Re: [mile] MILE WG draft adoption for RFC6045-bis
<david.black@emc.com> Wed, 26 October 2011 14:03 UTC
Return-Path: <david.black@emc.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6C6E21F8B33 for <mile@ietfa.amsl.com>; Wed, 26 Oct 2011 07:03:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.915
X-Spam-Level:
X-Spam-Status: No, score=-105.915 tagged_above=-999 required=5 tests=[AWL=0.684, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RxmY6ShMOas4 for <mile@ietfa.amsl.com>; Wed, 26 Oct 2011 07:03:51 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id 42CFA21F899D for <mile@ietf.org>; Wed, 26 Oct 2011 07:03:51 -0700 (PDT)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p9QE3nq7023786 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <mile@ietf.org>; Wed, 26 Oct 2011 10:03:50 -0400
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.221.253]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor) for <mile@ietf.org>; Wed, 26 Oct 2011 10:03:35 -0400
Received: from mxhub15.corp.emc.com (mxhub15.corp.emc.com [128.221.56.104]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p9QE3Y6I020251 for <mile@ietf.org>; Wed, 26 Oct 2011 10:03:34 -0400
Received: from mx14a.corp.emc.com ([169.254.1.78]) by mxhub15.corp.emc.com ([128.221.56.104]) with mapi; Wed, 26 Oct 2011 10:03:33 -0400
From: david.black@emc.com
To: kathleen.moriarty@emc.com, mile@ietf.org
Date: Wed, 26 Oct 2011 10:03:31 -0400
Thread-Topic: MILE WG draft adoption for RFC6045-bis
Thread-Index: AcyTNeQy1EYhFA+ORpak2LvXdvj3awALb9RQACD0+NA=
Message-ID: <7C4DFCE962635144B8FAE8CA11D0BF1E058D0EF98C@MX14A.corp.emc.com>
References: <AE31510960917D478171C79369B660FA0E0939FE18@MX06A.corp.emc.com>
In-Reply-To: <AE31510960917D478171C79369B660FA0E0939FE18@MX06A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: Re: [mile] MILE WG draft adoption for RFC6045-bis
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2011 14:03:52 -0000
Congratulations on the formation of the WG! The RFC6045-bis draft should be adopted by the mile WG; the draft contains some important improvements over RFC 6045. I've already reviewed the draft, and would be willing to take another look ... as my time availability permits ;-). Thanks, --David ---------------------------------------------------- David L. Black, Distinguished Engineer EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 david.black@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- > -----Original Message----- > From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On Behalf Of kathleen.moriarty@emc.com > Sent: Tuesday, October 25, 2011 6:26 PM > To: mile@ietf.org > Subject: [mile] MILE WG draft adoption for RFC6045-bis > > Hello, > > Thank you all for your hard work in helping to move us to a WG status! The next step is to ask for > adoption of drafts. > > The first document in which I would like to request working group adoption is RFC6045-bis with my hat > on as editor of the document. Please respond to the mailing list within a week (Nov 2nd) stating if > you support RFC6045-bis adoption by the working group. Also, please include if you are willing to > review the draft in your response on adoption. > > http://tools.ietf.org/html/draft-moriarty-mile-rfc6045-bis-01 > > A consensus call will follow from Brian Trammell as Working Group chair. > > Thank you! > Kathleen > > -----Original Message----- > From: IESG Secretary [mailto:iesg-secretary@ietf.org] > Sent: Tuesday, October 25, 2011 12:46 PM > To: IETF Announcement list > Cc: Moriarty, Kathleen; trammell@tik.ee.ethz.ch; mile@ietf.org > Subject: WG Action: Managed Incident Lightweight Exchange (mile) > > A new IETF working group has been formed in the Security Area. For > additional information, please contact the Area Directors or the WG > Chairs. > > Managed Incident Lightweight Exchange (mile) > -------------------------------------------- > Status: Proposed Working Group Charter > Last Updated: 2011-09-21 > > Chairs: > Kathleen Moriarty <Kathleen.Moriarty@emc.com> > Brian Trammell <trammell@tik.ee.ethz.ch> > > Security Area Directors: > Stephen Farrell <stephen.farrell@cs.tcd.ie> > Sean Turner <turners@ieca.com> > > Security Area Advisor: > Sean Turner <turners@ieca.com> > > Mailing Lists: > General Discussion: mile@ietf.org > To Subscribe: http://www.ietf.org/mailman/listinfo/mile > Archive: http://www.ietf.org/mail-archive/web/mile > > Description: > > The Managed Incident Lightweight Exchange (MILE) working group will > develop standards and extensions for the purpose of improving incident > information sharing and handling capabilities based on the work > developed in the IETF Extended INCident Handling (INCH) working group. > The Incident Object Description Exchange Format (IODEF) in RFC5070 and > Real-time Inter-network Defense (RID) in RFC6045 were developed in the > INCH working group by international Computer Security Incident Response > Teams (CSIRTs) and industry to meet the needs of a global community > interested in sharing, handling, and exchanging incident information. > The extensions and guidance created by the MILE working group assists > with the daily operations of CSIRTs at an organization, service > provider, law enforcement, and at the country level. The application of > IODEF and RID to interdomain incident information cooperative exchange > and sharing has recently expanded and the need for extensions has become > more important. Efforts continue to deploy IODEF and RID, as well as to > extend them to support specific use cases covering reporting and > mitigation of current threats such as anti-phishing extensions. > > An incident could be a benign configuration issue, IT incident, an > infraction to a service level agreement (SLA), a system compromise, > socially