Re: [mile] Consensus Call - SCI draft MMDEF as MTI
"Takeshi Takahashi" <takeshi_takahashi@nict.go.jp> Thu, 04 April 2013 00:54 UTC
Return-Path: <takeshi_takahashi@nict.go.jp>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A64A421F92E9 for <mile@ietfa.amsl.com>; Wed, 3 Apr 2013 17:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.705
X-Spam-Level:
X-Spam-Status: No, score=-0.705 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, HELO_EQ_JP=1.244]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9f87OJKcwTky for <mile@ietfa.amsl.com>; Wed, 3 Apr 2013 17:54:53 -0700 (PDT)
Received: from ns2.nict.go.jp (ns2.nict.go.jp [IPv6:2001:df0:232:300::2]) by ietfa.amsl.com (Postfix) with ESMTP id 7873A21F92DC for <mile@ietf.org>; Wed, 3 Apr 2013 17:54:53 -0700 (PDT)
Received: from gw2.nict.go.jp (gw2 [133.243.18.251]) by ns2.nict.go.jp with ESMTP id r340sq4O017168; Thu, 4 Apr 2013 09:54:52 +0900 (JST)
Received: from gw2.nict.go.jp (localhost [127.0.0.1]) by gw2.nict.go.jp with ESMTP id r340sqWN007845; Thu, 4 Apr 2013 09:54:52 +0900 (JST)
Received: from mail2.nict.go.jp (mail.nict.go.jp [133.243.18.3]) by gw2.nict.go.jp with ESMTP id r340spJq007842; Thu, 4 Apr 2013 09:54:51 +0900 (JST)
Received: from mail2.nict.go.jp (localhost [127.0.0.1]) by mail2.nict.go.jp (NICT Mail) with ESMTP id D1D1616106; Thu, 4 Apr 2013 09:54:51 +0900 (JST)
Received: from VAIO (unknown [133.243.119.109]) by mail2.nict.go.jp (NICT Mail) with ESMTP id CB93E160BF; Thu, 4 Apr 2013 09:54:51 +0900 (JST)
From: Takeshi Takahashi <takeshi_takahashi@nict.go.jp>
To: 'Eric Burger' <eburger@standardstrack.com>
References: <F5063677821E3B4F81ACFB7905573F24D79BE5CD@MX15A.corp.emc.com>, <1C9F17D1873AFA47A969C4DD98F98A751926C4@xmb-rcd-x10.cisco.com> <F5063677821E3B4F81ACFB7905573F24D79BE5F0@MX15A.corp.emc.com> <8D3D17ACE214DC429325B2B98F3AE71290FA9202@MX15A.corp.emc.com> <000601ce279e$c8ab7940$5a026bc0$@nict.go.jp> <F5063677821E3B4F81ACFB7905573F24DA7FE484@MX15A.corp.emc.com> <D65778B5-1396-4E58-A520-FB9701C85426@cs.georgetown.edu> <1CBD9BD3-18CF-4787-B13E-3288FCB68AE0@cs.georgetown.edu> <5271802E-3724-426D-8DB8-E4718B0092AD@standardstrack.com> <51543918.1050605@mitre.org> <D695A3BB-862C-496E-B938-DC8A22ED0891@standardstrack.com> <011801ce305b$86b04820$9410d860$@nict.go.jp> <C7F7BD60-C175-4FCF-B1AD-DDC9616833D3@standardstrack.com>
In-Reply-To: <C7F7BD60-C175-4FCF-B1AD-DDC9616833D3@standardstrack.com>
Date: Thu, 04 Apr 2013 09:54:59 +0900
Message-ID: <003101ce30cf$0888f540$199adfc0$@nict.go.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFCibkFcoiRAxGJUwOvO7kpytpEUwHYmM6bAq+IVDUBugT0/gGrVkJYAnN+UnMBXPoi3AJ6PqwpAmZS0DEBsQWkKQKeNtMaAnL4LIkCHbpFjpkQlpNQ
Content-Language: ja
Cc: mile@ietf.org
Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 00:54:54 -0000
Ok, then let me try to contact them. I will post some messages to MMDEF's mailing list. Hopefully they could give us a good answer. Let me come back to here later. Take > -----Original Message----- > From: Eric Burger [mailto:eburger@standardstrack.com] > Sent: Thursday, April 4, 2013 8:00 AM > To: Takeshi Takahashi > Cc: mile@ietf.org > Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI > > The approach you mention, importing the markup, with permission, into an > appendix, is precisely what we did for RFC 6787. We imported the NLSML markup > once we found out that (1) no one planned to use EMMA and (2) the W3C did > not plan on publishing NLSML. > > On Apr 3, 2013, at 7:08 AM, Takeshi Takahashi > <takeshi_takahashi@nict.go.jp> wrote: > > > Hi Eric, > > > > Thank you for your kind email. > > Yes, this is an issue that had been bothered us. > > I appreciate your kind consideration. > > > > I understood that we have somehow agreed to use MMDEF as an MTI, > > though it is not an official IEEE standard, because the link seems to > > be stable (with version control). > > Do I need to change the above understanding? > > Hopefully not, but if necessary, we need to do that. > > > > If so, I am not sure what would be a feasible approach for that. > > One approach is, as you have suggested, to use MMDEF as an MTI and > > reference it as an informative reference. > > > > Alternatively, could we include the schema of the MMDEF so that the > > draft itself can become a stable reference? > > (of course, we need to ask