Re: [mile] MILE WG draft adoption for RFC6045-bis
"Adam W. Montville" <adam@stoicsecurity.com> Wed, 02 November 2011 17:41 UTC
Return-Path: <adam@stoicsecurity.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 444731F0C97 for <mile@ietfa.amsl.com>; Wed, 2 Nov 2011 10:41:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ifc7lrjrSsWR for <mile@ietfa.amsl.com>; Wed, 2 Nov 2011 10:41:40 -0700 (PDT)
Received: from smtpauth11.prod.mesa1.secureserver.net (smtpauth11.prod.mesa1.secureserver.net [64.202.165.33]) by ietfa.amsl.com (Postfix) with SMTP id D37251F0C6B for <mile@ietf.org>; Wed, 2 Nov 2011 10:41:39 -0700 (PDT)
Received: (qmail 5923 invoked from network); 2 Nov 2011 17:41:39 -0000
Received: from unknown (174.47.84.196) by smtpauth11.prod.mesa1.secureserver.net (64.202.165.33) with ESMTP; 02 Nov 2011 17:41:36 -0000
Message-ID: <4EB180CC.1030202@stoicsecurity.com>
Date: Wed, 02 Nov 2011 10:41:32 -0700
From: "Adam W. Montville" <adam@stoicsecurity.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: mile@ietf.org
References: <AE31510960917D478171C79369B660FA0E0939FE18@MX06A.corp.emc.com>
In-Reply-To: <AE31510960917D478171C79369B660FA0E0939FE18@MX06A.corp.emc.com>
Content-Type: multipart/alternative; boundary="------------070901060108070108070203"
Subject: Re: [mile] MILE WG draft adoption for RFC6045-bis
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 17:41:41 -0000
I support this work. On 10/25/11 3:25 PM, kathleen.moriarty@emc.com wrote: > Hello, > > Thank you all for your hard work in helping to move us to a WG status! The next step is to ask for adoption of drafts. > > The first document in which I would like to request working group adoption is RFC6045-bis with my hat on as editor of the document. Please respond to the mailing list within a week (Nov 2nd) stating if you support RFC6045-bis adoption by the working group. Also, please include if you are willing to review the draft in your response on adoption. > > http://tools.ietf.org/html/draft-moriarty-mile-rfc6045-bis-01 > > A consensus call will follow from Brian Trammell as Working Group chair. > > Thank you! > Kathleen > > -----Original Message----- > From: IESG Secretary [mailto:iesg-secretary@ietf.org] > Sent: Tuesday, October 25, 2011 12:46 PM > To: IETF Announcement list > Cc: Moriarty, Kathleen; trammell@tik.ee.ethz.ch; mile@ietf.org > Subject: WG Action: Managed Incident Lightweight Exchange (mile) > > A new IETF working group has been formed in the Security Area. For > additional information, please contact the Area Directors or the WG > Chairs. > > Managed Incident Lightweight Exchange (mile) > -------------------------------------------- > Status: Proposed Working Group Charter > Last Updated: 2011-09-21 > > Chairs: > Kathleen Moriarty <Kathleen.Moriarty@emc.com> > Brian Trammell <trammell@tik.ee.ethz.ch> > > Security Area Directors: > Stephen Farrell <stephen.farrell@cs.tcd.ie> > Sean Turner <turners@ieca.com> > > Security Area Advisor: > Sean Turner <turners@ieca.com> > > Mailing Lists: > General Discussion: mile@ietf.org > To Subscribe: http://www.ietf.org/mailman/listinfo/mile > Archive: http://www.ietf.org/mail-archive/web/mile > > Description: > > The Managed Incident Lightweight Exchange (MILE) working group will > develop standards and extensions for the purpose of improving incident > information sharing and handling capabilities based on the work > developed in the IETF Extended INCident Handling (INCH) working group. > The Incident Object Description Exchange Format (IODEF) in RFC5070 and > Real-time Inter-network Defense (RID) in RFC6045 were developed in the > INCH working group by international Computer Security Incident Response > Teams (CSIRTs) and industry to meet the needs of a global community > interested in sharing, handling, and exchanging incident information. > The extensions and guidance created by the MILE working group assists > with the daily operations of CSIRTs at an organization, service > provider, law enforcement, and at the country level. The application of > IODEF and RID to interdomain incident information cooperative exchange > and sharing has recently expanded and the need for extensions has become > more important. Efforts continue to deploy IODEF and RID, as well as to > extend them to support specific use cases covering reporting and > mitigation of current threats such as anti-phishing extensions. > > An incident could be a benign configuration issue, IT incident, an > infraction to a service level agreement (SLA), a system compromise, > socially engineered phishing attack, or a denial-of-service (DoS) > attack, etc. When an incident is detected, the response may include > simply filing a report, notification to the source of the incident, a > request to a third party for resolution/mitigation, or a request to > locate the source. IODEF defines a data representation that provides a > standard format for sharing information commonly exchanged about > computer security incidents. RID enables the secure exchange of > incident related information in an IODEF format providing options for > security, privacy, and policy setting. > > MILE leverages