Re: [mile] MILE WG draft adoption for RFC6045-bis
<kathleen.moriarty@emc.com> Wed, 26 October 2011 17:06 UTC
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3E3B21F8509 for <mile@ietfa.amsl.com>; Wed, 26 Oct 2011 10:06:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.166
X-Spam-Level:
X-Spam-Status: No, score=-6.166 tagged_above=-999 required=5 tests=[AWL=-0.167, BAYES_00=-2.599, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30nY26OrX5vf for <mile@ietfa.amsl.com>; Wed, 26 Oct 2011 10:06:53 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id D469021F84CF for <mile@ietf.org>; Wed, 26 Oct 2011 10:06:52 -0700 (PDT)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p9QH6bmm023475 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 26 Oct 2011 13:06:44 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd03.lss.emc.com [10.254.221.145]) by hop04-l1d11-si02.isus.emc.com (RSA Interceptor); Wed, 26 Oct 2011 13:06:28 -0400
Received: from mxhub18.corp.emc.com (mxhub18.corp.emc.com [10.254.93.47]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p9QH6EWP022573; Wed, 26 Oct 2011 13:06:27 -0400
Received: from mx06a.corp.emc.com ([169.254.1.225]) by mxhub18.corp.emc.com ([10.254.93.47]) with mapi; Wed, 26 Oct 2011 13:06:23 -0400
From: kathleen.moriarty@emc.com
To: turners@ieca.com
Date: Wed, 26 Oct 2011 13:06:20 -0400
Thread-Topic: [mile] MILE WG draft adoption for RFC6045-bis
Thread-Index: AcyT+7yec2Zz+QWpS1WW/MKKU1z49AABVG0w
Message-ID: <AE31510960917D478171C79369B660FA0E0939FF7C@MX06A.corp.emc.com>
References: <AE31510960917D478171C79369B660FA0E0939FE18@MX06A.corp.emc.com> <4EA83407.6070504@ieca.com>
In-Reply-To: <4EA83407.6070504@ieca.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Cc: mile@ietf.org
Subject: Re: [mile] MILE WG draft adoption for RFC6045-bis
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2011 17:06:54 -0000
Hi Se4an, Thank you. Yes, this should result in RFC6045 becoming obsolete as the improvements should be made. I will update the schema version, thanks for the catch. I had that in the back of my mind, so the reminder is helpful! I was thinking about how group keys might be used in some use cases, so the reference to 5275 was part of my thought process as I was trying to figure out the right references (did not accomplish this). If you have suggestions, it may be something that should get considered. Thanks, Kathleen -----Original Message----- From: Sean Turner [mailto:turners@ieca.com] Sent: Wednesday, October 26, 2011 12:24 PM To: Moriarty, Kathleen Cc: mile@ietf.org Subject: Re: [mile] MILE WG draft adoption for RFC6045-bis Kathleen, As a starting point for defining a proactive inter-network communication method to facilitate sharing incident handling data while integrating existing detection, tracing, source identification, and mitigation mechanisms for a complete incident handling solution - I think it's a great starting point. Some comments based on a very quick skim: The draft indicates that it updates RFC 6045. Is there any reason that it shouldn't obsolete RFC 6045 and move RFC 6045 to Historic? Do you expect that implementations of RFC 6045 will be around? Do you want to strongly encourage them to do this updated version? I know this might seem awfully procedural, but having a well thought out answer might save some time later in the process. If this is a new and updated version, are new version #s needed in the protocol? I read that the summary of revisions, but I think it's worth asking anyway. Shouldn't the reference to RFC6046 be replaced with draft-trammell-mile-rfc6046-bis? ID nits complains about the following: s4: r/[XMLnames/[XMLNames] - note the N in names I love me some RFC 5275, but it's not used in the draft. spt On 10/25/11 6:25 PM, kathleen.moriarty@emc.com wrote: > Hello, > > Thank you all for your hard work in helping to move us to a WG status! The next step is to ask for adoption of drafts. > > The first document in which I would like to request working group adoption is RFC6045-bis with my hat on as editor of the document. Please respond to the mailing list within a week (Nov 2nd) stating if you support RFC6045-bis adoption by the working group. Also, please include if you are willing to