[OPSEC]Re: [Technical Errata Reported] RFC9424 (7964)
Andrew S2 <andrew.s2@ncsc.gov.uk> Tue, 04 June 2024 10:12 UTC
Return-Path: <andrew.s2@ncsc.gov.uk>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17EBFC14F699 for <opsec@ietfa.amsl.com>; Tue, 4 Jun 2024 03:12:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.1
X-Spam-Level:
X-Spam-Status: No, score=-7.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mpHyKiGtSHSA for <opsec@ietfa.amsl.com>; Tue, 4 Jun 2024 03:12:31 -0700 (PDT)
Received: from GBR01-CWX-obe.outbound.protection.outlook.com (mail-cwxgbr01on2087.outbound.protection.outlook.com [40.107.121.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC7BAC14F691 for <opsec@ietf.org>; Tue, 4 Jun 2024 03:12:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SUJTj2PFoKlbsaT3P6TldjeqmwtPr9oQH2NwUvfHv0uOk5Q4OY2p9Qr3X1ltdJ7GVXsV84WQUUAeYP7huHB6+XCerDfbEXiKFNHAJvV2bDtKKmJrHkIOgSN3C4ulDXefsXC+m12oCwbeFC9ojs/TEZNQkizAcrlPYDFhDkACJNzoeJLJMu4UtQZeHDC5H+v1Thnx+GPhGHij6kWmQ4da1lCBVNFYTMQvwb62VumarIwV1DRQTIWj6IxzQ5OkWfd+hpcvwqGRNqHv61PGHvsybDfg8N6MZYaMzvRkDQ3M+nWCf+aUvJ5jTfmSA/fF47hmoINH78935ytTX8UrP2YtXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H06/zrqp865D9JxILCYNKVvB5wrKb95mbJQyHWO2YzA=; b=OJ7RATapelKqaDiBuqMV73KEdzjkhmyoEfgTCAP1z8AYjpwEOlInvOYpehLo7q5cG0Uf+G4jlGBf+Gpa+ISD6OCVGQbJ7Me5dHYyiVnTgaZZwZ9eN/yLtYjH8+3/P/sxjvmzdRvE65Nkiz0lXdQjQYfoJucS2gqITu5zsfD8qsiDSbakllkYBCOKeaVmdiM8u9bZBP6dvgetHYIhgnZe/m38xdLYJvkZV2+seKU9h6B6/C+fkCoSJetGTs1ZhQrVQEStGRCkV75UbkpJpaVwfh67CPOEkdEuXxZM5ePbKllTrX3cyC54Fn11Galt9UcIa5n2R2RNIE7yF/Qz5+Uq9w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H06/zrqp865D9JxILCYNKVvB5wrKb95mbJQyHWO2YzA=; b=RUsINs5tU5KFK455CRElNuT62fdP1ajvgQKHMXFOxQ+khYUO7CwlJUXmNLhUcw0NTNdJFEDGJHogXAQvI7mc6kAA5adj8N9TAOvQmYPskI5P85CToXCxfEwk4tkuhf2il1XfrjdMiSqvX5ZyS7OPoVhkZRp506o084oT7BweYJ6WtGByFL4S3XbNFR3oa2w8qCYwNTDjThnu26zv2h4PEdGb1mclWFS08tDClM/XNw2ffAoabQd79uyRtBqRRe8nkBrPstHE+iQXXXvld630zZi08TfnSBIpcpirN3Wo4YkwzEziuao6Ue67I6ycwLxF0MjMoiya4BrxeiCVd8m58Q==
Received: from LO0P123MB4843.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1df::13) by CWXP123MB5763.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:198::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.19; Tue, 4 Jun 2024 10:12:26 +0000
