IETF Logo Mail Archive

[OPSEC]Re: [Technical Errata Reported] RFC9424 (7964)

James Sellwood <james.sellwood.ietf@gmail.com> Tue, 04 June 2024 17:20 UTC

Return-Path: <james.sellwood.ietf@gmail.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA099C1840ED for <opsec@ietfa.amsl.com>; Tue, 4 Jun 2024 10:20:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DEmn2i5VfW6Z for <opsec@ietfa.amsl.com>; Tue, 4 Jun 2024 10:20:22 -0700 (PDT)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AC99C18DB93 for <opsec@ietf.org>; Tue, 4 Jun 2024 10:20:22 -0700 (PDT)
Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-35dceef4227so4457893f8f.0 for <opsec@ietf.org>; Tue, 04 Jun 2024 10:20:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717521620; x=1718126420; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=YjhXi9wOO8Q0vhhnb9CcOq7Q/RxrM4zVB0pakiOwLnc=; b=ZMH5RVvxYettIimFh1k3BKV71Io7aPczbuQE1eqm9Hl8biLn4eL92VFBdAV/UIsyyD Wa1HNV2Qr5TZ73YUXxcogyme8wZxAg6RuZILqsA79zFgrUPHCSErEFmymx4J9oOZJC6a 8K36Auy5eeq/dQwnm4pZzTUI8rHpQ5KoVvo1Lhlnn9/kmXokOmVBRg3sCisBkpm0ACvG dHuCpQPLbOXlY5OV9x+ysRnsWD4OM76JHS9gMioxxRHTA9kr6vMq+ALqQ/Dm3M/WQXt5 knXFEV9yCOgZNLS0xMl/Ivel+Ui9mUd+IZqMhejsJAtyomBbiQvpaZWs2KTE2OcrUNAg ASYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717521620; x=1718126420; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YjhXi9wOO8Q0vhhnb9CcOq7Q/RxrM4zVB0pakiOwLnc=; b=i96kyCqOkFChOHX9hqcRShTx4MqfkZyVYhnczLXhLT0iVsXmh1JrR2coXvMlwcAr8x 45iBm6xzSOtshxF44R8v4qYB2VkIMgPcjp5xM8p6CjXFSYVQm5clC/VOiZ6X5pL1uJw8 wI62QUD3vEsIHFctzAwTqBOTbowB6ISOqwStEa1/tZ7yWTqlNtaOBi2KS8eHKxbtsX0A aL2wiJLyWSnvjDEJEhNZWM5H9HCoeWSdLKyE3XEOZclm6YliT4dfqC16HTt5eV5OcxvL 0oB5T3CVd8XXNpF2Ti4xUHthfLgMEYu1TIVYN0gWvecuFmSRqwtTeiHxQRtvo0xAezGi VAug==
X-Forwarded-Encrypted: i=1; AJvYcCW/JYlCVNt+hlth/sbp/0T6AlC8GpYmXtRrlHhTXGaBLZcor2+of2Z5UMqnDnVYt5AOVja3skNbQWRvAhqi9Q==
X-Gm-Message-State: AOJu0YxM22UedlV6/OvkWZZ3KD1fLGSYqEwgWBLIRF/ER64DVdBbwQxd iH/RgIBxmkGYaO/EFgU2wFSAzwHTYplzVJ008PiDhFfnGsyzLXkj
X-Google-Smtp-Source: AGHT+IFDDLHWi6RUbiI3VkSp3wef0eUxOEzd31HreQE1we69QlHVRUoAX1x8VoNX1leavlERndgrKg==
X-Received: by 2002:a5d:59ad:0:b0:34d:990a:e4cb with SMTP id ffacd0b85a97d-35e8669bd34mr41327f8f.36.1717521619823; Tue, 04 Jun 2024 10:20:19 -0700 (PDT)
Received: from smtpclient.apple (95f155c5.skybroadband.com. [149.241.85.197]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-35dd066d317sm12118588f8f.113.2024.06.04.10.20.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 04 Jun 2024 10:20:19 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: James Sellwood <james.sellwood.ietf@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Tue, 04 Jun 2024 18:20:18 +0100
Message-Id: <9B85F9BF-A634-438F-85EC-192FC5F64BFA@gmail.com>
References: <LO0P123MB4843EA81FEC5AB64B689BFA6E3F82@LO0P123MB4843.GBRP123.PROD.OUTLOOK.COM>
In-Reply-To: <LO0P123MB4843EA81FEC5AB64B689BFA6E3F82@LO0P123MB4843.GBRP123.PROD.OUTLOOK.COM>
To: Andrew S2 <andrew.s2@ncsc.gov.uk>
X-Mailer: iPad Mail (19H384)
Message-ID-Hash: SOQQ3VCF6TRIC3YZN3VPFNBQSISD3UY5
X-Message-ID-Hash: SOQQ3VCF6TRIC3YZN3VPFNBQSISD3UY5
X-MailFrom: james.sellwood.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-opsec.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: RFC Errata System <rfc-editor@rfc-editor.org>, ollie@binaryfirefly.com, warren@kumari.net, mjethanandani@gmail.com, opsec@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OPSEC]Re: [Technical Errata Reported] RFC9424 (7964)
List-Id: opsec wg mailing list <opsec.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/95ab-esjJSLlx_QpnjUR2zLYSp4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Owner: <mailto:opsec-owner@ietf.org>
List-Post: <mailto:opsec@ietf.org>
List-Subscribe: <mailto:opsec-join@ietf.org>
List-Unsubscribe: <mailto:opsec-leave@ietf.org>

