Re: [mile] Mail regarding draft-ietf-mile-rolie-csirt

"Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov> Mon, 22 July 2019 20:59 UTC

Return-Path: <stephen.banghart@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8F411200A3; Mon, 22 Jul 2019 13:59:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IEhuChTZnZYC; Mon, 22 Jul 2019 13:59:07 -0700 (PDT)
Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830127.outbound.protection.outlook.com [40.107.83.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEACF12008C; Mon, 22 Jul 2019 13:59:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZFVnPPqmSFkMSk1ka6PhAwIBUa69abtQw48VsRXDUHEGjzGTxDPCCI7O4Q3fgu8VBMtubDQDlWF/YdSlTtRh1MhrlXMpwYn+h0bpDshXjdJe0BhBieFjF9PB1D3OEV18Dltrro5gmhUBJ1IW5kPWAqz8ytSJBCcKDbjdeECdDEAtQgwVbIdunwlVA9EPHzQRMkhPCix5wmei78PDxKY8hb15CKBD7bs8gPgyxEgcYVzbTGFwcKZnCjVqnMab7MLc2rokVP9gFs4GXDn+ahMRcBA/tKo/+/i70S/2y5jInbvG8K0YZYUwa1/aJ5TnQ77UbGyBYjwwvgrRfB5Ql/16sg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wnDPMrxO2mc4O1pxaSWiuezaXhk+NwK0EhI2gDUfMYE=; b=SJUCpodwYuRUsX6o7q26xS2m54qtWg7e+Aam2eAh7yAatCZt8pHLJrxPVQm7OJtxd9OWXTokz1le7b3u4dfevio2epiP7kUzLuhvB3v+te2Ts3m10nmxJzIUBR4EShIKlX1NJ1d9K/mE0JLOLAWNA0pwe9Ai3wbuVDioxDprP+k1ZA6P6urI02l7hp8277ib9wFzSYcVVoqgFFnTTdl7ev01shCi27uFlZ0bl3n46dCBhKgCaovkIEudnUrRxYq9T74WTfTjihzshuxmHhLS69AageEMz8M414wIWMJuo9M6uwuIwH4oA1FwGqln8TRSFHkMjDjd6KHA568zzDZjoA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=nist.gov;dmarc=pass action=none header.from=nist.gov;dkim=pass header.d=nist.gov;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wnDPMrxO2mc4O1pxaSWiuezaXhk+NwK0EhI2gDUfMYE=; b=mTFNPLZDxyvDunC3EOLD10ROdQ9WaOVy0zrG/+yW82Dd+0YJxYDzGx/PjLq+vAdezjSH5liZ3Z7JhJlggzv/w7dVfQLyiyW8HnlUTSwaNdRF922ETfqhpGwKoehYxrKP9sTsWbETbDZm/T8HWSBIeUI6F5IJ56oF+FYDa0fzBYo=
Received: from BL0PR0901MB4339.namprd09.prod.outlook.com (52.135.44.201) by BL0PR0901MB4465.namprd09.prod.outlook.com (52.135.45.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Mon, 22 Jul 2019 20:59:04 +0000
Received: from BL0PR0901MB4339.namprd09.prod.outlook.com ([fe80::31e7:b20e:80ff:6abb]) by BL0PR0901MB4339.namprd09.prod.outlook.com ([fe80::31e7:b20e:80ff:6abb%2]) with mapi id 15.20.2094.013; Mon, 22 Jul 2019 20:59:03 +0000
From: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
To: Chris Inacio <inacio@cert.org>, "draft-ietf-mile-rolie-csirt@ietf.org" <draft-ietf-mile-rolie-csirt@ietf.org>, "mile@ietf.org" <mile@ietf.org>
Thread-Topic: Mail regarding draft-ietf-mile-rolie-csirt
Thread-Index: AQHVQMyfD9Y3+I2ZLkKNDWlEiK5cGqbXHDmj
Date: Mon, 22 Jul 2019 20:59:03 +0000
Message-ID: <BL0PR0901MB43395BB98063BCBF6BBE793BF0C40@BL0PR0901MB4339.namprd09.prod.outlook.com>
References: <0B46BAAE-71C4-4C12-B13D-F0C874AA0CF1@cert.org>
In-Reply-To: <0B46BAAE-71C4-4C12-B13D-F0C874AA0CF1@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=stephen.banghart@nist.gov;
x-originating-ip: [2610:20:6005:222::20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 98c4da16-c9ba-4935-a1c9-08d70ee76ddc
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BL0PR0901MB4465;
x-ms-traffictypediagnostic: BL0PR0901MB4465:
x-microsoft-antispam-prvs: <BL0PR0901MB44653D9DA90F9BF8AC7BE7DCF0C40@BL0PR0901MB4465.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01068D0A20
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(136003)(366004)(376002)(346002)(39860400002)(51914003)(199004)(189003)(6116002)(81156014)(81166006)(53936002)(6436002)(9686003)(54896002)(55016002)(86362001)(6246003)(14454004)(8676002)(99286004)(478600001)(7736002)(25786009)(110136005)(316002)(2201001)(33656002)(6606003)(91956017)(66574012)(66946007)(66556008)(74316002)(76116006)(66446008)(64756008)(52536014)(66476007)(8936002)(14444005)(256004)(102836004)(11346002)(5660300002)(476003)(46003)(446003)(186003)(2501003)(19627405001)(68736007)(486006)(229853002)(71200400001)(71190400001)(2906002)(76176011)(6506007)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR0901MB4465; H:BL0PR0901MB4339.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 8Wup72bi8ht/tiw62OCUAnhXm8caB2i+/xDwq+QENcHGyLeqaIpp18/TF8clbacXNVKgm4qi6g2S3orl5SAuP2TgA+XvE1NLB+jSUedMtWG8GzmoiFRyIvLtfine7Vme+UMdqMsC466mEW4dCjCglebxaMnzR83MSbosy5fiZWYlv0u+RdJgysPGOHQ/yh0QeqFv7bsdAivww7CcsVPZvfYBapKQZMIHfvYlyIz0cNUfZSrMMwC3xubJKZx1XRNAcEfJqP7bcsBguN7NNvTS1TO0CXqrkjcD1g+buHK6RnfCbtGmdRXrctvt5D3daaXKa4K/miJC9PSKR2tIycEnfflgtfZoMzhJgZg1d1+80sPv4q5K5ZpB97DWmrVBK7MEhKPWaBV8gnjmrJUN4mW4knCz8qGKhPaoqsIn3aROrM8=
Content-Type: multipart/alternative; boundary="_000_BL0PR0901MB43395BB98063BCBF6BBE793BF0C40BL0PR0901MB4339_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 98c4da16-c9ba-4935-a1c9-08d70ee76ddc
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2019 20:59:03.7763 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sab3@NIST.GOV
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR0901MB4465
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/pzr-6egVMrnNP6oYzXz3ptLZJHY>
Subject: Re: [mile] Mail regarding draft-ietf-mile-rolie-csirt
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 20:59:10 -0000

