IETF Logo Mail Archive

Re: [mile] MILE WG draft adoption for RFC6045-bis

"Martin, Robert A." <ramartin@mitre.org> Fri, 28 October 2011 17:31 UTC

Return-Path: <ramartin@mitre.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAE0F21F86D0 for <mile@ietfa.amsl.com>; Fri, 28 Oct 2011 10:31:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E+j-4R+-Fj6O for <mile@ietfa.amsl.com>; Fri, 28 Oct 2011 10:31:10 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id C9F5C21F84BA for <mile@ietf.org>; Fri, 28 Oct 2011 10:31:09 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 31F1721B0E2F; Fri, 28 Oct 2011 13:31:07 -0400 (EDT)
Received: from IMCCAS04.MITRE.ORG (imccas04.mitre.org [129.83.29.81]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 29CEE21B0A9D; Fri, 28 Oct 2011 13:31:07 -0400 (EDT)
Received: from MM169528-pc.local (129.83.31.51) by IMCCAS04.MITRE.ORG (129.83.29.81) with Microsoft SMTP Server id 14.1.339.1; Fri, 28 Oct 2011 13:31:06 -0400
Message-ID: <4EAAE6DA.4080708@mitre.org>
Date: Fri, 28 Oct 2011 13:31:06 -0400
From: "Martin, Robert A." <ramartin@mitre.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: "kathleen.moriarty@emc.com" <kathleen.moriarty@emc.com>
References: <AE31510960917D478171C79369B660FA0E0939FE18@MX06A.corp.emc.com>
In-Reply-To: <AE31510960917D478171C79369B660FA0E0939FE18@MX06A.corp.emc.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "mile@ietf.org" <mile@ietf.org>
Subject: Re: [mile] MILE WG draft adoption for RFC6045-bis
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2011 17:31:11 -0000

Congratualations to all for getting this work area started.

RFC6045 should definetly be adopted by the MILE Working Group.  It fills 
a needed and critical part of the functionality needed to support 
automation in incident handling amongst organizations.

