Re: [mile] MILE WG draft adoption for RFC6045-bis

[<Kent_Landfield@McAfee.com>]

I too support RFC6045-bis being adopted by the working group.

Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee, Inc.
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096
Mobile: +1.817.637.8026
Web: www.mcafee.com<http://www.mcafee.com/>

From: Bob Martin <ramartin@mitre.org<mailto:ramartin@mitre.org>>
Date: Fri, 28 Oct 2011 12:31:06 -0500
To: Kathleen Moriarty <kathleen.moriarty@emc.com<mailto:kathleen.moriarty@emc.com>>
Cc: "mile@ietf.org<mailto:mile@ietf.org>" <mile@ietf.org<mailto:mile@ietf.org>>
Subject: Re: [mile] MILE WG draft adoption for RFC6045-bis

Congratualations to all for getting this work area started.

RFC6045 should definetly be adopted by the MILE Working Group.  It fills
a needed and critical part of the functionality needed to support
automation in incident handling amongst organizations.

Bob

On 10/25/11 6:25 PM, kathleen.moriarty@emc.com<mailto:kathleen.moriarty@emc.com> wrote:
Hello,

Thank you all for your hard work in helping to move us to a WG status!  The next step is to ask for adoption of drafts.

The first document in which I would like to request working group adoption is RFC6045-bis with my hat on as editor of the document.  Please respond to the mailing list within a week (Nov 2nd) stating if you support RFC6045-bis adoption by the working group.  Also, please include if you are willing to review the draft in your response on adoption.

http://tools.ietf.org/html/draft-moriarty-mile-rfc6045-bis-01

A consensus call will follow from Brian Trammell as Working Group chair.

Thank you!
Kathleen

-----Original Message-----
From: IESG Secretary [mailto:iesg-secretary@ietf.org]
Sent: Tuesday, October 25, 2011 12:46 PM
To: IETF Announcement list
Cc: Moriarty, Kathleen; trammell@tik.ee.ethz.ch<mailto:trammell@tik.ee.ethz.ch>; mile@ietf.org<mailto:mile@ietf.org>
Subject: WG Action: Managed Incident Lightweight Exchange (mile)

A new IETF working group has been formed in the Security Area.  For
additional information, please contact the Area Directors or the WG
Chairs.

Managed Incident Lightweight Exchange (mile)
--------------------------------------------
Status: Proposed Working Group Charter
Last Updated: 2011-09-21

Chairs:
       Kathleen Moriarty<Kathleen.Moriarty@emc.com<mailto:Kathleen.Moriarty@emc.com>>
       Brian Trammell<trammell@tik.ee.ethz.ch<mailto:trammell@tik.ee.ethz.ch>>

Security Area Directors:
       Stephen Farrell<stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>>
       Sean Turner<turners@ieca.com<mailto:turners@ieca.com>>

Security Area Advisor:
       Sean Turner<turners@ieca.com<mailto:turners@ieca.com>>

Mailing Lists:
       General Discussion: mile@ietf.org<mailto:mile@ietf.org>
       To Subscribe:       http://www.ietf.org/mailman/listinfo/mile
       Archive:            http://www.ietf.org/mail-archive/web/mile

Description:

The Managed Incident Lightweight Exchange (MILE) working group will
develop standards and extensions for the purpose of improving incident
information sharing and handling capabilities based on the work
developed in the IETF Extended INCident Handling (INCH) working group.
The Incident Object Description Exchange Format (IODEF) in RFC5070 and
Real-time Inter-network Defense (RID) in RFC6045 were developed in the
INCH working group by international Computer Security Incident Response
Teams (CSIRTs) and industry to meet the needs of a global community
interested in sharing, handling, and exchanging incident information.
The extensions and guidance created by the MILE working group assists
with the daily operations of CSIRTs at an organization, service
provider, law enforcement, and at the country level.  The application of
IODEF and RID to interdomain incident information cooperative exchange
and sharing has recently expanded and the need for extensions has become
more important. Efforts continue to deploy IODEF and RID, as well as to
extend them to support specific use cases covering reporting and
mitigation of current threats such as anti-phishing extensions.

An incident could be a benign configuration issue, IT incident, an
infraction to a service level agreement (SLA), a system compromise,
socially engineered phishing attack, or a denial-of-service (DoS)
attack, etc.  When an incident is detected, the response may include
simply filing a report, notification to the source of the incident, a
request to a third party for resolution/mitigation, or a request to
locate the source.  IODEF defines a data representation that provides a
standard format for sharing information commonly exchanged about
computer security incidents.  RID enables the secure exchange of
incident related information in an IODEF format providing options for
security, privacy, and policy setting.

