Re: [mile] Updated charter for review
"Moriarty, Kathleen" <kathleen.moriarty@emc.com> Wed, 27 March 2013 00:00 UTC
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 748AC21F8BCF for <mile@ietfa.amsl.com>; Tue, 26 Mar 2013 17:00:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hrY-RrlpDDtV for <mile@ietfa.amsl.com>; Tue, 26 Mar 2013 17:00:08 -0700 (PDT)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 7877521F8B0C for <mile@ietf.org>; Tue, 26 Mar 2013 17:00:08 -0700 (PDT)
Received: from hop04-l1d11-si03.isus.emc.com (HOP04-L1D11-SI03.isus.emc.com [10.254.111.23]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r2R0076D004425 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <mile@ietf.org>; Tue, 26 Mar 2013 20:00:07 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd06.lss.emc.com [10.254.222.130]) by hop04-l1d11-si03.isus.emc.com (RSA Interceptor) for <mile@ietf.org>; Tue, 26 Mar 2013 20:00:01 -0400
Received: from mxhub20.corp.emc.com (mxhub20.corp.emc.com [10.254.93.49]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r2R000fB000326 for <mile@ietf.org>; Tue, 26 Mar 2013 20:00:00 -0400
Received: from mx15a.corp.emc.com ([169.254.1.81]) by mxhub20.corp.emc.com ([10.254.93.49]) with mapi; Tue, 26 Mar 2013 19:59:59 -0400
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: "mile@ietf.org" <mile@ietf.org>
Date: Tue, 26 Mar 2013 19:59:57 -0400
Thread-Topic: Updated charter for review
Thread-Index: Ac4qYye3LkhMGx3rQjuIbJ1ARFHetAAGQt7A
Message-ID: <F5063677821E3B4F81ACFB7905573F24DA7FE2C9@MX15A.corp.emc.com>
References: <F5063677821E3B4F81ACFB7905573F24DA7FE28C@MX15A.corp.emc.com>
In-Reply-To: <F5063677821E3B4F81ACFB7905573F24DA7FE28C@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_F5063677821E3B4F81ACFB7905573F24DA7FE2C9MX15Acorpemccom_"
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: Re: [mile] Updated charter for review
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2013 00:00:19 -0000
The good news, people are reading it, however, I sent out the wrong version. The corrected one is included in this message. Please provide feedback over the next 2 weeks. We'll move the charter to the next stage in the approval process after April 9th. Thank you! Kathleen Managed Incident Lightweight Exchange (mile) -------------------------------------------- Charter Current Status: Active Chairs: Kathleen Moriarty Brian Trammell Security Area Directors: Stephen Farrell Sean Turner Security Area Advisor: Sean Turner Mailing Lists: General Discussion: mile@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/mile Archive: http://www.ietf.org/mail-archive/web/mile/ Description of Working Group: The Managed Incident Lightweight Exchange (MILE) working group develops standards for the purpose of improving incident and indicator information sharing and handling capabilities. The Incident Object Description Exchange Format (IODEF) in RFC5070 and Real-time Inter-network Defense (RID) in RFC6045 were developed in the INCH working group by international Computer Security Incident Response Teams (CSIRTs) and industry to meet the needs of a global community interested in sharing, handling, and exchanging incident and indicator information. The working group will define enhancements and extensions to IODEF and RID and provide guidance for applying them. It will also focus on improving the interoperability of existing and new IODEF implementations, and the interoperation of IODEF and its extensions and enhancements with related standards for information sharing. The extensions and guidance created by the MILE working group assist with the daily operations of CSIRTs at an organization, service providers, law enforcement, and at the national level. The working group has completed Proposed Standard revisions of RID (RFC 6545) and RID transport (RFC 6546). This transport was designed to meet specific usage requirements of CSIRTs and related industry groups. In order to meet different usage requirements for other communities, the working group will consider alternate transport or bindings for RID and IODEF information. An incident could be a benign configuration issue, IT incident, an infraction to a service level agreement (SLA), a system compromise, socially engineered phishing attack, or a denial-of-service (DoS) attack, etc. When an incident is detected, the response may include simply filing a report, notification to the source of the incident, a request to a third party for resolution/mitigation, information