Re: [mile] Proposed MILE charter
"Martin, Robert A." <ramartin@mitre.org> Wed, 21 September 2011 16:13 UTC
Return-Path: <ramartin@mitre.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D0131F0CAD for <mile@ietfa.amsl.com>; Wed, 21 Sep 2011 09:13:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.524
X-Spam-Level:
X-Spam-Status: No, score=-6.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TOO-VnFOoMyz for <mile@ietfa.amsl.com>; Wed, 21 Sep 2011 09:13:19 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id E7BDB1F0CA9 for <mile@ietf.org>; Wed, 21 Sep 2011 09:13:18 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 8A40721B129E; Wed, 21 Sep 2011 12:15:47 -0400 (EDT)
Received: from IMCCAS03.MITRE.ORG (imccas03.mitre.org [129.83.29.80]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 8349121B0DC9; Wed, 21 Sep 2011 12:15:47 -0400 (EDT)
Received: from MM169528-pc.local (129.83.31.51) by IMCCAS03.MITRE.ORG (129.83.29.80) with Microsoft SMTP Server id 14.1.270.1; Wed, 21 Sep 2011 12:15:46 -0400
Message-ID: <4E7A0DA4.1000704@mitre.org>
Date: Wed, 21 Sep 2011 12:15:32 -0400
From: "Martin, Robert A." <ramartin@mitre.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: mile@ietf.org
References: <CA9F71E7.205F4%kent_landfield@mcafee.com>
In-Reply-To: <CA9F71E7.205F4%kent_landfield@mcafee.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [mile] Proposed MILE charter
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2011 16:13:20 -0000
Agree. This body of work will be a valuable addition for everyone in this topic area. On 9/21/11 11:52 AM, Kent_Landfield@McAfee.com wrote: > I think this is a solid charter that does a good job of stating what we are trying to achieve in the proposed working group. > > Kent Landfield > Director Content Strategy, Architecture and Standards > > McAfee, Inc. > 5000 Headquarters Dr. > Plano, Texas 75024 > > Direct: +1.972.963.7096 > Mobile: +1.817.637.8026 > Web: www.mcafee.com<http://www.mcafee.com/> > > From: "kathleen.moriarty@emc.com<mailto:kathleen.moriarty@emc.com>"<kathleen.moriarty@emc.com<mailto:kathleen.moriarty@emc.com>> > Date: Wed, 21 Sep 2011 10:34:13 -0500 > To: "mile@ietf.org<mailto:mile@ietf.org>"<mile@ietf.org<mailto:mile@ietf.org>> > Subject: [mile] Proposed MILE charter > > An updated version of the proposed charter is included below, this should be the final. Thank you for the review and comments! > > Best regards, > Kathleen > > > Managed Incident Lightweight Exchange (mile) > -------------------------------------------- > > Proposed Working Group Charter > > Chairs: > TBD > > Security Area Directors: > Stephen Farrell<stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie><mailto:stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>>> > Sean Turner<turners@ieca.com<mailto:turners@ieca.com><mailto:turners@ieca.com<mailto:turners@ieca.com<mailto:turners@ieca.com>>> > > Security Area Advisor: > Sean Turner<turners@ieca.com<mailto:turners@ieca.com><mailto:turners@ieca.com<mailto:turners@ieca.com<mailto:turners@ieca.com>>>> > > Mailing Lists: > General Discussion: mile@ietf.org<mailto:mile@ietf.org><mailto:mile@ietf.org<mailto:mile@ietf.org<mailto:mile@ietf.org<mailto:mile@ietf.org<mailto:mile@ietf.org<mailto:mile@ietf.org<mailto:mile@ietf.org>>> > To Subscribe: http://www.ietf.org/mailman/listinfo/mile > Archive: http://www.ietf.org/mail-archive/web/mile > > Description: > > The Managed Incident Lightweight Exchange (MILE) working group will > develop standards and extensions for the purpose of improving incident > information sharing and handling capabilities based on the work > developed in the IETF Extended INCident Handling (INCH) working group. > The Incident Object Description Exchange Format (IODEF) in RFC5070 and > Real-time Inter-network Defense (RID) in RFC6045 were developed in the > INCH working group by international Computer Security Incident Response > Teams (CSIRTs) and industry to meet the needs of a global community > interested in sharing, handling, and exchanging incident information. > The extensions and guidance created by the MILE working group assists > with the daily operations of CSIRTs at an organization, service > provider, law enforcement, and at the country level. The application of > IODEF and RID to interdomain incident information cooperative exchange > and sharing has recently expanded and the need for extensions has become > more important. Efforts continue to deploy IODEF and RID, as well as to > extend them to support specific use cases covering reporting and > mitigation of current threats such as anti-phishing extensions. > > An incident could be a benign configuration issue, IT incident, an > infraction to a service level agreement (SLA), a system compromise, > socially engineered phishing attack, or a denial-of-service (DoS) > attack, etc. When an incident is detected, the response may include > simply filing a report, notification to the source of the incident, a > request to a third party for resolution/mitigation, or a request to > locate the source. IODEF defines a data representation that provides a > standard format for sharing information commonly exchanged about > computer security