Re: [mile] [EXT] WGLC for CSIRT draft
"Haynes Jr., Dan" <dhaynes@mitre.org> Mon, 21 October 2019 20:38 UTC
Return-Path: <dhaynes@mitre.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CFF61209C6 for <mile@ietfa.amsl.com>; Mon, 21 Oct 2019 13:38:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p2gzYypWk7PV for <mile@ietfa.amsl.com>; Mon, 21 Oct 2019 13:38:36 -0700 (PDT)
Received: from smtpvbsrv1.mitre.org (smtpvbsrv1.mitre.org [198.49.146.234]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0C8D12098E for <mile@ietf.org>; Mon, 21 Oct 2019 13:38:35 -0700 (PDT)
Received: from smtpvbsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 4FB75332003; Mon, 21 Oct 2019 16:38:34 -0400 (EDT)
Received: from smtprhbv1.mitre.org (unknown [129.83.19.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtpvbsrv1.mitre.org (Postfix) with ESMTPS id 430CF332012; Mon, 21 Oct 2019 16:38:34 -0400 (EDT)
Received: from mbfesmtp-mgt.mitre.org (unknown [198.49.146.235]) by smtprhbv1.mitre.org (Postfix) with ESMTP id 3DBB380B24B; Mon, 21 Oct 2019 16:38:34 -0400 (EDT)
Received: by mbfesmtp-mgt.mitre.org (Postfix, from userid 600) id 46xpPk1jdQzkSC; Mon, 21 Oct 2019 20:37:45 +0000 (UTC)
Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-dm2gcc01lp2053.outbound.protection.outlook.com [104.47.63.53]) by mbfesmtp-mgt.mitre.org (Postfix) with ESMTPS id 46xpNj22cwzk1q; Mon, 21 Oct 2019 20:37:41 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DazJPSCmv0HLzi9sHmcHjF97U6Q/QrSQ7Z+IarZfxoSM0zum5eKFUV3/gcL+ZYWTm+bGZZH+GDxt1ZKghjZww/k5cvT4H+UC3Ayr1TNrgaqa2Wrj+KITYnfkW60Y5mK6ZK5bGFHaL+aGgwVKslwf4Gv05fCPojrFcHrozMTOzaZTZpeLcFn2S/4/3ed6srx8/r6pzO7bvVdTJ6jq0zTURt9x2XF00I/UdWsSSEcYXVevsPmksmN8xWO3a9QWNivYTbmRCPNWy2Gq0y4lruwEh/uywCebBRISMbOPMJBTnfNBJm475r3Dj6xJiBtWg/OVLnzubFf6TK6i/hjZ1VNTCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=th4i7QflWX4Kx6vTS1BOJZ5c0PUUUj+OyQLaRPd3Y38=; b=YjVtcp8qDHH/b/ThBnNlLpqOJwUsuSZ5ieTn7jCgQ+mIcNuKSJIRmzQOfM1x6arRt6YDkRpnz9P4Bo3fvAO0wkOrH3sgrYXr9fSuHxaClDTpaBY3MeNEB8f4szqcJBkyP2ixXw8iVRKeR7Pt6vfcptQa9+lPRiIpbBYyv+qMgmLhwWDCWcmH5boDq1xqfHu+Zc1Xh97dGbksh3j4Z0fWUIQGGopCPW2hvXRW7pomiLIyEdvK/wGefFus3sr56RH3jummXncIJDnFVcjD69VbOv3d3rA6c2yTNZLn4LJCJYMBW80SEZYct5gcM7qnuI/mHNjLwPQrQHP0JKGzsYPyaQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mitre.org; dmarc=pass action=none header.from=mitre.org; dkim=pass header.d=mitre.org; arc=none
Received: from DM5PR09MB3736.namprd09.prod.outlook.com (52.132.134.28) by DM5PR09MB1228.namprd09.prod.outlook.com (10.172.39.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.18; Mon, 21 Oct 2019 20:37:40 +0000
Received: from DM5PR09MB3736.namprd09.prod.outlook.com ([fe80::5c76:4a9b:17a0:fb60]) by DM5PR09MB3736.namprd09.prod.outlook.com ([fe80::5c76:4a9b:17a0:fb60%7]) with mapi id 15.20.2367.019; Mon, 21 Oct 2019 20:37:40 +0000
From: "Haynes Jr., Dan" <dhaynes@mitre.org>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [EXT] [mile] WGLC for CSIRT draft
Thread-Index: AQHVck1bQf5AqTcr50itHtKinxErf6dldxmA
Date: Mon, 21 Oct 2019 20:37:40 +0000
Message-ID: <D057D3CA-F560-41F1-80BF-EF9F2B7C425F@mitre.org>
References: <4825_1569270505_5D892AE8_4825_140_1_3EDB65E2-A3CE-4A85-82CE-DFF0B7D02C1C@cisco.com>
In-Reply-To: <4825_1569270505_5D892AE8_4825_140_1_3EDB65E2-A3CE-4A85-82CE-DFF0B7D02C1C@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dhaynes@mitre.org;
x-originating-ip: [192.160.51.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 09a8589c-72a7-4965-748a-08d756668448
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: DM5PR09MB1228:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <DM5PR09MB1228BCDB2020247D82EEA8D6A5690@DM5PR09MB1228.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0197AFBD92
