IETF Logo Mail Archive

Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Fri, 02 June 2017 19:58 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85E7E124BE8 for <mile@ietfa.amsl.com>; Fri, 2 Jun 2017 12:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Efd2GAlCWgPh for <mile@ietfa.amsl.com>; Fri, 2 Jun 2017 12:58:26 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B89B0128DF2 for <mile@ietf.org>; Fri, 2 Jun 2017 12:58:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6360; q=dns/txt; s=iport; t=1496433505; x=1497643105; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=g4uPHAA+c84hWmaDcUjMh/zI8kjO68bRUn5cVV7NhuU=; b=FsQ184QtQ/BnrnKzY0OAfk7GrtCFgLD/iby7+EsGGPIBDKdHnDCajchk 6olo06PU4pnMKUKltE6NW0dhvA8Hy1MX3+vD7vlUE/mJbOcPQiqihAYl5 frFNndgdwVPExzoEINX+psDucC4vjrOuIQAtABkwuMpjXPkLyXIpUQ5RH 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C5AAB9wjFZ/5RdJa1dGQEBAQEBAQEBAQEBBwEBAQEBg1higQ0Hg2yKGJF6lXyCDyELhXgCGoJiPxgBAgEBAQEBAQFrKIUYAQEBAQMBASEROgsMBAIBCBEDAQEBAwIjAwICAiULFAEICAIEAQ0FCIoiEK8ygiaLFQEBAQEBAQEBAQEBAQEBAQEBAQEBAR2BC4VWgWCDH4MmgVuCe4JgBZ4vAYcgjAGCD1WEZ4o4lFsBHziBCnQVHCqFBhyBY3aIZgGBDAEBAQ
X-IronPort-AV: E=Sophos;i="5.39,286,1493683200"; d="scan'208";a="433232009"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Jun 2017 19:58:24 +0000
Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v52JwOZQ017659 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 2 Jun 2017 19:58:24 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 2 Jun 2017 14:58:24 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1210.000; Fri, 2 Jun 2017 14:58:24 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
CC: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt
Thread-Index: AQHS0xbsJ4uXqpsDSkeVJf8XEvB2oaIA3VkAgAABmACAES1LsA==
Date: Fri, 02 Jun 2017 19:58:24 +0000
Message-ID: <518d25e269574d1f974791427b59633c@XCH-ALN-010.cisco.com>
References: <149546982360.22141.8822534408920138135@ietfa.amsl.com> <31873030dd764236ace2d5eff92b5b78@XCH-ALN-010.cisco.com> <953AB7AC-0BD4-4B27-9EDB-4345BF4BCC4A@cisco.com>
In-Reply-To: <953AB7AC-0BD4-4B27-9EDB-4345BF4BCC4A@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [64.102.56.138]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/tkMuAWbEcqupO5rkX54OrX8KrzY>
Subject: Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2017 19:58:28 -0000

Hi Charles,

Sorry, I just got to this. 

I think that is a good idea if there are interested participants. Note that an IODEF exercise took place in 2013 in section 5.2 which is where many of the lessons learned in the draft came from. 

I know Mio-san and team will be joining the hackathon for some specific tool building. Depending on interested parties, someone could have real-world IODEF documented usecases similar to the appendix and make sure they can be parsed. 

Also, if transport is going to be part of it, I think the transport is out of scope for our draft. RID, ROLIE or XMPP would work. I don't think transport should be part of this though.

Regards,
Panos



-----Original Message-----
From: Charles Eckel (eckelcu) 
Sent: Tuesday, May 23, 2017 9:44 AM
To: Panos Kampanakis (pkampana) <pkampana@cisco.com>; Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>; Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
Cc: mile@ietf.org
Subject: Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt

Just a thought – would it worthwhile to have a hackathon project on interoperable exchange of information by CSIRTs based on the IODEF model and guidance in this draft?
https://www.ietf.org/hackathon/

Cheers,
Charles

-----Original Message-----
From: mile <mile-bounces@ietf.org> on behalf of "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
Date: Monday, May 22, 2017 at 9:24 AM
To: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
Cc: "mile@ietf.org" <mile@ietf.org>
Subject: Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt

    Hi Nancy and Take-san,
    This submission addresses all feedback we received while in the WGLC . 
    Let us know if there is anything else we should address on our end. 
    Thank you,
    Panos
    
    
    
    -----Original Message-----
    From: mile [mailto:mile-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org
    Sent: Monday, May 22, 2017 12:17 PM
    To: i-d-announce@ietf.org
    Cc: mile@ietf.org
    Subject: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt
    
    
    A New Internet-Draft is available from the on-line Internet-Drafts directories.
    This draft is a work item of the Managed Incident Lightweight Exchange of the IETF.
    
            Title           : IODEF Usage Guidance
            Authors         : Panos Kampanakis
                              Mio Suzuki
    	Filename        : draft-ietf-mile-iodef-guidance-10.txt
    	Pages           : 34
    	Date            : 2017-05-22
    
    Abstract:
       The Incident Object Description Exchange Format v2 [RFC7970] defines
       a data representation that provides a framework for sharing
       information commonly exchanged by Computer Security Incident Response
       Teams (CSIRTs) about computer security incidents.  Since the IODEF
       model includes a wealth of available options that can be used to
       describe a security incident or issue, it can be challenging for
       security practitioners to develop tools that can leverage IODEF for
       incident sharing.  This document provides guidelines for IODEF
       implementers.  It also addresses how common security indicators can
       be represented in IODEF and use-cases of how IODEF is being used.
       This document aims to make IODEF's adoption by vendors easier and
       encourage faster and wider adoption of the model by Computer Security
       Incident Response Teams (CSIRTs) around the world.
    
    
    The IETF datatracker status page for this draft is:
    https://datatracker.ietf.org/doc/draft-ietf-mile-iodef-guidance/
    
    There are also htmlized versions available at:
    https://tools.ietf.org/html/draft-ietf-mile-iodef-guidance-10
    https://datatracker.ietf.org/doc/html/draft-ietf-mile-iodef-guidance-10
    
    A diff from the previous version is available at:
    https://www.ietf.org/rfcdiff?url2=draft-ietf-mile-iodef-guidance-10
    
    
    Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.
    
    Internet-Drafts are also available by anonymous FTP at:
    ftp://ftp.ietf.org/internet-drafts/
    
    _______________________________________________
    mile mailing list
    mile@ietf.org
    https://www.ietf.org/mailman/listinfo/mile
    
    _______________________________________________
    mile mailing list
    mile@ietf.org
    https://www.ietf.org/mailman/listinfo/mile

v2.23.0 | Report a Bug | By Email