engineered phishing attack, or a denial-of-service (DoS) > attack, etc. When an incident is detected, the response may include > simply filing a report, notification to the source of the incident, a > request to a third party for resolution/mitigation, or a request to > locate the source. IODEF defines a data representation that provides a > standard format for sharing information commonly exchanged about > computer security incidents. RID enables the secure exchange of > incident related information in an IODEF format providing options for > security, privacy, and policy setting. > > MILE leverages collaboration and sharing experiences with the work > developed in the INCH working group which includes the data model > detailed in the IODEF, existing extensions to the IODEF for > Anti-phishing (RFC5901), and RID (RFC6045, RFC6046) for the secure > exchange of information. MILE will also leverage the experience gained > in using IODEF and RID in operational contexts. Related work, drafted > outside of INCH will also be reviewed and includes RFC5941, Sharing > Transaction Fraud Data. > > The MILE working group provides coordination for these various extension > efforts to improve the capabilities for exchanging incident information. > MILE has several objectives with the first being a description a > subset of IODEF focused on ease of deployment and applicability to > current information security data sharing use cases. MILE also > describes a generalization of RID for secure exchange of other > security-relevant XML formats. MILE produces additional guidance needed > for the successful exchange of incident information for new use cases > according to policy, security, and privacy requirements. Finally, MILE > produces a document template with guidance for defining IODEF extensions > to be followed when producing extensions to IODEF as appropriate, for: > > * labeling incident reports with data protection, data retention, and > other policies, regulations, and > laws restricting the handling of those reports > * referencing structured security information from within incident > reports > * reporting forensic data generated during an incident investigation > (computer or accounting) > > The WG will produce the following: > > * An informational document on IODEF Guidance. > * A Standards Track document specifying the Real-time Inter-network > Defense (RID). > * A Standards Track document specifying the transport for RID. > * An informational template for extensions to IODEF. > * A Standards Track document for IODEF Extensions in IANA XML Registry. > * A Standards Track document for IODEF Extension to support > structured cybersecurity information. > * A Standards Track document for Labeling for data protection, > retention, policies, and regulations. > * A Standards Track document for GRC Report Exchange. > * A Standards Track document for IODEF Extension to support forensics. > > The drafts under consideration as WG items include: > * Real-time Inter-network Defense (RID) bis: > draft-moriarty-mile-rfc6045-bis-01 > * Transport of Real-time Inter-network Defense (RID) Messages bis: > draft-trammell-mile-rfc6046-bis-00 > * Template for extensions to IODEF: > draft-trammell-mile-template-01.txt > * IODEF Extensions in IANA XML Registry: > draft-trammell-mile-iodef-xmlreg-00.txt > * GRC Report Exchange (Generalized RID for XML reports/documents): > draft-moriarty-mile-grc-exchange-00.txt > * IODEF-extension to support structured cybersecurity information: > draft-takahashi-mile-sci-00.txt > > Milestones > > WGLC = Working Group Last Call > > 2011-11 - WGLC Real-time Inter-network Defense (RID) > 2011-11 - WGLC Transport for Real-time Inter-network Defense (RID) > 2011-12 - Submit Real-time Inter-network Defense (RID) to IESG for > consideration as Standards Track document > 2011-12 - Submit Transport Real-time Inter-network Defense (RID) to > IESG for consideration as Standards Track document > 2011-12 - WGLC Template for extensions to IODEF > 2011-12 - WGLC IODEF Extensions in IANA XML Registry > 2011-12 - WGLC IODEF Extension to support structured cybersecurity > information > 2012-02 - Submit Template for extensions to IODEF to IESG for > consideration as Informational document > 2012-02 - Submit IODEF Extensions in IANA XML Registry to IESG for > consideration as Standards Track document > 2012-02 - Submit IODEF Extension to support structured cybersecurity > information to IESG for consideration as Standards Track > document > 2012-03 - WGLC IODEF Extension Labeling for data protection, retention, > policies, and regulations > 2012-03 - WGLC IODEF Guidance > 2012-04 - Submit IODEF Extension Labeling for data protection, > retention, policies, and regulations to IESG for > consideration as Standards Track document > 2012-04 - Submit WGLC IODEF Guidance to IESG for consideration as > Informational document > 2012-05 - WGLC GRC Report Exchange > 2012-06 - Submit GRC Report Exchange to IESG for consideration as > Standards Track document > 2012-06 - WGLC Forensics extension > 2012-07 - Submit IODEF Forensics extension to IESG for consideration as > Standards Track document > > > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile
- [mile] MILE WG draft adoption for RFC6045-bis kathleen.moriarty
- Re: [mile] MILE WG draft adoption for RFC6045-bis david.black
- Re: [mile] MILE WG draft adoption for RFC6045-bis Sean Turner
- Re: [mile] MILE WG draft adoption for RFC6045-bis kathleen.moriarty
- Re: [mile] MILE WG draft adoption for RFC6045-bis Takeshi Takahashi
- Re: [mile] MILE WG draft adoption for RFC6045-bis Martin, Robert A.
- Re: [mile] MILE WG draft adoption for RFC6045-bis Kent_Landfield
- Re: [mile] MILE WG draft adoption for RFC6045-bis Adam W. Montville