Chris,

Thanks for the review!

Responses below (in bold).

-Stephen

Section 4.1.2 has an empty bullet. And also one in 4.2.2.
-----
Fixed
-----

"that is required and recommended to expose in the MISP Manifest

      format.  THis ensures”


“THis" -> "This"

------
Fixed
------
Section 5:

"This section defines additional link relationships that

   implementations MUST support.  These relationships are not registered
   in the Link Relation IANA table as their use case is too narrow.
   Each relationship is named and described.”


This seems really bizarre.  Why not create the entries in the registry?  (I don’t buy into the narrow use case.)


------

We struggled with this when we first did RFC8322. The Link Relation IANA table contains a relatively small number of relations,
ones that have been registered for general use on the internet. It's stuff like "next" and "prev" and various versioning and archiving links.
I'm of the opinion that the links here in this draft are not for general use on the internet, and it's probably not worth the fight convincing IANA that they are, given that
it wouldn't add much (or any) value to the draft.

I'm happy to discuss if the group sees it differently.
------



Section 6.1 some awkward English:


"These

   categories IODEF content exposure provides valuable metadata for the
   searching and organization of IODEF documents.”

------

Fixed - I rewrote this sentence
------


Security considerations:


Is there any overlap/consideration about how the sharing parameters (private, public, etc.) would map into a ROLIE server?


------

Fixed - Good idea, I've added a new paragraph
------



chris