Re: [mile] Review of rfc5070bis and schema
"Roman D. Danyliw" <rdd@cert.org> Mon, 21 March 2016 21:08 UTC
Return-Path: <rdd@cert.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9871112DB90 for <mile@ietfa.amsl.com>; Mon, 21 Mar 2016 14:08:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b5usert9I6zZ for <mile@ietfa.amsl.com>; Mon, 21 Mar 2016 14:08:18 -0700 (PDT)
Received: from plainfield.sei.cmu.edu (plainfield.sei.cmu.edu [192.58.107.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EB6D12DB8D for <mile@ietf.org>; Mon, 21 Mar 2016 14:08:18 -0700 (PDT)
Received: from timber.sei.cmu.edu (timber.sei.cmu.edu [10.64.21.23]) by plainfield.sei.cmu.edu (8.14.4/8.14.4/1543) with ESMTP id u2LL8HxS002461; Mon, 21 Mar 2016 17:08:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1458594497; bh=IowsvPfhYYX5k9r9K1Bw+daQ2uHr7+PVfmsou2e6DiQ=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version:Sender: Reply-To:Cc; b=k4hPHFnsgTAeFydKmWHQ4XxvkyGaPvrTnjPz578wMW0wg294RSRDRBqumhqFHQYCp +AIESEkNSp79w5oVJLJM2ynNj+NDU4nNsvD8XMCvCSDPQvcmDylyvNgzIbsZcmzS+C bP6ryAp4ONFS6adaFBJEYBDifaskuQ+2pCV5Zo9E=
Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by timber.sei.cmu.edu (8.14.4/8.14.4/1543) with ESMTP id u2LL7lgH016363; Mon, 21 Mar 2016 17:07:47 -0400
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.03.0266.001; Mon, 21 Mar 2016 17:08:14 -0400
From: "Roman D. Danyliw" <rdd@cert.org>
To: "Waltermire, David A." <david.waltermire@nist.gov>, "mile@ietf.org" <mile@ietf.org>
Thread-Topic: Review of rfc5070bis and schema
Thread-Index: AQHRFdcLj611UqhPTkePeRKNT4Py159lD3Tg
Date: Mon, 21 Mar 2016 21:08:14 +0000
Message-ID: <359EC4B99E040048A7131E0F4E113AFCD96ECFC8@marathon>
References: <evyjj7c244y0pg0899sgirbg.1446514147343@email.android.com>
In-Reply-To: <evyjj7c244y0pg0899sgirbg.1446514147343@email.android.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.22.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/pnvK5hsPV2ADMDOLbiG4xT5XEic>
Subject: Re: [mile] Review of rfc5070bis and schema
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 21:08:21 -0000
Hi David! Thanks again for this review. Almost all have been address in versions -16 to -18. Inline is a response to each item. > -----Original Message----- > From: mile [mailto:mile-bounces@ietf.org] On Behalf Of Waltermire, David > Sent: Monday, November 02, 2015 8:29 PM [snip] > Section 2.4: > > The following text is diffecult to parse. Consider rephrasing: > > This relationship between multiple > classes being translated instances of the same text is indicated by a common > identifier set in the translation-id attribute. Rewritten. > Section 2.12: > > Isn't this implemented as the PostalAddressType in the schema not xs:string? Yes. Fixed. > Section 2.16: > > There is a cross reference for the text "Section 3.3.8" that looks like it is > incorrect. No, the cross reference is right. Section 3.3.8 of https://www.w3.org/TR/xmlschema-2/. > General schema Comments: > - The schema is missing an XML declaration at the beginning. Fixed. > - Some type names are inconsistant with the overall type naming scheme > (e.g., systemimpact-type-type) That's intentional. The convention to name the types is "<element name> -dash- <attribute name> -type-". There are several attributes named type so that's why it looks odd. > - The type "yes-no-type" is not referenced in the schema. Removed. > - The outline numbering has many singular subsections (e.g., 3.13.1). This > issue may get raised by the RFC editor and should probably get fixed/clarified > before then. There are fewer now. I don't know how easily fix that and keep the document flow. > - Schema types for the REAL i/d type vary between float and double. Is there > a reason for this (e.g., Counter -> xs:double)? If so, it may make sense to > have specific types in the i/d to reflect the distinction. Fixed. REAL is now consistently xs:float. > - The prefixes used in section 3 and subsections (e.g., ds, xml) should be > documented at the beginning of section 3 for clarity. Could you please clarify. Do you mean where a namespace is used in Section 3, it should explained (e.g., xml:lang or ds:DigestAlgorithm)? > Section 3.2: > > - The cardinality of IndicatorData in the schema is 0..1 while in the i/d it is 0..