MILE leverages collaboration and sharing experiences with the work
developed in the INCH working group which includes the data model
detailed in the IODEF, existing extensions to the IODEF for
Anti-phishing (RFC5901), and RID (RFC6045, RFC6046) for the secure
exchange of information.  MILE will also leverage the experience gained
in using IODEF and RID in operational contexts. Related work, drafted
outside of INCH will also be reviewed and includes RFC5941, Sharing
Transaction Fraud Data.

The MILE working group provides coordination for these various extension
efforts to improve the capabilities for exchanging incident information.
    MILE has several objectives with the first being a description a
subset of IODEF focused on ease of deployment and applicability to
current information security data sharing use cases.  MILE also
describes a generalization of RID for secure exchange of other
security-relevant XML formats.  MILE produces additional guidance needed
for the successful exchange of incident information for new use cases
according to policy, security, and privacy requirements.  Finally, MILE
produces a document template with guidance for defining IODEF extensions
to be followed when producing extensions to IODEF as appropriate, for:

    * labeling incident reports with data protection, data retention, and
      other policies, regulations, and
      laws restricting the handling of those reports
    * referencing structured security information from within incident
      reports
    * reporting forensic data generated during an incident investigation
      (computer or accounting)

The WG will produce the following:

    * An informational document on IODEF Guidance.
    * A Standards Track document specifying the Real-time Inter-network
      Defense (RID).
    * A Standards Track document specifying the transport for RID.
    * An informational template for extensions to IODEF.
    * A Standards Track document for IODEF Extensions in IANA XML Registry.
    * A Standards Track document for IODEF Extension to support
      structured cybersecurity information.
    * A Standards Track document for Labeling for data protection,
      retention, policies, and regulations.
    * A Standards Track document for GRC Report Exchange.
    * A Standards Track document for IODEF Extension to support forensics.

The drafts under consideration as WG items include:
     * Real-time Inter-network Defense (RID) bis:
        draft-moriarty-mile-rfc6045-bis-01
     * Transport of Real-time Inter-network Defense (RID) Messages bis:
        draft-trammell-mile-rfc6046-bis-00
     * Template for extensions to IODEF:
        draft-trammell-mile-template-01.txt
     * IODEF Extensions in IANA XML Registry:
        draft-trammell-mile-iodef-xmlreg-00.txt
     * GRC Report Exchange (Generalized RID for XML reports/documents):
        draft-moriarty-mile-grc-exchange-00.txt
     * IODEF-extension to support structured cybersecurity information:
        draft-takahashi-mile-sci-00.txt

Milestones

WGLC = Working Group Last Call

2011-11 - WGLC Real-time Inter-network Defense (RID)
2011-11 - WGLC Transport for Real-time Inter-network Defense (RID)
2011-12 - Submit Real-time Inter-network Defense (RID) to IESG for
             consideration as Standards Track document
2011-12 - Submit Transport Real-time Inter-network Defense (RID) to
             IESG for consideration as Standards Track document
2011-12 - WGLC Template for extensions to IODEF
2011-12 - WGLC IODEF Extensions in IANA XML Registry
2011-12 - WGLC IODEF Extension to support structured cybersecurity
             information
2012-02 - Submit Template for extensions to IODEF to IESG for
             consideration as Informational document
2012-02 - Submit IODEF Extensions in IANA XML Registry to IESG for
             consideration as Standards Track document
2012-02 - Submit IODEF Extension to support structured cybersecurity
             information to IESG for consideration as Standards Track
             document
2012-03 - WGLC IODEF Extension Labeling for data protection, retention,
             policies, and regulations
2012-03 - WGLC IODEF Guidance
2012-04 - Submit IODEF Extension Labeling for data protection,
             retention, policies, and regulations to IESG for
             consideration as Standards Track document
2012-04 - Submit WGLC IODEF Guidance to IESG for consideration as
             Informational document
2012-05 - WGLC GRC Report Exchange
2012-06 - Submit GRC Report Exchange to IESG for consideration as
             Standards Track document
2012-06 - WGLC Forensics extension
2012-07 - Submit IODEF Forensics extension to IESG for consideration as
             Standards Track document


_______________________________________________
mile mailing list
mile@ietf.org<mailto:mile@ietf.org>
https://www.ietf.org/mailman/listinfo/mile
.

_______________________________________________
mile mailing list
mile@ietf.org<mailto:mile@ietf.org>
https://www.ietf.org/mailman/listinfo/mile