collaboration and sharing experiences with the work > developed in the INCH working group which includes the data model > detailed in the IODEF, existing extensions to the IODEF for > Anti-phishing (RFC5901), and RID (RFC6045, RFC6046) for the secure > exchange of information. MILE will also leverage the experience gained > in using IODEF and RID in operational contexts. Related work, drafted > outside of INCH will also be reviewed and includes RFC5941, Sharing > Transaction Fraud Data. > > The MILE working group provides coordination for these various extension > efforts to improve the capabilities for exchanging incident information. > MILE has several objectives with the first being a description a > subset of IODEF focused on ease of deployment and applicability to > current information security data sharing use cases. MILE also > describes a generalization of RID for secure exchange of other > security-relevant XML formats. MILE produces additional guidance needed > for the successful exchange of incident information for new use cases > according to policy, security, and privacy requirements. Finally, MILE > produces a document template with guidance for defining IODEF extensions > to be followed when producing extensions to IODEF as appropriate, for: > > * labeling incident reports with data protection, data retention, and > other policies, regulations, and > laws restricting the handling of those reports > * referencing structured security information from within incident > reports > * reporting forensic data generated during an incident investigation > (computer or accounting) > > The WG will produce the following: > > * An informational document on IODEF Guidance. > * A Standards Track document specifying the Real-time Inter-network > Defense (RID). > * A Standards Track document specifying the transport for RID. > * An informational template for extensions to IODEF. > * A Standards Track document for IODEF Extensions in IANA XML Registry. > * A Standards Track document for IODEF Extension to support > structured cybersecurity information. > * A Standards Track document for Labeling for data protection, > retention, policies, and regulations. > * A Standards Track document for GRC Report Exchange. > * A Standards Track document for IODEF Extension to support forensics. > > The drafts under consideration as WG items include: > * Real-time Inter-network Defense (RID) bis: > draft-moriarty-mile-rfc6045-bis-01 > * Transport of Real-time Inter-network Defense (RID) Messages bis: > draft-trammell-mile-rfc6046-bis-00 > * Template for extensions to IODEF: > draft-trammell-mile-template-01.txt > * IODEF Extensions in IANA XML Registry: > draft-trammell-mile-iodef-xmlreg-00.txt > * GRC Report Exchange (Generalized RID for XML reports/documents): > draft-moriarty-mile-grc-exchange-00.txt > * IODEF-extension to support structured cybersecurity information: > draft-takahashi-mile-sci-00.txt > > Milestones > > WGLC = Working Group Last Call > > 2011-11 - WGLC Real-time Inter-network Defense (RID) > 2011-11 - WGLC Transport for Real-time Inter-network Defense (RID) > 2011-12 - Submit Real-time Inter-network Defense (RID) to IESG for > consideration as Standards Track document > 2011-12 - Submit Transport Real-time Inter-network Defense (RID) to > IESG for consideration as Standards Track document > 2011-12 - WGLC Template for extensions to IODEF > 2011-12 - WGLC IODEF Extensions in IANA XML Registry > 2011-12 - WGLC IODEF Extension to support structured cybersecurity > information > 2012-02 - Submit Template for extensions to IODEF to IESG for > consideration as Informational document > 2012-02 - Submit IODEF Extensions in IANA XML Registry to IESG for > consideration as Standards Track document > 2012-02 - Submit IODEF Extension to support structured cybersecurity > information to IESG for consideration as Standards Track > document > 2012-03 - WGLC IODEF Extension Labeling for data protection, retention, > policies, and regulations > 2012-03 - WGLC IODEF Guidance > 2012-04 - Submit IODEF Extension Labeling for data protection, > retention, policies, and regulations to IESG for > consideration as Standards Track document > 2012-04 - Submit WGLC IODEF Guidance to IESG for consideration as > Informational document > 2012-05 - WGLC GRC Report Exchange > 2012-06 - Submit GRC Report Exchange to IESG for consideration as > Standards Track document > 2012-06 - WGLC Forensics extension > 2012-07 - Submit IODEF Forensics extension to IESG for consideration as > Standards Track document > > > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile
- [mile] MILE WG draft adoption for RFC6045-bis kathleen.moriarty
- Re: [mile] MILE WG draft adoption for RFC6045-bis david.black
- Re: [mile] MILE WG draft adoption for RFC6045-bis Sean Turner
- Re: [mile] MILE WG draft adoption for RFC6045-bis kathleen.moriarty
- Re: [mile] MILE WG draft adoption for RFC6045-bis Takeshi Takahashi
- Re: [mile] MILE WG draft adoption for RFC6045-bis Martin, Robert A.
- Re: [mile] MILE WG draft adoption for RFC6045-bis Kent_Landfield
- Re: [mile] MILE WG draft adoption for RFC6045-bis Adam W. Montville