* Fixed. > - The observable-id attribute is marked as the STRING type, but is an xs:ID > type in the schema. All instances of xs:ID are required to be unique in an XML > instance. For this reason it should be marked as an ID type in the i/d. This > means we need a datatype for ID in section 2. Fixed. ID is a type in Section 2. Currently, Section 2.14. > - The definition for status -> ext-value uses the terminology "An escape > value used to extend this attribute". I recommend against using the term > "escape" here to avoid confusion with escaping. Perhaps it would be better > to use "A value used to indicate that this attribute is extended and the actual > value is provided using the ext-status attribute." Fixed. > Section 3.3: > - The colors values in the restriction class provide mappings to other provided > values, but they do not define the meaning of the colors. They seem to > relate to TLP. Perhaps we should reference the related UK TLP work? It is a reference to the UK. I wasn't able to find a reference. Can you help? > Section 3.6: > - The cardinality of IncidentId, URL, ThreatActor, and Campaign in the schema > are 1..*. In the i/d this matches in the UML text, but not in the diagrams > where they are 0..*. The cardinality on the parent choice (1..*) should allow > the individual elements to be 1..1. Let me know if you have any questions on > this. Fixed. > Section 3.7: > - ThreatActor -> ThreatActorId is inconsistant in the schema (1..1), diagram > (0..1), and text (1..*). > - ThreatActor -> Description is inconsistant in the schema and diagram (0..*), > and text (1..*). Fixed. > Section 3.8 > - Campaign -> CampaignID and Description are inconsistant in the schema > and diagram (0..1), and text (1..*). Fixed > Section 3.9 > - The schema is missing the ext-dtype attribute documented in the i/d. Fixed > Section 3.10 > - Is there a reason that Fax is limited to 0..1? I would guess some > organizations may have more than one Fax #. Fixed. > Section 3.10.2 > - The attribute 'translation-id' is missing in the i/d diagram and text. Fixed. ML_STRING classes are now only depicted once in the document. > Section 3.12.1 > - The requirement for at least one of Description or DetectionConfiguration > can be modeled a xs:choice with 1..* cardinality in the schema. Other classes > can probably be improved in the same way. True. I mentioned this in Prague (?). I thought the WG wasn't concerned about this as long as the text provided the clarity. WG: disagree? > Section 3.13: > - The element 'enum:Reference' in the i/d is not in the enum namespace in > the schema. > > Section 3.13.1: > - The element 'ReferenceName' should be 'enum:ReferenceName' in the i/d > text. > - The text starting with "At least one of these classes MUST be present." > appears to be improperly nested in the i/d. > > Section 3.14: > - The text: > > A least one instance of the possible three impact classes (i.e., Impact, > TimeImpact, or MonetaryImpact) MUST be present. > > Should read as: > > A least one instance of the possible five impact classes (i.e., SystemImpact, > BusinessImpact, TimeImpact, MonetaryImpact, or > IntendedImpact) MUST be present. > > - The IntendedImpact class doesn't appear to be documented in this section. > The text is confusing on this: > > Identically defined as Section 3.14.2 but describes intent rather > than the realized impact. > > Should be: > > Identical to the BusinessImpact class defined in Section 3.14.2, but describes > the intent rather > than the realized impact. Fixed. > Section 3.14.1: > - The attribute 'type' does not have the 'unknown' default value defined in > the schema. 'unknown' is not a valid enum value. > - The attribute 'type' allow the enum value admin in the schema. This value is > not documented in the i/d. > > Section 3.14.3: > - The schema is missing the 'ext-metrics' and 'ext-duration' attributes defined > in the i/d. > > Section 3.14.5: > > The 'Confidence' class is defined in the schme as: > > <xs:element name="Confidence"> > <xs:complexType mixed="true"> > <xs:attribute name="rating" use="required" type="confidence-rating- > type"/> > </xs:complexType> > </xs:element> > > To match the i/d it should be defined in the schema as: > > <xs:element name="Confidence"> > <xs:complexType> > <xs:simpleContent> > <xs:extension base="iodef:PositiveFloatType"> > <xs:attribute name="rating" use="required" type="confidence-rating- > type"/> > </xs:extension> > </xs:simpleContent> > </xs:complexType> > </xs:element> Fixed. > Section 3.15: > - The cardinality for 'HistoryItem' is "One or many." This is different than the > use of "One or more." in the rest of the document. This should be made > consistant with the rest of the draft. Also, check for other cases of this. Fixed. This was a pervasive problem. > Section 3.19: > - The schema allows Node to be 1..