review the draft in your response on adoption. > > http://tools.ietf.org/html/draft-moriarty-mile-rfc6045-bis-01 > > A consensus call will follow from Brian Trammell as Working Group chair. > > Thank you! > Kathleen > > -----Original Message----- > From: IESG Secretary [mailto:iesg-secretary@ietf.org] > Sent: Tuesday, October 25, 2011 12:46 PM > To: IETF Announcement list > Cc: Moriarty, Kathleen; trammell@tik.ee.ethz.ch; mile@ietf.org > Subject: WG Action: Managed Incident Lightweight Exchange (mile) > > A new IETF working group has been formed in the Security Area. For > additional information, please contact the Area Directors or the WG > Chairs. > > Managed Incident Lightweight Exchange (mile) > -------------------------------------------- > Status: Proposed Working Group Charter > Last Updated: 2011-09-21 > > Chairs: > Kathleen Moriarty<Kathleen.Moriarty@emc.com> > Brian Trammell<trammell@tik.ee.ethz.ch> > > Security Area Directors: > Stephen Farrell<stephen.farrell@cs.tcd.ie> > Sean Turner<turners@ieca.com> > > Security Area Advisor: > Sean Turner<turners@ieca.com> > > Mailing Lists: > General Discussion: mile@ietf.org > To Subscribe: http://www.ietf.org/mailman/listinfo/mile > Archive: http://www.ietf.org/mail-archive/web/mile > > Description: > > The Managed Incident Lightweight Exchange (MILE) working group will > develop standards and extensions for the purpose of improving incident > information sharing and handling capabilities based on the work > developed in the IETF Extended INCident Handling (INCH) working group. > The Incident Object Description Exchange Format (IODEF) in RFC5070 and > Real-time Inter-network Defense (RID) in RFC6045 were developed in the > INCH working group by international Computer Security Incident Response > Teams (CSIRTs) and industry to meet the needs of a global community > interested in sharing, handling, and exchanging incident information. > The extensions and guidance created by the MILE working group assists > with the daily operations of CSIRTs at an organization, service > provider, law enforcement, and at the country level. The application of > IODEF and RID to interdomain incident information cooperative exchange > and sharing has recently expanded and the need for extensions has become > more important. Efforts continue to deploy IODEF and RID, as well as to > extend them to support specific use cases covering reporting and > mitigation of current threats such as anti-phishing extensions. > > An incident could be a benign configuration issue, IT incident, an > infraction to a service level agreement (SLA), a system compromise, > socially engineered phishing attack, or a denial-of-service (DoS) > attack, etc. When an incident is detected, the response may include > simply filing a report, notification to the source of the incident, a > request to a third party for resolution/mitigation, or a request to > locate the source. IODEF defines a data representation that provides a > standard format for sharing information commonly exchanged about > computer security incidents. RID enables the secure exchange of > incident related information in an IODEF format providing options for > security, privacy, and policy setting. > > MILE leverages collaboration and sharing experiences with the work > developed in the INCH working group which includes the data model > detailed in the IODEF, existing extensions to the IODEF for > Anti-phishing (RFC5901), and RID (RFC6045, RFC6046) for the secure > exchange of information. MILE will also leverage the experience gained > in using IODEF and RID in operational contexts. Related work, drafted > outside of INCH will also be reviewed and includes RFC5941, Sharing > Transaction Fraud Data. > > The MILE working group provides coordination for these various extension > efforts to improve the capabilities for exchanging incident information. > MILE has several objectives with the first being a description a > subset of IODEF focused on ease of deployment and applicability to > current information security data sharing use cases. MILE also > describes a generalization of RID for secure exchange of other > security-relevant XML formats. MILE produces additional guidance needed > for the