IETF Logo Mail Archive

Re: [mile] Consensus Call - SCI draft MMDEF as MTI

"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Wed, 03 April 2013 11:08 UTC

Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58A2821F8A6D for <mile@ietfa.amsl.com>; Wed, 3 Apr 2013 04:08:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.055
X-Spam-Level:
X-Spam-Status: No, score=-0.055 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, HELO_EQ_JP=1.244]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WyWFc5iIzHE0 for <mile@ietfa.amsl.com>; Wed, 3 Apr 2013 04:08:04 -0700 (PDT)
Received: from ns2.nict.go.jp (ns2.nict.go.jp [IPv6:2001:df0:232:300::2]) by ietfa.amsl.com (Postfix) with ESMTP id 04A4721F8A91 for <mile@ietf.org>; Wed, 3 Apr 2013 04:08:03 -0700 (PDT)
Received: from gw2.nict.go.jp (gw2 [133.243.18.251]) by ns2.nict.go.jp with ESMTP id r33B82dP028789; Wed, 3 Apr 2013 20:08:02 +0900 (JST)
Received: from gw2.nict.go.jp (localhost [127.0.0.1]) by gw2.nict.go.jp with ESMTP id r33B82Rl002733; Wed, 3 Apr 2013 20:08:02 +0900 (JST)
Received: from mail1.nict.go.jp (mail.nict.go.jp [133.243.18.3]) by gw2.nict.go.jp with ESMTP id r33B81Ii002730; Wed, 3 Apr 2013 20:08:01 +0900 (JST)
Received: from mail1.nict.go.jp (localhost [127.0.0.1]) by mail1.nict.go.jp (NICT Mail) with ESMTP id AEFD716843; Wed, 3 Apr 2013 20:08:01 +0900 (JST)
Received: from VAIO (unknown [133.243.119.109]) by mail1.nict.go.jp (NICT Mail) with ESMTP id A80421679B; Wed, 3 Apr 2013 20:08:01 +0900 (JST)
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: 'Eric Burger' <eburger@standardstrack.com>, "'Martin, Robert A.'" <ramartin@MITRE.ORG>
References: <F5063677821E3B4F81ACFB7905573F24D79BE5CD@MX15A.corp.emc.com>, <1C9F17D1873AFA47A969C4DD98F98A751926C4@xmb-rcd-x10.cisco.com> <F5063677821E3B4F81ACFB7905573F24D79BE5F0@MX15A.corp.emc.com> <8D3D17ACE214DC429325B2B98F3AE71290FA9202@MX15A.corp.emc.com> <000601ce279e$c8ab7940$5a026bc0$@nict.go.jp> <F5063677821E3B4F81ACFB7905573F24DA7FE484@MX15A.corp.emc.com> <D65778B5-1396-4E58-A520-FB9701C85426@cs.georgetown.edu> <1CBD9BD3-18CF-4787-B13E-3288FCB68AE0@cs.georgetown.edu> <5271802E-3724-426D-8DB8-E4718B0092AD@standardstrack.com> <51543918.1050605@mitre.org> <D695A3BB-862C-496E-B938-DC8A22ED0891@standardstrack.com>
In-Reply-To: <D695A3BB-862C-496E-B938-DC8A22ED0891@standardstrack.com>
Date: Wed, 03 Apr 2013 20:08:09 +0900
Message-ID: <011801ce305b$86b04820$9410d860$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFCibkFcoiRAxGJUwOvO7kpytpEUwHYmM6bAq+IVDUBugT0/gGrVkJYAnN+UnMBXPoi3AJ6PqwpAmZS0DEBsQWkKQKeNtMamTQyUQA=
Content-Language: ja
Cc: mile@ietf.org
Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2013 11:08:05 -0000

Hi Eric,

Thank you for your kind email.
Yes, this is an issue that had been bothered us.
I appreciate your kind consideration.