* while the i/d diagram and text is 1..1. Fixed 1:1. > Section 3.20: > - The schema defines a NodeRole element that is not documented in the i/d. > - The i/d defines a DateTime element that is not defined in the schema. > > Section 3.20.1: > - The base type of this class is xs:string in the schema. The i/d diagram does > not reflect this. > - Should the default for category be ipv6-addr given the emphasis on > transition? Fixed. > Section 3.20.2: > - The base type of this class is MLString in the schema. The i/d diagram does > not reflect this. Fixed. Classes no longer derive the MLString type. > - The i/d diagram and text is also missing the attribute translation-id. > - NodeRole -> Category is inconsistant where the schema has 'c2-server' and > the i/d has 'c2'. Fixed. > Section 3.20.3: > - The schema is missing the ext-unit attribute. Fixed. > Section 3.21.1: > - The values for 'record-type' are not documented in the i/d. There is a > "TODO" placeholder in the i/d. Fixed. RelatedDNS was redefined as an EXTENSION type. > Section 3.21.3: > - The 'SameDomainContact' element is 1..1 in the schema and 0..1 in the i/d > diagram and text. No, the schema is right. These elements are in an xs:choice, not xs:sequence: <xs:choice> <xs:element ref="iodef:SameDomainContact"/> <xs:element ref="iodef:Contact" minOccurs="1" maxOccurs="unbounded"/> </xs:choice> > Section 3.22: > - The choice between 'Port' and 'Portlist' should be changed to be 1..1 in the > schema to reflect the requirement for one of the two to be used in the i/d. Fixed. > Section 3.22.1: > - The 'IANAService' element is 1..1 in the schema and 0..1 in the i/d diagram > and text, Fixed. > Section 3.22.2: > - The attribute 'proto-name' is an xs:integer in the schema and xs:string in > the i/d. It looks like the schema needs to be changed based on the i/d text. >> - The attribute 'ext-dtype' is missing in the schema. > - the attribute 'dtype' is missing values "portlist" and "path" in the schema. Fixed. Now of type EXTENSION. > Section 3.22.4: > - The attribute has the name 'ext-dtype' in the schema and 'enum-dtype' in > the i/d diagram. > - SoftwareReference -> spec-name -> swid entry needs to have the actual > reference provided. Look for "fix me." Fixed. > Section 3.24: > - The cardnalities of EmailHeaderField, HashData, and SignatureData are 0..* > in the i/d diagram and 0..1 in the schema and i/d text. Fixed. > Section 3.25.1: > - The 'RecordItem' element is 1..* in the schema and 0..* in the i/d diagram > and text. Fixed. > Section 3.26.1: > - The attribute 'observable-id' is missing in the schema. Fixed. > Section 3.27.1: > - The element 'ds: X509Data' has a space in the i/d diagram that should be > removed. Fixed. > Section 3.28.1: > - The element 'FileType' has the type xs:integer in the schema and xs:string > in the i/d. The schema should be changed to xs:string based on the i/d text. > - The elements 'SignatureData' and 'AssociatedSoftware' in the i/d are > named differently in the schema. Fixed. > Section 3.29: > - The attribute 'ext-scope', which is defined in the schema, is missing in the > i/d diagram. Fixed. > Section 3.29.1: > - The element 'ds:CannonicalizationMethod' is 0..1 in the i/d and 1..1 in the > schema. Fixed. 0..1 > Section 3.29.2: > - The element AdditionalData is 0..* in the i/d and 1..1 in the schema. Fixed. > Section 3.32: > - The element 'AlternativeIndicatorID' is 0..* in the schema and 0..1 in the i/d. > - The element 'AdditionalData' is missing in the schema. Fixed. > Section 3.32.3: > - The attributes 'restriction' and 'ext-restriction' are defined in the schema > and are missing in the i/d. > - The element 'Service' is missing in the schema. > - The element 'AdditionalData' is 0..1 in the schema and 0..* in the i/d. > - A choice should be used to model the "extactly one" requirement. Fixed. > Section 3.32.3.1: > - The element 'BulkObservableList' is 0..1 in the schema and 1..1 in the i/d. > - The element 'AdditionalData' is 0..1 in the schema and 0..* in the i/d. Fixed. > Section 3.32.4: > - The cardinality of the elements do not match in the schema and i/d. Fixed. > Section 3.32.6: > - It is not clear what the type "EMPTY" means here. > - I don't recall if the "IDREF" data type was defined in section 2. Fixed. Yes, IDREF is a type in Section 2. > Section 3.32.7: > - It is not clear what the type "EMPTY" means here. > - I don't recall if the "IDREF" data type was defined in section 2. Fixed. Yes, IDREF is a type in Section 2. Thank you again! Roman
- [mile] Review of rfc5070bis and schema Waltermire, David A.
- Re: [mile] Review of rfc5070bis and schema Roman D. Danyliw
- Re: [mile] Review of rfc5070bis and schema Panos Kampanakis (pkampana)
- Re: [mile] Review of rfc5070bis and schema Roman D. Danyliw