Bob

On 10/25/11 6:25 PM, kathleen.moriarty@emc.com wrote:
> Hello,
>
> Thank you all for your hard work in helping to move us to a WG status!  The next step is to ask for adoption of drafts.
>
> The first document in which I would like to request working group adoption is RFC6045-bis with my hat on as editor of the document.  Please respond to the mailing list within a week (Nov 2nd) stating if you support RFC6045-bis adoption by the working group.  Also, please include if you are willing to review the draft in your response on adoption.
>
> http://tools.ietf.org/html/draft-moriarty-mile-rfc6045-bis-01
>
> A consensus call will follow from Brian Trammell as Working Group chair.
>
> Thank you!
> Kathleen
>
> -----Original Message-----
> From: IESG Secretary [mailto:iesg-secretary@ietf.org]
> Sent: Tuesday, October 25, 2011 12:46 PM
> To: IETF Announcement list
> Cc: Moriarty, Kathleen; trammell@tik.ee.ethz.ch; mile@ietf.org
> Subject: WG Action: Managed Incident Lightweight Exchange (mile)
>
> A new IETF working group has been formed in the Security Area.  For
> additional information, please contact the Area Directors or the WG
> Chairs.
>
> Managed Incident Lightweight Exchange (mile)
> --------------------------------------------
> Status: Proposed Working Group Charter
> Last Updated: 2011-09-21
>
> Chairs:
>       Kathleen Moriarty<Kathleen.Moriarty@emc.com>
>       Brian Trammell<trammell@tik.ee.ethz.ch>
>
> Security Area Directors:
>       Stephen Farrell<stephen.farrell@cs.tcd.ie>
>       Sean Turner<turners@ieca.com>
>
> Security Area Advisor:
>       Sean Turner<turners@ieca.com>
>
> Mailing Lists:
>       General Discussion: mile@ietf.org
>       To Subscribe:       http://www.ietf.org/mailman/listinfo/mile
>       Archive:            http://www.ietf.org/mail-archive/web/mile
>
> Description:
>
> The Managed Incident Lightweight Exchange (MILE) working group will
> develop standards and extensions for the purpose of improving incident
> information sharing and handling capabilities based on the work
> developed in the IETF Extended INCident Handling (INCH) working group.
> The Incident Object Description Exchange Format (IODEF) in RFC5070 and
> Real-time Inter-network Defense (RID) in RFC6045 were developed in the
> INCH working group by international Computer Security Incident Response
> Teams (CSIRTs) and industry to meet the needs of a global community
> interested in sharing, handling, and exchanging incident information.
> The extensions and guidance created by the MILE working group assists
> with the daily operations of CSIRTs at an organization, service
> provider, law enforcement, and at the country level.  The application of
> IODEF and RID to interdomain incident information cooperative exchange
> and sharing has recently expanded and the need for extensions has become
> more important. Efforts continue to deploy IODEF and RID, as well as to
> extend them to support specific use cases covering reporting and
> mitigation of current threats such as anti-phishing extensions.
>
> An incident could be a benign configuration issue, IT incident, an
> infraction to a service level agreement (SLA), a system compromise,
> socially engineered phishing attack, or a denial-of-service (DoS)
> attack, etc.  When an incident is detected, the response may include
> simply filing a report, notification to the source of the incident, a
> request to a third party for resolution/mitigation, or a request to
> locate the source.  IODEF defines a data representation that provides a
> standard format for sharing information commonly exchanged about
> computer security incidents.  RID enables the secure exchange of
> incident related information in an IODEF format providing options for
> security, privacy, and policy setting.
>
> MILE leverages collaboration and sharing experiences with the work
> developed in the INCH working group which includes the data model
> detailed in the IODEF, existing extensions to the IODEF for
> Anti-phishing (RFC5901), and RID (RFC6045, RFC6046) for the secure
> exchange of information.  MILE will also leverage the experience gained
> in using IODEF and RID in operational contexts. Related work, drafted
> outside of INCH will also be reviewed and includes RFC5941, Sharing
> Transaction Fraud Data.
>
> The MILE working group provides coordination for these various extension
> efforts to improve the capabilities for exchanging incident information.
>    MILE has several objectives with the first being a description a
> subset of IODEF focused on ease of deployment and applicability to
> current information security data sharing use cases.  MILE also
> describes a generalization of RID for secure exchange of other
> security-relevant XML formats.  MILE produces additional guidance needed
> for the successful exchange of incident information for new use cases
> according to policy, security, and privacy requirements.  Finally, MILE
> produces a document template with guidance for defining IODEF extensions
> to be followed when producing extensions to IODEF as appropriate, for:
>
>    * labeling incident reports with data protection, data retention, and
>      other policies, regulations, and
>      laws restricting the handling of those reports
>    * referencing structured security information from within incident
>      reports
>    * reporting forensic data generated during an incident investigation
>      (computer or accounting)
>
> The WG will produce the following:
>
>    * An informational document on IODEF Guidance.
>    * A Standards Track document specifying the Real-time Inter-network
>      Defense (RID).
>    * A Standards Track document specifying the transport for RID.
>    * An informational template for extensions to IODEF.
>    * A Standards Track document for IODEF Extensions in IANA XML Registry.
>    * A Standards Track document for IODEF Extension to support
>      structured cybersecurity information.
>    * A Standards Track document for Labeling for data protection,
>      retention, policies, and regulations.
>    * A Standards Track document for GRC Report Exchange.
>    * A Standards Track document for IODEF Extension to support forensics.
>
> The drafts under consideration as WG items include:
>     * Real-time Inter-network Defense (RID) bis:
>        draft-moriarty-mile-rfc6045-bis-01
>     * Transport of Real-time Inter-network Defense (RID) Messages bis:
>        draft-trammell-mile-rfc6046-bis-00
>     * Template for extensions to IODEF:
>        draft-trammell-mile-template-01.txt
>     * IODEF Extensions in IANA XML Registry:
>        draft-trammell-mile-iodef-xmlreg-00.txt
>     * GRC Report Exchange (Generalized RID for XML reports/documents):
>        draft-moriarty-mile-grc-exchange-00.txt
>     * IODEF-extension to support structured cybersecurity information:
>        draft-takahashi-mile-sci-00.txt
>
> Milestones
>
> WGLC = Working Group Last Call
>
> 2011-11 - WGLC Real-time Inter-network Defense (RID)
> 2011-11 - WGLC Transport for Real-time Inter-network Defense (RID)
> 2011-12 - Submit Real-time Inter-network Defense (RID) to IESG for
>             consideration as Standards Track document
> 2011-12 - Submit Transport Real-time Inter-network Defense (RID) to
>             IESG for consideration as Standards Track document
> 2011-12 - WGLC Template for extensions to IODEF
> 2011-12 - WGLC IODEF Extensions in IANA XML Registry
> 2011-12 - WGLC IODEF Extension to support structured cybersecurity
>             information
> 2012-02 - Submit Template for extensions to IODEF to IESG for
>             consideration as Informational document
> 2012-02 - Submit IODEF Extensions in IANA XML Registry to IESG for
>             consideration as Standards Track document
> 2012-02 - Submit IODEF Extension to support structured cybersecurity
>             information to IESG for consideration as Standards Track
>             document
> 2012-03 - WGLC IODEF Extension Labeling for data protection, retention,
>             policies, and regulations
> 2012-03 - WGLC IODEF Guidance
> 2012-04 - Submit IODEF Extension Labeling for data protection,
>             retention, policies, and regulations to IESG for
>             consideration as Standards Track document
> 2012-04 - Submit WGLC IODEF Guidance to IESG for consideration as
>             Informational document
> 2012-05 - WGLC GRC Report Exchange
> 2012-06 - Submit GRC Report Exchange to IESG for consideration as
>             Standards Track document
> 2012-06 - WGLC Forensics extension
> 2012-07 - Submit IODEF Forensics extension to IESG for consideration as
>             Standards Track document
>
>
> _______________________________________________
> mile mailing list
> mile@ietf.org
> https://www.ietf.org/mailman/listinfo/mile
> .
>

v2.23.0 | Report a Bug | By Email