I understood that we have somehow agreed to use MMDEF as an MTI, though it
is not an official IEEE standard, because the link seems to be stable (with
version control).
Do I need to change the above understanding?
Hopefully not, but if necessary, we need to do that.

If so, I am not sure what would be a feasible approach for that.
One approach is, as you have suggested, to use MMDEF as an MTI and reference
it as an informative reference.

Alternatively, could we include the schema of the MMDEF so that the draft
itself can become a stable reference?
(of course, we need to ask permission to the MMDEF community.)
The name space could be changed to http://www.ietf.org/draft-IODEF-SCI-mti,
for instance.

The purpose of having MTI is to check interoperability, thus the above
approach could be ok, I guess.

I would appreciate any assistance or guidance.

Thank you.
Take


> -----Original Message-----
> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On Behalf Of
> Eric Burger
> Sent: Monday, April 1, 2013 9:36 PM
> To: Martin, Robert A.
> Cc: mile@ietf.org
> Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI
> 
> Next week that URI can change. It is not an IEEE standard, so there is no
> P number. Since it is not an IEEE standard, you cannot buy or reference
> the spec from IEEE.
> 
> Is there someone involved with the MMDEF work who can find out about a
stable
> reference? We don't need an RFC, but we do need something that is likely
> to be there next month. An individual informational RFC would work, too.
> 
> Another alternative is to do a wink and a nudge and have IODEF say there
> are things out there for malware identification. One could use something
> *like* MMDEF which you *might* be able to find at the IEEE-SA industry
site.
> It would be an informative reference, so there would be no violation of
> IETF rules.  That approach will not promise long-term interoperability,
> but it is better than nothing.
> 
> On Mar 28, 2013, at 8:35 AM, "Martin, Robert A." <ramartin@MITRE.ORG>
wrote:
> 
> > This page would seem to provide that.
> >
> > <http://standards.ieee.org/develop/indconn/icsg/mmdef.html>
> >
> > On 3/27/13 10:25 PM, Eric Burger wrote:
> >> Did we ever find a stable reference for MMDEF?
> >>
> >> On Mar 27, 2013, at 8:59 PM, "Moriarty, Kathleen"
> <kathleen.moriarty@emc.com> wrote:
> >>
> >>> Hello,
> >>>
> >>> Thank you for voicing your opinions at the MILE meeting, the two week
> period is up and we have full agreement.  We will move forward with MMDEF
> as the MTI for the SCI draft.
> >>>
> >>> Take - Thank you for updating the draft to include MMDEF as the MTI
> as well as the update below.  Could you expand the acronym for MTI in the
> draft and update the version to the latest?
> >>>
> >>> Bets regards,
> >>> Kathleen
> >>>
> >>> -----Original Message-----
> >>> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On Behalf
> >>> Of Takeshi Takahashi
> >>> Sent: Saturday, March 23, 2013 4:17 AM
> >>> To: mile@ietf.org
> >>> Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI
> >>>
> >>> Hi all,
> >>>
> >>> I remember the discussion on the EICAR and agree upon David's kind
> >>> suggestion.
> >>> The attached is the revised SCI draft, whose section 10 talks about
> >>> the EICAR (with an example XML).
> >>>
> >>> Kind regards,
> >>> Take
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On
> >>>> Behalf Of Black, David
> >>>> Sent: Thursday, March 14, 2013 11:54 PM
> >>>> To: Moriarty, Kathleen; mile@ietf.org
> >>>> Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI
> >>>>
> >>>> I support MMDEF as the MTI, and since MMDEF is a malware spec, I'd
> >>>> like to resurrect a previously-discussed suggestion that the SCI
> >>>> draft include discussion of the "EICAR Standard Anti-Virus Test
