document > 2012-06 - WGLC Forensics extension > 2012-07 - Submit IODEF Forensics extension to IESG for consideration as > Standards Track document > > > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile > . >
- [mile] MILE WG draft adoption for RFC6045-bis kathleen.moriarty
- Re: [mile] MILE WG draft adoption for RFC6045-bis david.black
- Re: [mile] MILE WG draft adoption for RFC6045-bis Sean Turner
- Re: [mile] MILE WG draft adoption for RFC6045-bis kathleen.moriarty
- Re: [mile] MILE WG draft adoption for RFC6045-bis Takeshi Takahashi
- Re: [mile] MILE WG draft adoption for RFC6045-bis Martin, Robert A.
- Re: [mile] MILE WG draft adoption for RFC6045-bis Kent_Landfield
- Re: [mile] MILE WG draft adoption for RFC6045-bis Adam W. Montville