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(376002)(136003)(346002)(39860400002)(199004)(189003)(486006)(102836004)(26005)(6486002)(3846002)(446003)(11346002)(86362001)(25786009)(53546011)(6116002)(476003)(2616005)(36756003)(6506007)(186003)(7736002)(8676002)(229853002)(2906002)(99286004)(6436002)(81166006)(6512007)(81156014)(966005)(54896002)(6306002)(76176011)(66066001)(14454004)(478600001)(6246003)(236005)(2501003)(8936002)(606006)(33656002)(66556008)(64756008)(91956017)(316002)(58126008)(110136005)(5024004)(71200400001)(256004)(71190400001)(5660300002)(76116006)(66946007)(66446008)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR09MB1228; H:DM5PR09MB3736.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KrvKOUngHL9sgzq69sGnqvSByeniMru/elbnyMOnN4nGDRcYfYxBefWilNJrBxkaWYNKPiH+A3bW3e1A+HRyJ0sKPl9A0mCwj9A4LL4Ak8yEJ9YMdRHhu8pwAYigMro3bLc+5v6Fh4NIkAMtZ6SUCvjNBKLodceAXJmrZFnfamuuoYBTPgoWVVnNOc05j6YCZ+LeFaR14a0nt01ULkfKttJg7thCxGTseXmo0i/YGKopLaBdNJHV8gF8ENTocGCGzEw8yN4Ge3ZjvBmZiojCwUhIzN2rYRub6I9tQ3H5AAS7x/La56LGxiJVh6ftpM3j/oHCjfpXKWcr/dY6d+Bp6BTmE+Bq3HI0/vEyV7BdvPts/YHgi34+VWwz2ivQTVr5uul82Xlxi4zzqQKeL2WP4sHvvBC5CCQPBkHuIybAV5FOQBJkQQ6xLiq86jXgCbaq+c1NtCXFLmnzPKC/ygJlYh4Ycv+VINPtID3OeIQa3lY=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_D057D3CAF56041F180BFEF9F2B7C425Fmitreorg_"
MIME-Version: 1.0
X-OriginatorOrg: mitre.org
X-MS-Exchange-CrossTenant-Network-Message-Id: 09a8589c-72a7-4965-748a-08d756668448
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2019 20:37:40.0679 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Kv+BinQmfVrfowAMKGN0yQYCJRoqWWb17nNLKv4LGak6tLU5QPJHpaDQyxvWyyeMQdYwlPYzpu2VqprWHLW0vQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR09MB1228
X-MITRE: 8GQsMWxq66rxk57w
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.org; h=from:to:subject:date:message-id:references:in-reply-to:content-type:mime-version; s=selector1; bh=th4i7QflWX4Kx6vTS1BOJZ5c0PUUUj+OyQLaRPd3Y38=; b=REh4IqTM1fIGhZShQ2OdDosJwBHojPA38UfAUT+VwubdAyqCsplHjXO+FTNdJWYnwjIPGZTMkPUd09DXIE1rYTNdj4oSuweUZl4zl20rjPY3eByiI3yofRldMbuINKwolGCllFA9+YhvFbxltReuFmIUg9/6/SxVdNn//45beXE=
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/ZiSrzs-VmX3dFMQJg9JPEZYoUdI>
Subject: Re: [mile] [EXT] WGLC for CSIRT draft
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 20:38:39 -0000
Hi Nancy and Stephen,
I have some minor nits and questions.
* Abstract
* Change “This document extends…to add the information type categories…(CSIRT) use cases.” to “This document extends…to add the indicator and incident information type categories…(CSIRT) use cases.”
* Remove “The indicator and incident information types are defined as ROLIE extensions.”
* Section 2
* Should this also reference RFC 8174?
* Section 3.1
* Change “…that in is the abstract realm…” to “…that is in the abstract realm…”.
* Section 3.1
* Change “Some examples of indicator information is provided below,…” to “Some examples of indicator information are provided below,…”.
* Section 4.2.2
* Is “Feed” a defined term?
* Section 4.3
* Change “day-to=day” should be “day-to-day”.
* Section 4.3.1
* Bullet 4: Change “…element in the attached MISP Event .” to “…element in the attached MISP Event.”.
* Bullet 5: Change “This ensures better compatibility…and a MISP Manifest” to “This ensures better compatibility…and a MISP Manifest.”.
* Section 5.1
* Change “If a ROLIE server supports…MUST be support” to “If a ROLIE server supports the incident information-type, then these link relations MUST be supported.”
* Section 5.2
* Change “If a ROLIE server supports…MUST be supported.” to “If a ROLIE server supports the indicator information-type, then these link relations MUST be supported.”
* Section 8
* Change “When sharing IODEF 2 documents…” to “When sharing IODEF Version 2 documents.”.
Beyond that, I am comfortable with moving this draft forward.
Thanks,
Danny
From: mile <mile-bounces@ietf.org> on behalf of "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
Date: Monday, September 23, 2019 at 4:29 PM
To: "mile@ietf.org" <mile@ietf.org>
Subject: [EXT] [mile] WGLC for CSIRT draft
Fellow MILE participants,
This is a Working Group Last Call for https://datatracker.ietf.org/doc/draft-ietf-mile-rolie-csirt/
Please provide your review and feedback to the draft’s readiness by Oct 21st so that we can move it forward.
Warm regards,
Nancy
- [mile] WGLC for CSIRT draft Nancy Cam-Winget (ncamwing)
- Re: [mile] [EXT] WGLC for CSIRT draft Haynes Jr., Dan
- Re: [mile] [EXT] WGLC for CSIRT draft Jessica Fitzgerald-McKay
- Re: [mile] [EXT] WGLC for CSIRT draft Banghart, Stephen A. (Fed)