successful exchange of incident information for new use cases > according to policy, security, and privacy requirements. Finally, MILE > produces a document template with guidance for defining IODEF extensions > to be followed when producing extensions to IODEF as appropriate, for: > > * labeling incident reports with data protection, data retention, and > other policies, regulations, and > laws restricting the handling of those reports > * referencing structured security information from within incident > reports > * reporting forensic data generated during an incident investigation > (computer or accounting) > > The WG will produce the following: > > * An informational document on IODEF Guidance. > * A Standards Track document specifying the Real-time Inter-network > Defense (RID). > * A Standards Track document specifying the transport for RID. > * An informational template for extensions to IODEF. > * A Standards Track document for IODEF Extensions in IANA XML Registry. > * A Standards Track document for IODEF Extension to support > structured cybersecurity information. > * A Standards Track document for Labeling for data protection, > retention, policies, and regulations. > * A Standards Track document for GRC Report Exchange. > * A Standards Track document for IODEF Extension to support forensics. > > The drafts under consideration as WG items include: > * Real-time Inter-network Defense (RID) bis: > draft-moriarty-mile-rfc6045-bis-01 > * Transport of Real-time Inter-network Defense (RID) Messages bis: > draft-trammell-mile-rfc6046-bis-00 > * Template for extensions to IODEF: > draft-trammell-mile-template-01.txt > * IODEF Extensions in IANA XML Registry: > draft-trammell-mile-iodef-xmlreg-00.txt > * GRC Report Exchange (Generalized RID for XML reports/documents): > draft-moriarty-mile-grc-exchange-00.txt > * IODEF-extension to support structured cybersecurity information: > draft-takahashi-mile-sci-00.txt > > Milestones > > WGLC = Working Group Last Call > > 2011-11 - WGLC Real-time Inter-network Defense (RID) > 2011-11 - WGLC Transport for Real-time Inter-network Defense (RID) > 2011-12 - Submit Real-time Inter-network Defense (RID) to IESG for > consideration as Standards Track document > 2011-12 - Submit Transport Real-time Inter-network Defense (RID) to > IESG for consideration as Standards Track document > 2011-12 - WGLC Template for extensions to IODEF > 2011-12 - WGLC IODEF Extensions in IANA XML Registry > 2011-12 - WGLC IODEF Extension to support structured cybersecurity > information > 2012-02 - Submit Template for extensions to IODEF to IESG for > consideration as Informational document > 2012-02 - Submit IODEF Extensions in IANA XML Registry to IESG for > consideration as Standards Track document > 2012-02 - Submit IODEF Extension to support structured cybersecurity > information to IESG for consideration as Standards Track > document > 2012-03 - WGLC IODEF Extension Labeling for data protection, retention, > policies, and regulations > 2012-03 - WGLC IODEF Guidance > 2012-04 - Submit IODEF Extension Labeling for data protection, > retention, policies, and regulations to IESG for > consideration as Standards Track document > 2012-04 - Submit WGLC IODEF Guidance to IESG for consideration as > Informational document > 2012-05 - WGLC GRC Report Exchange > 2012-06 - Submit GRC Report Exchange to IESG for consideration as > Standards Track document > 2012-06 - WGLC Forensics extension > 2012-07 - Submit IODEF Forensics extension to IESG for consideration as > Standards Track document > > > _______________________________________________ > mile mailing list > mile@ietf.org > https://www.ietf.org/mailman/listinfo/mile >
- [mile] MILE WG draft adoption for RFC6045-bis kathleen.moriarty
- Re: [mile] MILE WG draft adoption for RFC6045-bis david.black
- Re: [mile] MILE WG draft adoption for RFC6045-bis Sean Turner
- Re: [mile] MILE WG draft adoption for RFC6045-bis kathleen.moriarty
- Re: [mile] MILE WG draft adoption for RFC6045-bis Takeshi Takahashi
- Re: [mile] MILE WG draft adoption for RFC6045-bis Martin, Robert A.
- Re: [mile] MILE WG draft adoption for RFC6045-bis Kent_Landfield
- Re: [mile] MILE WG draft adoption for RFC6045-bis Adam W. Montville