incidents. RID enables the secure exchange of > incident related information in an IODEF format providing options for > security, privacy, and policy setting. > > MILE leverages collaboration and sharing experiences with the work > developed in the INCH working group which includes the data model > detailed in the IODEF, existing extensions to the IODEF for > Anti-phishing (RFC5901), and RID (RFC6045, RFC6046) for the secure > exchange of information. MILE will also leverage the experience gained > in using IODEF and RID in operational contexts. Related work, drafted > outside of INCH will also be reviewed and includes RFC5941, Sharing > Transaction Fraud Data. > > The MILE working group provides coordination for these various extension > efforts to improve the capabilities for exchanging incident information. > MILE has several objectives with the first being a description a > subset of IODEF focused on ease of deployment and applicability to > current information security data sharing use cases. MILE also > describes a generalization of RID for secure exchange of other > security-relevant XML formats. MILE produces additional guidance needed > for the successful exchange of incident information for new use cases > according to policy, security, and privacy requirements. Finally, MILE > produces a document template with guidance for defining IODEF extensions > to be followed when producing extensions to IODEF as appropriate, for: > > * labeling incident reports with data protection, data retention, and > other policies, regulations, and > laws restricting the handling of those reports > * referencing structured security information from within incident > reports > * reporting forensic data generated during an incident investigation > (computer or accounting) > > The WG will produce the following: > > * An informational document on IODEF Guidance. > * A Standards Track document specifying the Real-time Inter-network > Defense (RID). > * A Standards Track document specifying the transport for RID. > * An informational template for extensions to IODEF. > * A Standards Track document for IODEF Extensions in IANA XML Registry. > * A Standards Track document for IODEF Extension to support > structured cybersecurity information. > * A Standards Track document for Labeling for data protection, > retention, policies, and regulations. > * A Standards Track document for GRC Report Exchange. > * A Standards Track document for IODEF Extension to support forensics. > > The drafts under consideration as WG items include: > * Real-time Inter-network Defense (RID) bis: > draft-moriarty-mile-rfc6045-bis-01 > * Transport of Real-time Inter-network Defense (RID) Messages bis: > draft-trammell-mile-rfc6046-bis-00 > * Template for extensions to IODEF: > draft-trammell-mile-template-01.txt > * IODEF Extensions in IANA XML Registry: > draft-trammell-mile-iodef-xmlreg-00.txt > * GRC Report Exchange (Generalized RID for XML reports/documents): > draft-moriarty-mile-grc-exchange-00.txt > * IODEF-extension to support structured cybersecurity information: > draft-takahashi-mile-sci-00.txt > > Milestones > > WGLC = Working Group Last Call > > 2011-11 - WGLC Real-time Inter-network Defense (RID) > 2011-11 - WGLC Transport for Real-time Inter-network Defense (RID) > 2011-12 - Submit Real-time Inter-network Defense (RID) to IESG for > consideration as Standards Track document > 2011-12 - Submit Transport Real-time Inter-network Defense (RID) to > IESG for consideration as Standards Track document > 2011-12 - WGLC Template for extensions to IODEF > 2011-12 - WGLC IODEF Extensions in IANA XML Registry > 2011-12 - WGLC IODEF Extension to support structured cybersecurity > information > 2012-02 - Submit Template for extensions to IODEF to IESG for > consideration as Informational document > 2012-02 - Submit IODEF Extensions in IANA XML Registry to IESG for > consideration as Standards Track document > 2012-02 - Submit IODEF Extension to support structured cybersecurity > information to IESG for consideration as Standards Track > document > 2012-03 - WGLC IODEF Extension Labeling for data protection, retention, > policies, and regulations > 2012-03 - WGLC IODEF Guidance > 2012-04 - Submit IODEF Extension Labeling for data protection, > retention, policies, and regulations to IESG for > consideration as Standards Track document > 2012-04 - Submit WGLC IODEF Guidance to IESG for consideration as > Informational document > 2012-05 - WGLC GRC Report Exchange > 2012-06 - Submit GRC Report Exchange to IESG for consideration as > Standards Track document > 2012-06 - WGLC Forensics extension > 2012-07 - Submit IODEF Forensics extension to IESG for consideration as > Standards Track document > > > > _______________________________________________ > mile mailing list > mile@ietf.org<mailto:mile@ietf.org> > https://www.ietf.org/mailman/listinfo/mile > > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile > . >
- [mile] Proposed MILE charter kathleen.moriarty
- Re: [mile] Proposed MILE charter Kent_Landfield
- Re: [mile] Proposed MILE charter Martin, Robert A.
- Re: [mile] Proposed MILE charter kathleen.moriarty
- [mile] Finding documents kathleen.moriarty