permission to the MMDEF community.) The > > name space could be changed to > > http://www.ietf.org/draft-IODEF-SCI-mti, > > for instance. > > > > The purpose of having MTI is to check interoperability, thus the above > > approach could be ok, I guess. > > > > I would appreciate any assistance or guidance. > > > > Thank you. > > Take > > > > > >> -----Original Message----- > >> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On Behalf > >> Of Eric Burger > >> Sent: Monday, April 1, 2013 9:36 PM > >> To: Martin, Robert A. > >> Cc: mile@ietf.org > >> Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI > >> > >> Next week that URI can change. It is not an IEEE standard, so there > >> is no P number. Since it is not an IEEE standard, you cannot buy or > >> reference the spec from IEEE. > >> > >> Is there someone involved with the MMDEF work who can find out about > >> a > > stable > >> reference? We don't need an RFC, but we do need something that is > >> likely to be there next month. An individual informational RFC would > work, too. > >> > >> Another alternative is to do a wink and a nudge and have IODEF say > >> there are things out there for malware identification. One could use > >> something > >> *like* MMDEF which you *might* be able to find at the IEEE-SA > >> industry > > site. > >> It would be an informative reference, so there would be no violation > >> of IETF rules. That approach will not promise long-term > >> interoperability, but it is better than nothing. > >> > >> On Mar 28, 2013, at 8:35 AM, "Martin, Robert A." <ramartin@MITRE.ORG> > > wrote: > >> > >>> This page would seem to provide that. > >>> > >>> <http://standards.ieee.org/develop/indconn/icsg/mmdef.html> > >>> > >>> On 3/27/13 10:25 PM, Eric Burger wrote: > >>>> Did we ever find a stable reference for MMDEF? > >>>> > >>>> On Mar 27, 2013, at 8:59 PM, "Moriarty, Kathleen" > >> <kathleen.moriarty@emc.com> wrote: > >>>> > >>>>> Hello, > >>>>> > >>>>> Thank you for voicing your opinions at the MILE meeting, the two > >>>>> week > >> period is up and we have full agreement. We will move forward with > >> MMDEF as the MTI for the SCI draft. > >>>>> > >>>>> Take - Thank you for updating the draft to include MMDEF as the > >>>>> MTI > >> as well as the update below. Could you expand the acronym for MTI in > >> the draft and update the version to the latest? > >>>>> > >>>>> Bets regards, > >>>>> Kathleen > >>>>> > >>>>> -----Original Message----- > >>>>> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On > >>>>> Behalf Of Takeshi Takahashi > >>>>> Sent: Saturday, March 23, 2013 4:17 AM > >>>>> To: mile@ietf.org > >>>>> Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI > >>>>> > >>>>> Hi all, > >>>>> > >>>>> I remember the discussion on the EICAR and agree upon David's kind > >>>>> suggestion. > >>>>> The attached is the revised SCI draft, whose section 10 talks > >>>>> about the EICAR (with an example XML). > >>>>> > >>>>> Kind regards, > >>>>> Take > >>>>> > >>>>> > >>>>>> -----Original Message----- > >>>>>> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On > >>>>>> Behalf Of Black, David > >>>>>> Sent: Thursday, March 14, 2013 11:54 PM > >>>>>> To: Moriarty, Kathleen; mile@ietf.org > >>>>>> Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI > >>>>>> > >>>>>> I support MMDEF as the MTI, and since MMDEF is a malware spec, > >>>>>> I'd like to resurrect a previously-discussed suggestion that the > >>>>>> SCI draft include discussion of the "EICAR Standard Anti-Virus > >>>>>> Test File" as a specific > >>>>> example > >>>>>> that SHOULD (or MUST?) be supported for black-box testing purposes. > >>>>>> > >>>>>> See: http://www.eicar.org/86-0-Intended-use.html > >>>>>> > >>>>>> Thanks, > >>>>>> --David > >>>>>> > >>>>>>> -----Original Message----- > >>>>>>> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On > >>>>>>> Behalf Of Moriarty, Kathleen > >>>>>>> Sent: Thursday, March 14, 2013 10:38 AM > >>>>>>> To: Panos Kampanakis (pkampana); mile@ietf.org > >>>>>>> Subject: Re: [mile] Consensus Call - SCI draft MMDEF as MTI > >>>>>>> > >>>>>>> Hello Panos, > >>>>>>> > >>>>>>> Thank you for joining us remotely! The recording is available > >>>>>>> for those who were not able to attend during the session. > >>>>>>> > >>>>>>> We need to choose one