> >>>> File" as a specific
> >>> example
> >>>> that SHOULD (or MUST?) be supported for black-box testing purposes.
> >>>>
> >>>> See: http://www.eicar.org/86-0-Intended-use.html
> >>>>
> >>>> Thanks,
> >>>> --David
> >>>>
> >>>>> -----Original Message-----
> >>>>> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On
> >>>>> Behalf Of Moriarty, Kathleen
> >>>>> Sent: Thursday, March 14, 2013 10:38 AM
> >>>>> To: Panos Kampanakis (pkampana); mile@ietf.org
> >>>>> Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI
> >>>>>
> >>>>> Hello Panos,
> >>>>>
> >>>>> Thank you for joining us remotely!  The recording is available for
> >>>>> those who were not able to attend during the session.
> >>>>>
> >>>>> We need to choose one included schema as MTI for 'black box'
> >>>>> testing of the method described.  Essentially, if you can exchange
> >>>>> using the MTI spec, then any other specs supported should
> >>>>> theoretically work as the pattern has been established.
> >>>>>
> >>>>> MMDEF was recommended as it is in use by the eCrime WG as an
> >>>> extension
> >>>>> to IODEF/RFC5901.  It replaced the method to include malware in
> >>>>> exchanges and seemed to make sense to adopt more broadly as it is
> >>>>> maintained by a group in IEEE focused on that particular problem.
> >>>>>
> >>>>> BTW, I meant to say the last call will end in two weeks from
> >>>>> yesterday, Wednesday March 27th.
> >>>>>
> >>>>> Thank you!
> >>>>> Kathleen
> >>>>> ________________________________________
> >>>>> From: Panos Kampanakis (pkampana) [pkampana@cisco.com]
> >>>>> Sent: Thursday, March 14, 2013 9:59 AM
> >>>>> To: Moriarty, Kathleen; mile@ietf.org
> >>>>> Subject: RE: Consensus Call - SCI draft MMDEF as MTI
> >>>>>
> >>>>> I agree with MMDEF included in SCI.
> >>>>> I am not sure why it must be MTI. Due to some audio problems I
> >>>>> missed part of the call yesterday. Can you briefly summarize why
> >>>>> we want it
> >>> MTI?
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On
> >>>>> Behalf Of Moriarty, Kathleen
> >>>>> Sent: Wednesday, March 13, 2013 3:04 PM
> >>>>> To: mile@ietf.org
> >>>>> Subject: [mile] Consensus Call - SCI draft MMDEF as MTI
> >>>>>
> >>>>> Hello,
> >>>>>
> >>>>> In today's MILE session, a call for consensus began to include
> >>>>> MMDEF in the SCI draft as the mandatory-to-implement (MTI)
> specification.
> >>>>> The call for consensus will last for 2 weeks and we ask that you
> >>> contribute
> >>>> your opinion.
> >>>>> The vote in the room was unanimous and we want to make sure we
> >>>>> hear from participants not in attendance.
> >>>>>
> >>>>> Poll will end on Wednesday next week.
> >>>>>
> >>>>> Thank you!
> >>>>> Kathleen
> >>>>> _______________________________________________
> >>>>> mile mailing list
> >>>>> mile@ietf.org
> >>>>> https://www.ietf.org/mailman/listinfo/mile
> >>>>> _______________________________________________
> >>>>> mile mailing list
> >>>>> mile@ietf.org
> >>>>> https://www.ietf.org/mailman/listinfo/mile
> >>>>
> >>>> _______________________________________________
> >>>> mile mailing list
> >>>> mile@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/mile
> >>> _______________________________________________
> >>> mile mailing list
> >>> mile@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/mile
> >>
> >>
> >>
> >> _______________________________________________
> >> mile mailing list
> >> mile@ietf.org
> >> https://www.ietf.org/mailman/listinfo/mile
> >> .
> >>
> > _______________________________________________
> > mile mailing list
> > mile@ietf.org
> > https://www.ietf.org/mailman/listinfo/mile
> 
> _______________________________________________
> mile mailing list
> mile@ietf.org
> https://www.ietf.org/mailman/listinfo/mile

v2.23.0 | Report a Bug | By Email