Good spot Andy. I agree those are the wrong way around.

James

.

On 4 Jun 2024, at 11:12, Andrew S2 <andrew.s2@ncsc.gov.uk> wrote:

As both an author of the document and the reporter of this errata, I believe that this report should be verified.

Thanks,
Andy

-----Original Message-----
From: RFC Errata System <rfc-editor@rfc-editor.org>
Sent: Thursday, May 30, 2024 10:09 AM
To: kirsty.ietf@gmail.com; ollie@binaryfirefly.com; james.sellwood.ietf@gmail.com; Andrew S2 <andrew.s2@ncsc.gov.uk>; warren@kumari.net; mjethanandani@gmail.com; furry13@gmail.com; rbonica@juniper.net
Cc: Andrew S2 <andrew.s2@ncsc.gov.uk>; opsec@ietf.org; rfc-editor@rfc-editor.org
Subject: [Technical Errata Reported] RFC9424 (7964)

The following errata report has been submitted for RFC9424, "Indicators of Compromise (IoCs) and Their Role in Attack Defence".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7964

--------------------------------------
Type: Technical
Reported by: Andrew Shaw <andrew.s2@ncsc.gov.uk>

Section: 3.2.3

Original Text
-------------
At its simplest, this indicates that
  the receiver may share with anyone (TLP:CLEAR), share within the
  defined sharing community (TLP:GREEN), share within their
  organisation and their clients (TLP:AMBER+STRICT), share just within
  their organisation (TLP:AMBER), or not share with anyone outside the
  original specific IoC exchange (TLP:RED).


Corrected Text
--------------
At its simplest, this indicates that
  the receiver may share with anyone (TLP:CLEAR), share within the
  defined sharing community (TLP:GREEN), share within their
  organisation and their clients (TLP:AMBER), share just within
  their organisation (TLP:AMBER+STRICT), or not share with anyone
  outside the original specific IoC exchange (TLP:RED).


Notes
-----
The definitions of TLP:AMBER and TLP:AMBER+STRICT are the wrong way round in the original text.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC9424 (draft-ietf-opsec-indicators-of-compromise-04)
--------------------------------------
Title               : Indicators of Compromise (IoCs) and Their Role in Attack Defence
Publication Date    : August 2023
Author(s)           : K. Paine, O. Whitehouse, J. Sellwood, A. Shaw
Category            : INFORMATIONAL
Source              : Operational Security Capabilities for IP Network Infrastructure
Stream              : IETF
Verifying Party     : IESG

v2.39.1 | Report a Bug | By Email | System Status