IETF Logo Mail Archive

Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-01.txt

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Mon, 15 July 2013 20:42 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ED6E21E8098 for <mile@ietfa.amsl.com>; Mon, 15 Jul 2013 13:42:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wX5cFL-a2Vfh for <mile@ietfa.amsl.com>; Mon, 15 Jul 2013 13:42:11 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 6E43A21E8141 for <mile@ietf.org>; Mon, 15 Jul 2013 13:42:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2517; q=dns/txt; s=iport; t=1373920931; x=1375130531; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=7QzyGuLmugGnRT0ZmDKxiSJe7Wj8ZQmpiCXGnQhSSS8=; b=S4Is5v0Le/ySWxafr3eQKRTdLvLAeev8RDwvqcMpe2PBMVahZDHFEOIq rKBX1y3sh7E8XwioTsCcL/N1cSSqdmF9BTXd5gYqfQ5bXeVQZ+G+sgHwD vlENQs7QNa7nYYw2FrJGSPwtNeMNt8zqMvOstee93FGRSAsrpYASGmppX I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhwFAIRd5FGtJV2c/2dsb2JhbABagwY0SQbBXIETFnSCIwEBAQQBAQE3NBcEAgEIEQQBAQsUCQcnCxQJCAIEEwgBiAcHBbYujzMPKQaDBW0DmQWQJIMSgig
X-IronPort-AV: E=Sophos;i="4.89,671,1367971200"; d="scan'208";a="235213136"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-4.cisco.com with ESMTP; 15 Jul 2013 20:42:11 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r6FKgAHS004915 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <mile@ietf.org>; Mon, 15 Jul 2013 20:42:11 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.56]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.02.0318.004; Mon, 15 Jul 2013 15:42:11 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: [mile] I-D Action: draft-ietf-mile-iodef-guidance-01.txt
Thread-Index: AQHOgYa028R1+1fDMEKp2g/bvw4P7ZlmM1Pw
Date: Mon, 15 Jul 2013 20:42:10 +0000
Message-ID: <1C9F17D1873AFA47A969C4DD98F98A753E5A16@xmb-rcd-x10.cisco.com>
References: <20130715181109.23584.20560.idtracker@ietfa.amsl.com>
In-Reply-To: <20130715181109.23584.20560.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [64.102.89.102]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [mile] I-D Action: draft-ietf-mile-iodef-guidance-01.txt
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mile>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2013 20:42:16 -0000

This revisions of the draft adds a section about current uses of IODEF. The old usecases section was removed.
I also added some subsection in the " IODEF considerations" section, like the " Logic for watchlist of indications" subsection.
There are still many parts that need to be expanded and updated, but this is a starting point to start the discussion.

Comments welcome.

Panos



-----Original Message-----
From: mile-bounces@ietf.org [mailto:mile-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org
Sent: Monday, July 15, 2013 2:11 PM
To: i-d-announce@ietf.org
Cc: mile@ietf.org
Subject: [mile] I-D Action: draft-ietf-mile-iodef-guidance-01.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Managed Incident Lightweight Exchange Working Group of the IETF.

	Title           : IODEF Usage Guidance
	Author(s)       : Panos Kampanakis
	Filename        : draft-ietf-mile-iodef-guidance-01.txt
	Pages           : 8
	Date            : 2013-07-12

Abstract:
   The Incident Object Description Exchange Format [RFC5070] defines a
   data representation that provides a framework for sharing information
   commonly exchanged by Computer Security Incident Response Teams
   (CSIRTs) about computer security incidents.  Since the IODEF model
   includes a wealth of available options that can be used to describe a
   security incident or issue, it can be challenging for implementers to
   develop tools that can Leverage IODEF for incident sharing.  This
   document provides guidelines for IODEF implementers.  It will also
   address how common security indicators can be represented in IODEF.
   The goal of this document is to make IODEF's adoption by vendors
   easier and encourage faster and wider adoption of the model by
   Computer Security Incident Response Teams (CSIRTs) around the world.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-mile-iodef-guidance

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-mile-iodef-guidance-01

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-mile-iodef-guidance-01


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
mile mailing list
mile@ietf.org
https://www.ietf.org/mailman/listinfo/mile

v2.23.0 | Report a Bug | By Email