[mile] [Issue #9] Mapping @restriction to TLP
"Roman D. Danyliw" <rdd@cert.org> Mon, 29 July 2013 13:54 UTC
Return-Path: <rdd@cert.org>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 858BF11E80F0 for <mile@ietfa.amsl.com>; Mon, 29 Jul 2013 06:54:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.197
X-Spam-Level:
X-Spam-Status: No, score=-6.197 tagged_above=-999 required=5 tests=[AWL=0.402, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2fBiZWt62TuD for <mile@ietfa.amsl.com>; Mon, 29 Jul 2013 06:54:42 -0700 (PDT)
Received: from shetland.sei.cmu.edu (shetland.sei.cmu.edu [192.58.107.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5056D21F9EA7 for <mile@ietf.org>; Mon, 29 Jul 2013 06:52:59 -0700 (PDT)
Received: from pawpaw.sei.cmu.edu (pawpaw.sei.cmu.edu [10.64.21.22]) by shetland.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id r6TDqqUS023823 for <mile@ietf.org>; Mon, 29 Jul 2013 09:52:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cert.org; s=jthatj15xw2j; t=1375105972; bh=FK4iVCkUqkApf68JK7lQ9vs7Ms4HkP7RUERBS5h/kSY=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version:Sender:Reply-To:Cc: In-Reply-To:References; b=O+ti8FQLZNhFNAKbmVcozJa/qfrEsXPIDJgvcVmYX4UBMkyr0Rb63+oyCNoh63gXg kXBN6VGtrfGTql+fQwuVTfdKo6cbS1SK95huh3JdD+4scAK9zEGHcxlIq2YvESkg8c zBkzmBou0u3G5V3KXGUrD1dShiDpUpDVvSlpWdNA=
Received: from CASCADE.ad.sei.cmu.edu (cascade.sei.cmu.edu [10.64.28.248]) by pawpaw.sei.cmu.edu (8.14.4/8.14.4/1408) with ESMTP id r6TDr18G024410 for <mile@ietf.org>; Mon, 29 Jul 2013 09:53:01 -0400
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.02.0318.004; Mon, 29 Jul 2013 09:52:52 -0400
From: "Roman D. Danyliw" <rdd@cert.org>
To: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [Issue #9] Mapping @restriction to TLP
Thread-Index: Ac6MXCD9nmbhtR3DSeiD9DY2M9bpDQ==
Date: Mon, 29 Jul 2013 13:52:52 +0000
Message-ID: <359EC4B99E040048A7131E0F4E113AFC13C561DA@marathon>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.22.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [mile] [Issue #9] Mapping @restriction to TLP
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2013 13:54:48 -0000
Hi! See http://trac.tools.ietf.org/wg/mile/trac/ticket/9. The @restriction attribute is currently defined as follows: 1. public. There are no restrictions placed in the information. 2. need-to-know. The information may be shared with other parties that are involved in the incident as determined by the recipient of this document (e.g., multiple victim sites can be informed of each other). 3. private. The information may not be shared. 4. default. The information can be shared according to an information disclosure policy pre-arranged by the communicating parties. Would there be interest in migrating this definition to align with the Traffic Light Protocol originally developed by the UK National Infrastructure Security Coordination Centre, now Center for the Protection of National Infrastructure (http://www.cpni.gov.uk/)? See the following: US-CERT description, www.us-cert.gov/tlp Wikipedia reference, http://en.wikipedia.org/wiki/Traffic_Light_Protocol The current @restriction would require redefinition as the current 'need-to-know' does not map to a defined TLP category. The proposal is to map as follows: red <--> private amber <--> need-to-know green <--> (new proposed value) partner white <--> public 1. public. The information may be freely distributed without restriction. 2. partner. The information may be shared within a closed community of peers, partners, or affected parties, but cannot be published openly. 3. need-to-know. The information may be shared only with members of their own organization that have a need to know. 4. private. The information may not be shared. It is intended only for the named recipients. 5. default. The information can be shared according to an information disclosure policy pre-arranged by the communicating parties. 6. white. Same as public. 7. green. Same as partner. 8. amber. Same as need-to-know. 9. red. Same as private. The down-side of this proposal is that IODEFv2 (MILE) will have different semantics for an identical value present in IODEFv1 (INCH). Any community or application accustomed to tagging data as @restriction="need-to-know" in v1 would now need to use @restriction="partner" or "green" otherwise the information will be restricted more than intended. However, 'partner'/'green' might be too permissive depending on the definition of the consortium. Roman
- [mile] [Issue #9] Mapping @restriction to TLP Roman D. Danyliw
- Re: [mile] [Issue #9] Mapping @restriction to TLP Jerome Athias
- Re: [mile] [Issue #9] Mapping @restriction to TLP Patrick Curry