Re: [mile] Updated charter for review
"Field, John" <johnp.field@emc.com> Tue, 02 April 2013 13:57 UTC
Return-Path: <johnp.field@emc.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F156821F87D0 for <mile@ietfa.amsl.com>; Tue, 2 Apr 2013 06:57:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ACLnl37KmH8 for <mile@ietfa.amsl.com>; Tue, 2 Apr 2013 06:57:20 -0700 (PDT)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 2582321F84F8 for <mile@ietf.org>; Tue, 2 Apr 2013 06:57:19 -0700 (PDT)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r32DvHgD019151 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <mile@ietf.org>; Tue, 2 Apr 2013 09:57:19 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd03.lss.emc.com [10.254.221.145]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor) for <mile@ietf.org>; Tue, 2 Apr 2013 09:56:59 -0400
Received: from mxhub04.corp.emc.com (mxhub04.corp.emc.com [10.254.141.106]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r32DuxhA012924 for <mile@ietf.org>; Tue, 2 Apr 2013 09:56:59 -0400
Received: from mx14a.corp.emc.com ([169.254.1.183]) by mxhub04.corp.emc.com ([10.254.141.106]) with mapi; Tue, 2 Apr 2013 09:56:58 -0400
From: "Field, John" <johnp.field@emc.com>
To: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>, "mile@ietf.org" <mile@ietf.org>
Date: Tue, 02 Apr 2013 09:56:57 -0400
Thread-Topic: Updated charter for review
Thread-Index: Ac4qYye3LkhMGx3rQjuIbJ1ARFHetAAGQt7AAUqL+pA=
Message-ID: <B7873C71FEFD6E41B5468506E231FB6E012C50D13F@MX14A.corp.emc.com>
References: <F5063677821E3B4F81ACFB7905573F24DA7FE28C@MX15A.corp.emc.com> <F5063677821E3B4F81ACFB7905573F24DA7FE2C9@MX15A.corp.emc.com>
In-Reply-To: <F5063677821E3B4F81ACFB7905573F24DA7FE2C9@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_B7873C71FEFD6E41B5468506E231FB6E012C50D13FMX14Acorpemcc_"
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: Re: [mile] Updated charter for review
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 13:57:26 -0000
Kathleen, Thanks. Overall I think the charter looks good. I do have two comments/suggestions for the group's consideration. First, I would add one additional sentence at the very beginning, as shown below. In addition, I would add some additional text into the 4th paragraph. (Just in case of CR/LF issues, the 4th paragraph is the paragraph that describes an incident). Here is the charter text with my suggested changes. Thanks, John <add text> An incident is an unplanned event that occurs in an information infrastructure. </add text> An incident could be a benign configuration issue, IT incident, an infraction to a service level agreement (SLA), a system compromise, socially engineered phishing attack, or a denial-of-service (DoS) attack, etc. When an incident is detected, <delete text> the </delete text> <add text> or suspected, there may be a need for organizations to collaborate. This collaboration effort may take several forms including joint analysis, Information dissemination, and/or a coordinated operational response. Examples of </add text> response may include simply filing a report, notification to the source of the incident, a request to a third party for resolution/mitigation, information sharing on identified indicators of compromise, or a request to locate the source. IODEF defines a data representation that provides a standard format for sharing information commonly exchanged about computer security incidents, which includes indicators with or without the relevant context information. IODEF will be updated to meet the current and future needs, maintaining the built in extensibility, of information sharing where indicators with rich context for actionable sharing is provided. RID enables the secure exchange of incident related information in an IODEF format providing options for security, privacy, and policy setting. MILE leverages collaboration and sharing experiences with prior work including the IODEF data model detailed in the IODEF, existing extensions to the IODEF for Anti-phishing (RFC5901), and RID (RFC6545, RFC6546) for the secure exchange of information. MILE will also leverage the experience gained in using IODEF and RID in operational contexts. The MILE working group provides coordination for IODEF and RID extensions that improve capabilities for exchanging indicator and incident information. MILE's objectives include the update of IODEF coupled with guidance information to enhance interoperability, deployment ease, and applicability to current information security data sharing use cases. MILE will also describe a generalization of RID for secure exchange of other security-relevant XML formats. MILE will produce additional guidance needed for the successful exchange of indicator and incident information for new use cases according to policy, security, and privacy requirements. Finally, MILE produced a document template with guidance for defining IODEF extensions to be followed when producing extensions to IODEF as appropriate. From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On Behalf Of Moriarty, Kathleen Sent: Tuesday, March 26, 2013 8:00 PM To: mile@ietf.org Subject: Re: [mile] Updated charter for review The good news, people are reading it, however, I sent out the wrong version. The corrected one is included in this message. Please provide feedback over the next 2 weeks. We'll move the charter to the next stage in the approval process after April 9th. Thank you! Kathleen Managed Incident Lightweight Exchange (mile) -------------------------------------------- Charter Current Status: Active Chairs: Kathleen Moriarty Brian Trammell Security Area Directors: Stephen Farrell Sean Turner Security Area Advisor: Sean Turner Mailing Lists: General Discussion: mile@ietf.org<mailto:mile@ietf.org> To Subscribe: https://www.ietf.org/mailman/listinfo/mile Archive: http://www.ietf.org/mail-archive/web/mile/ Description of Working Group: The Managed Incident Lightweight Exchange (MILE) working group develops standards for the purpose of improving incident and indicator information sharing and handling capabilities. The Incident Object Description Exchange Format (IODEF) in RFC5070 and Real-time Inter-network Defense (RID) in RFC6045 were developed in the INCH working group by international Computer Security Incident Response Teams (CSIRTs) and industry to meet the needs of a global community interested in sharing, handling, and exchanging incident and indicator information. The working group will define enhancements and extensions to IODEF and RID and provide guidance for applying them. It will also focus on improving the interoperability of existing and new IODEF implementations, and the interoperation of IODEF and its extensions and enhancements with related standards for information sharing. The extensions and guidance created by the MILE working group assist with the daily operations of CSIRTs at an organization, service providers, law enforcement, and at the national level. The working group has completed Proposed Standard revisions of RID (RFC 6545) and RID transport (RFC 6546). This transport was designed to meet specific usage requirements of CSIRTs and related industry groups. In order to meet different usage requirements for other communities, the working group will consider alternate transport or bindings for RID and IODEF information. An incident could be a benign configuration issue, IT incident, an infraction to a service level agreement (SLA), a system compromise, socially engineered phishing attack, or a denial-of-service (DoS) attack, etc. When an incident is detected, the response may include simply filing a report, notification to the source of the incident, a request to a third party for resolution/mitigation, information sharing on identified indicators of compromise, or a request to locate the source. IODEF defines a data representation that provides a standard format for sharing information commonly exchanged about computer security incidents, which includes indicators with or without the relevant context information. IODEF will be updated to meet the current and future needs, maintaining the built in extensibility, of information sharing where indicators with rich context for actionable sharing is provided. RID enables the secure exchange of incident related information in an IODEF format providing options for security, privacy, and policy setting. MILE leverages collaboration and sharing experiences with prior work including the IODEF data model detailed in the IODEF, existing extensions to the IODEF for Anti-phishing (RFC5901), and RID (RFC6545, RFC6546) for the secure exchange of information. MILE will also leverage the experience gained in using IODEF and RID in operational contexts. The MILE working group provides coordination for IODEF and RID extensions that improve capabilities for exchanging indicator and incident information. MILE's objectives include the update of IODEF coupled with guidance information to enhance interoperability, deployment ease, and applicability to current information security data sharing use cases. MILE will also describe a generalization of RID for secure exchange of other security-relevant XML formats. MILE will produce additional guidance needed for the successful exchange of indicator and incident information for new use cases according to policy, security, and privacy requirements. Finally, MILE produced a document template with guidance for defining IODEF extensions to be followed when producing extensions to IODEF as appropriate. [Removed laundry list of drafts -- outdated. We should update the milestones below as well] Goals and Milestones: Done - WGLC Real-time Inter-network Defense (RID) Done - WGLC Transport for Real-time Inter-network Defense (RID) Done - Submit Real-time Inter-network Defense (RID) to IESG for consideration as Standards Track document Done - Submit Transport Real-time Inter-network Defense (RID) to IESG for consideration as Standards Track document Done - WGLC Template for extensions to IODEF Done - WGLC IODEF Extensions in IANA XML Registry Apr 2013 - WGLC IODEF Extension to support structured cybersecurity information Done - Submit Template for extensions to IODEF to IESG for consideration as Informational document Done - Submit IODEF Extensions in IANA XML Registry to IESG for consideration as Standards Track document Jun 2013 - Submit IODEF Extension to support structured cybersecurity information to IESG for consideration as Standards Track document. TBD - WGLC RFC 5070bis TBD - Submit RFC 5070bis to IESG for consideration as a Standards Track document TBD - WGLC IODEF Reference Format TBD - Submit IODEF Reference Format to IESG for consideration as a Standards Track document TBD - WGLC Resource-Oriented Indicator Exchange TBD - Submit Resource-Oriented Indicator Exchange to IESG for consideration as a Standards Track document [ old milestone bits below ] [no doc]- WGLC IODEF Guidance [no doc] - Submit IODEF Extension Labeling for data protection, retention, policies, and regulations to IESG for consideration as Standards Track document [no doc] - Submit WGLC IODEF Guidance to IESG for consideration as Informational document May 2012 - WGLC GRC Report Exchange [stalled] Jun 2012 - Submit GRC Report Exchange to IESG for consideration as Standards Track document [stalled] Jun 2012 - WGLC Forensics extension [stalled] Jul 2012 - Submit IODEF Forensics extension to IESG for consideration as Standards Track document [stalled] From: mile-bounces@ietf.org<mailto:mile-bounces@ietf.org> [mailto:mile-bounces@ietf.org] On Behalf Of Moriarty, Kathleen Sent: Tuesday, March 26, 2013 4:48 PM To: mile@ietf.org<mailto:mile@ietf.org> Subject: [mile] Updated charter for review As discussed at the MILE meeting, we need to revise the charter. Brian and I updated the charter and it is attached for review and comment to the list. Thank you in advance! Best regards, Kathleen & Brian [Outdated draft charter deleted]
- Re: [mile] Updated charter for review Moriarty, Kathleen
- [mile] Updated charter for review Moriarty, Kathleen
- Re: [mile] Updated charter for review Field, John
- Re: [mile] Updated charter for review Moriarty, Kathleen
- Re: [mile] Updated charter for review Field, John
- Re: [mile] Updated charter for review Sean Turner