Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt
"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Fri, 02 June 2017 19:58 UTC
Return-Path: <pkampana@cisco.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85E7E124BE8 for <mile@ietfa.amsl.com>; Fri, 2 Jun 2017 12:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Efd2GAlCWgPh for <mile@ietfa.amsl.com>; Fri, 2 Jun 2017 12:58:26 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B89B0128DF2 for <mile@ietf.org>; Fri, 2 Jun 2017 12:58:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6360; q=dns/txt; s=iport; t=1496433505; x=1497643105; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=g4uPHAA+c84hWmaDcUjMh/zI8kjO68bRUn5cVV7NhuU=; b=FsQ184QtQ/BnrnKzY0OAfk7GrtCFgLD/iby7+EsGGPIBDKdHnDCajchk 6olo06PU4pnMKUKltE6NW0dhvA8Hy1MX3+vD7vlUE/mJbOcPQiqihAYl5 frFNndgdwVPExzoEINX+psDucC4vjrOuIQAtABkwuMpjXPkLyXIpUQ5RH 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C5AAB9wjFZ/5RdJa1dGQEBAQEBAQEBAQEBBwEBAQEBg1higQ0Hg2yKGJF6lXyCDyELhXgCGoJiPxgBAgEBAQEBAQFrKIUYAQEBAQMBASEROgsMBAIBCBEDAQEBAwIjAwICAiULFAEICAIEAQ0FCIoiEK8ygiaLFQEBAQEBAQEBAQEBAQEBAQEBAQEBAR2BC4VWgWCDH4MmgVuCe4JgBZ4vAYcgjAGCD1WEZ4o4lFsBHziBCnQVHCqFBhyBY3aIZgGBDAEBAQ
X-IronPort-AV: E=Sophos;i="5.39,286,1493683200"; d="scan'208";a="433232009"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Jun 2017 19:58:24 +0000
Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v52JwOZQ017659 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 2 Jun 2017 19:58:24 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 2 Jun 2017 14:58:24 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1210.000; Fri, 2 Jun 2017 14:58:24 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
CC: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt
Thread-Index: AQHS0xbsJ4uXqpsDSkeVJf8XEvB2oaIA3VkAgAABmACAES1LsA==
Date: Fri, 02 Jun 2017 19:58:24 +0000
Message-ID: <518d25e269574d1f974791427b59633c@XCH-ALN-010.cisco.com>
References: <149546982360.22141.8822534408920138135@ietfa.amsl.com> <31873030dd764236ace2d5eff92b5b78@XCH-ALN-010.cisco.com> <953AB7AC-0BD4-4B27-9EDB-4345BF4BCC4A@cisco.com>
In-Reply-To: <953AB7AC-0BD4-4B27-9EDB-4345BF4BCC4A@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [64.102.56.138]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/tkMuAWbEcqupO5rkX54OrX8KrzY>
Subject: Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2017 19:58:28 -0000
Hi Charles, Sorry, I just got to this. I think that is a good idea if there are interested participants. Note that an IODEF exercise took place in 2013 in section 5.2 which is where many of the lessons learned in the draft came from. I know Mio-san and team will be joining the hackathon for some specific tool building. Depending on interested parties, someone could have real-world IODEF documented usecases similar to the appendix and make sure they can be parsed. Also, if transport is going to be part of it, I think the transport is out of scope for our draft. RID, ROLIE or XMPP would work. I don't think transport should be part of this though. Regards, Panos -----Original Message----- From: Charles Eckel (eckelcu) Sent: Tuesday, May 23, 2017 9:44 AM To: Panos Kampanakis (pkampana) <pkampana@cisco.com>; Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>; Takeshi Takahashi <takeshi_takahashi@nict.go.jp> Cc: mile@ietf.org Subject: Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt Just a thought – would it worthwhile to have a hackathon project on interoperable exchange of information by CSIRTs based on the IODEF model and guidance in this draft? https://www.ietf.org/hackathon/ Cheers, Charles -----Original Message----- From: mile <mile-bounces@ietf.org> on behalf of "Panos Kampanakis (pkampana)" <pkampana@cisco.com> Date: Monday, May 22, 2017 at 9:24 AM To: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, Takeshi Takahashi <takeshi_takahashi@nict.go.jp> Cc: "mile@ietf.org" <mile@ietf.org> Subject: Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt Hi Nancy and Take-san, This submission addresses all feedback we received while in the WGLC . Let us know if there is anything else we should address on our end. Thank you, Panos -----Original Message----- From: mile [mailto:mile-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org Sent: Monday, May 22, 2017 12:17 PM To: i-d-announce@ietf.org Cc: mile@ietf.org Subject: [mile] I-D Action: draft-ietf-mile-iodef-guidance-10.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Managed Incident Lightweight Exchange of the IETF. Title : IODEF Usage Guidance Authors : Panos Kampanakis Mio Suzuki Filename : draft-ietf-mile-iodef-guidance-10.txt Pages : 34 Date : 2017-05-22 Abstract: The Incident Object Description Exchange Format v2 [RFC7970] defines a data representation that provides a framework for sharing information commonly exchanged by Computer Security Incident Response Teams (CSIRTs) about computer security incidents. Since the IODEF model includes a wealth of available options that can be used to describe a security incident or issue, it can be challenging for security practitioners to develop tools that can leverage IODEF for incident sharing. This document provides guidelines for IODEF implementers. It also addresses how common security indicators can be represented in IODEF and use-cases of how IODEF is being used. This document aims to make IODEF's adoption by vendors easier and encourage faster and wider adoption of the model by Computer Security Incident Response Teams (CSIRTs) around the world. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-mile-iodef-guidance/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-mile-iodef-guidance-10 https://datatracker.ietf.org/doc/html/draft-ietf-mile-iodef-guidance-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-mile-iodef-guidance-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ mile mailing list mile@ietf.org https://www.ietf.org/mailman/listinfo/mile _______________________________________________ mile mailing list mile@ietf.org https://www.ietf.org/mailman/listinfo/mile
- [mile] I-D Action: draft-ietf-mile-iodef-guidance… internet-drafts
- Re: [mile] I-D Action: draft-ietf-mile-iodef-guid… Panos Kampanakis (pkampana)
- Re: [mile] I-D Action: draft-ietf-mile-iodef-guid… Charles Eckel (eckelcu)
- Re: [mile] I-D Action: draft-ietf-mile-iodef-guid… Panos Kampanakis (pkampana)