sharing on identified indicators of compromise, or a request to locate the source. IODEF defines a data representation that provides a standard format for sharing information commonly exchanged about computer security incidents, which includes indicators with or without the relevant context information. IODEF will be updated to meet the current and future needs, maintaining the built in extensibility, of information sharing where indicators with rich context for actionable sharing is provided. RID enables the secure exchange of incident related information in an IODEF format providing options for security, privacy, and policy setting. MILE leverages collaboration and sharing experiences with prior work including the IODEF data model detailed in the IODEF, existing extensions to the IODEF for Anti-phishing (RFC5901), and RID (RFC6545, RFC6546) for the secure exchange of information. MILE will also leverage the experience gained in using IODEF and RID in operational contexts. The MILE working group provides coordination for IODEF and RID extensions that improve capabilities for exchanging indicator and incident information. MILE's objectives include the update of IODEF coupled with guidance information to enhance interoperability, deployment ease, and applicability to current information security data sharing use cases. MILE will also describe a generalization of RID for secure exchange of other security-relevant XML formats. MILE will produce additional guidance needed for the successful exchange of indicator and incident information for new use cases according to policy, security, and privacy requirements. Finally, MILE produced a document template with guidance for defining IODEF extensions to be followed when producing extensions to IODEF as appropriate. [Removed laundry list of drafts -- outdated. We should update the milestones below as well] Goals and Milestones: Done - WGLC Real-time Inter-network Defense (RID) Done - WGLC Transport for Real-time Inter-network Defense (RID) Done - Submit Real-time Inter-network Defense (RID) to IESG for consideration as Standards Track document Done - Submit Transport Real-time Inter-network Defense (RID) to IESG for consideration as Standards Track document Done - WGLC Template for extensions to IODEF Done - WGLC IODEF Extensions in IANA XML Registry Apr 2013 - WGLC IODEF Extension to support structured cybersecurity information Done - Submit Template for extensions to IODEF to IESG for consideration as Informational document Done - Submit IODEF Extensions in IANA XML Registry to IESG for consideration as Standards Track document Jun 2013 - Submit IODEF Extension to support structured cybersecurity information to IESG for consideration as Standards Track document. TBD - WGLC RFC 5070bis TBD - Submit RFC 5070bis to IESG for consideration as a Standards Track document TBD - WGLC IODEF Reference Format TBD - Submit IODEF Reference Format to IESG for consideration as a Standards Track document TBD - WGLC Resource-Oriented Indicator Exchange TBD - Submit Resource-Oriented Indicator Exchange to IESG for consideration as a Standards Track document [ old milestone bits below ] [no doc]- WGLC IODEF Guidance [no doc] - Submit IODEF Extension Labeling for data protection, retention, policies, and regulations to IESG for consideration as Standards Track document [no doc] - Submit WGLC IODEF Guidance to IESG for consideration as Informational document May 2012 - WGLC GRC Report Exchange [stalled] Jun 2012 - Submit GRC Report Exchange to IESG for consideration as Standards Track document [stalled] Jun 2012 - WGLC Forensics extension [stalled] Jul 2012 - Submit IODEF Forensics extension to IESG for consideration as Standards Track document [stalled] From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On Behalf Of Moriarty, Kathleen Sent: Tuesday, March 26, 2013 4:48 PM To: mile@ietf.org Subject: [mile] Updated charter for review As discussed at the MILE meeting, we need to revise the charter. Brian and I updated the charter and it is attached for review and comment to the list. Thank you in advance! Best regards, Kathleen & Brian [Outdated draft charter deleted]
- Re: [mile] Updated charter for review Moriarty, Kathleen
- [mile] Updated charter for review Moriarty, Kathleen
- Re: [mile] Updated charter for review Field, John
- Re: [mile] Updated charter for review Moriarty, Kathleen
- Re: [mile] Updated charter for review Field, John
- Re: [mile] Updated charter for review Sean Turner