included schema as MTI for 'black box' > >>>>>>> testing of the method described. Essentially, if you can > >>>>>>> exchange using the MTI spec, then any other specs supported > >>>>>>> should theoretically work as the pattern has been established. > >>>>>>> > >>>>>>> MMDEF was recommended as it is in use by the eCrime WG as an > >>>>>> extension > >>>>>>> to IODEF/RFC5901. It replaced the method to include malware in > >>>>>>> exchanges and seemed to make sense to adopt more broadly as it > >>>>>>> is maintained by a group in IEEE focused on that particular problem. > >>>>>>> > >>>>>>> BTW, I meant to say the last call will end in two weeks from > >>>>>>> yesterday, Wednesday March 27th. > >>>>>>> > >>>>>>> Thank you! > >>>>>>> Kathleen > >>>>>>> ________________________________________ > >>>>>>> From: Panos Kampanakis (pkampana) [pkampana@cisco.com] > >>>>>>> Sent: Thursday, March 14, 2013 9:59 AM > >>>>>>> To: Moriarty, Kathleen; mile@ietf.org > >>>>>>> Subject: RE: Consensus Call - SCI draft MMDEF as MTI > >>>>>>> > >>>>>>> I agree with MMDEF included in SCI. > >>>>>>> I am not sure why it must be MTI. Due to some audio problems I > >>>>>>> missed part of the call yesterday. Can you briefly summarize why > >>>>>>> we want it > >>>>> MTI? > >>>>>>> > >>>>>>> -----Original Message----- > >>>>>>> From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On > >>>>>>> Behalf Of Moriarty, Kathleen > >>>>>>> Sent: Wednesday, March 13, 2013 3:04 PM > >>>>>>> To: mile@ietf.org > >>>>>>> Subject: [mile] Consensus Call - SCI draft MMDEF as MTI > >>>>>>> > >>>>>>> Hello, > >>>>>>> > >>>>>>> In today's MILE session, a call for consensus began to include > >>>>>>> MMDEF in the SCI draft as the mandatory-to-implement (MTI) > >> specification. > >>>>>>> The call for consensus will last for 2 weeks and we ask that you > >>>>> contribute > >>>>>> your opinion. > >>>>>>> The vote in the room was unanimous and we want to make sure we > >>>>>>> hear from participants not in attendance. > >>>>>>> > >>>>>>> Poll will end on Wednesday next week. > >>>>>>> > >>>>>>> Thank you! > >>>>>>> Kathleen > >>>>>>> _______________________________________________ > >>>>>>> mile mailing list > >>>>>>> mile@ietf.org > >>>>>>> https://www.ietf.org/mailman/listinfo/mile > >>>>>>> _______________________________________________ > >>>>>>> mile mailing list > >>>>>>> mile@ietf.org > >>>>>>> https://www.ietf.org/mailman/listinfo/mile > >>>>>> > >>>>>> _______________________________________________ > >>>>>> mile mailing list > >>>>>> mile@ietf.org > >>>>>> https://www.ietf.org/mailman/listinfo/mile > >>>>> _______________________________________________ > >>>>> mile mailing list > >>>>> mile@ietf.org > >>>>> https://www.ietf.org/mailman/listinfo/mile > >>>> > >>>> > >>>> > >>>> _______________________________________________ > >>>> mile mailing list > >>>> mile@ietf.org > >>>> https://www.ietf.org/mailman/listinfo/mile > >>>> . > >>>> > >>> _______________________________________________ > >>> mile mailing list > >>> mile@ietf.org > >>> https://www.ietf.org/mailman/listinfo/mile > >> > >> _______________________________________________ > >> mile mailing list > >> mile@ietf.org > >> https://www.ietf.org/mailman/listinfo/mile > >
- [mile] Consensus Call - SCI draft MMDEF as MTI Moriarty, Kathleen
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Tony Rutkowski
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Panos Kampanakis (pkampana)
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Moriarty, Kathleen
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Black, David
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Panos Kampanakis (pkampana)
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Takeshi Takahashi
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Moriarty, Kathleen
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Eric Burger
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Martin, Robert A.
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Takeshi Takahashi
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Eric Burger
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Takeshi Takahashi
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Eric Burger
- Re: [mile] Consensus Call - SCI draft MMDEF as MTI Takeshi Takahashi