Received: from LO0P123MB4843.GBRP123.PROD.OUTLOOK.COM ([fe80::e30f:f6fd:4197:e669]) by LO0P123MB4843.GBRP123.PROD.OUTLOOK.COM ([fe80::e30f:f6fd:4197:e669%4]) with mapi id 15.20.7633.021; Tue, 4 Jun 2024 10:12:26 +0000
From: Andrew S2 <andrew.s2@ncsc.gov.uk>
To: RFC Errata System <rfc-editor@rfc-editor.org>, "kirsty.ietf@gmail.com" <kirsty.ietf@gmail.com>, "ollie@binaryfirefly.com" <ollie@binaryfirefly.com>, "james.sellwood.ietf@gmail.com" <james.sellwood.ietf@gmail.com>, "warren@kumari.net" <warren@kumari.net>, "mjethanandani@gmail.com" <mjethanandani@gmail.com>, "furry13@gmail.com" <furry13@gmail.com>, "rbonica@juniper.net" <rbonica@juniper.net>
Thread-Topic: [Technical Errata Reported] RFC9424 (7964)
Thread-Index: AQHasnEGcqClIq8e4U6FNh8cALXlibG3aY4Q
Date: Tue, 04 Jun 2024 10:12:26 +0000
Message-ID: <LO0P123MB4843EA81FEC5AB64B689BFA6E3F82@LO0P123MB4843.GBRP123.PROD.OUTLOOK.COM>
References: <20240530090856.408787FA60@rfcpa.rfc-editor.org>
In-Reply-To: <20240530090856.408787FA60@rfcpa.rfc-editor.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ncsc.gov.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LO0P123MB4843:EE_|CWXP123MB5763:EE_
x-ms-office365-filtering-correlation-id: c18200b7-4483-4327-db04-08dc847ed59a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|376005|1800799015|366007|38070700009;
x-microsoft-antispam-message-info: 61yPYfFHofha87QBYd+OdAouSc+1GjpgTlxh2du1OTXTjme0Cp5BJLJSWLbOpxCddsecVDh4WAZSKkqZbcNzuzuvYIfMI5ts8lzDg2txSwlMv3gAOxKyTEoeSo0MbnFKLK4kLXZYzmKDG30djoymvp0CQBnBupb3Nyzqs0dmCYl+LdVH1Wqtr1n+na+wtIjA8rnml6FZlJ/TTDngfQPZVCvUN2tStZ1DpZSyfqVH9ljnm3MOPJ46zG4sr+TF23EvCw/ZptPTZ+cAlbUKQ1V59n0VvmovfW1NIsOkvjMkxq1Or3P9//JM1o4CxhV3hP2shbRB/ep+X5zJ8j0WYd1nY2OEOLxFgafsG59texiVgcsUb3KqBcuLeLWe0qkOMTm8WRCapKJV8Bjn2lLp/Iz8J/t0JraUlog1pKN5GItUE02TOwa9BWRWzQ+qS/fSIi8d2LoF0sOxfi6smSGsjptFpxe0waF6lgwwRfVdeKn5emHXaEQFHc2FjuT/A/BEF+J8hlYAajVYvD8raRz/JGIiX1mL4H/yGU5F8i5BsR3SS5fJ6Vfwvla+orhs3N+courpmB6rplV1sY/IeSOfGePZPO5r6Ri94DWYKzB6P2z0NppVsQAC60Y93TyXPJ2V4kiofhd5EsptYNVIqSIP9czgMuhAjBLU2lGb/jSg6MlrattITIFd1B5icI9npa1urLvgOZJb86YW65Fl7zY1YMWcs0HdRdldHCskXXJgFLQ0urJLXEBmaLdxI/pHiJVt3ljKFBRMuKVFxRomWO4WfDMmo6yMMUFf/FUI5mfn8uH/feWeaBq8md3BR6cxc4wPwNVDV405/5UdiNXIkWrJC5MvxPviwMeTSaiMQ8rXbvN+RZFqcFhGmoSPT1Q4nxCCd51zE94CVYorPTnV2E7MslrPJm9067YutYVGVOn5nfYTpCXuL2QP+0ACpAWIShrGmlgvjfqSXTtQ9tZrapzSM0uTEd33VoyTursR97V0imlrzbZVw/RLcaHhF0e+2uXjMxcBnduoT3GoR/3YzCy15c9Vz95XNuoPEFg72k/oHxeF3/QuX1+9IWp7sK5fZV+xZEzvYPuw/ASt/RgTZlddoGLIdkFQ0yWs57VTU6aDX2lWJPVriU+zxgxRLQQSm+vriWKDu51XsNIjXtKI8m9VE1LkEMzJAVUaZGgHwXIgkJoU1AldaodyrZ2RHnE7olsdRPr6KTt1gAJazQji4e7UQyJN1HnwIBJr9oefitSg/sFXk41mnCbmpIhxBQL8855GeuVpjZh4WDhQOtyCqw4ZKp98Js+h20wK6WRwS/5ChKleO0jqTFWW1mJr+HdKfU5hUiWg7Rp4V+418SsBRB8QT43JMv3xrhyXMsM+ng1PR/lTlFo=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LO0P123MB4843.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(376005)(1800799015)(366007)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: s7Ojg3sLKG0xBxdke/Th3f4PnseCKjymdd+Cu//gxb3ZN8J4BMZuTyvSYcl0fmzynmdsGgTARAT9qHz2gpPMAfCKyCEwIk1LErkpz5pn0/Lk0sVxCQrZsimCazfPAMybi9ihxnwrbeNFTTt9O5+e7Z65J7e7g7gA3pPbMt1oTaklw2jKthzd5x/PWk7f8wJqEpoJuUxgenHU5DStBIkbU+rN188j5FW+piQRlmxeYGBiBfCqU3N6zPlaS/Z7ZPM8IDK6aETJaTtlmHodIPNa0BLtxaWb2qOnsO6U5nQv1my9DEalCQWlE3A7laocQhciZkrHjf/+iq6PgsAn6W2cmdOs9yZ7ET3BRTlpQ9sG9ZkQGeX+ib+YB4vv3AgIhOu9TOQT5AzVXe3bXhX/vFEJJZ1p3O/7/u5EojR6vvKq5D59zK6Sc5pGX4ghBLmy7DU96wiK1ZaL7paOozBhRre52B8JLLFu4WeMFkILkEK4Khpf3rHNx2yafQw9MjXYyOw6VVf9Wz854dPWEmGeHJT8l4wq4pycR6koLZimgdsK9iguJU3Z7AGm0DSIMzZp/q3yOXyMbq8yTn+aZf6z33+LIZSfdlV55ys2rQcbna5E/ijVOF/AxgoRB+cFo+WjqzvI8a34piEHbfonGaLsoPnhNgi3JrHLNWZ2R9E8Dkzv/7VGDrJeW0s0sXVi/3S48VCSrmMA+ScA0YJCDxn8t9MLJ0G3f8L7pdDdY3exi4nFysldtYOmorveaQFuTZAt4Vj2Y4C0Bv5PV1u6SUsLOWSW8HPbl7XrTsTlSPA69k9izG5eVGsWUXQ5/GSTeDZqBGkl5D2uvcbMEG9Or/g3xSbTz1eeI6P1WEPq//nuYwPtweZmdAfcmm5DSR+4+4ouihcF9pYGoSPIl6DdBIWlTivC32XBjj9/B5/yAveDRPbErh6hPmj5jg/Eadh0JXQl17SsSR6+9mGfpng8NZ3PWWgsP4C+yVLWPNuzub2YXI4RMmHxSF2KwQGO597JnxtzsNKR1AwXZycT23mR5WUOxHMwZphvAZjZHnOdHgbmIwhWdpJw2/ssJWwCcllqylY+MWN6gu4mj/Dv8Ux1aQJgF1rtmYmHj+TvTEipJDPMFREaP72tofkoDxM0rC/Gvrha5sVPS5AZN43NImJehxS2oHSeQZ4mL/uus8hp9UEZhBPijmFweiwxXtQ5GAUj2ExpcpQLwHaptfgcsK52cjmMnwWIUsxyylztcuro9qrsi3AY7e+l2ow+Kx5yK5AqQNCJiAGlesse+cKH5aOc0dkmjUYMzrGaxyCQqrcybWbr4Ay4SV1S8Ad5EbHXnDKNWBx4dUKlMjy8+Jf1PtlDrPv1Erj/84sO1m5m3ogfDDGkZlLX8eccR6nE/JAReWd0a1Ez2hOlRaq4XfSnI4IlLButJD27UpwWLEdKHOlm5l7Ccw1I0xDa5YmqdUqCMJwh87O0tvLNZHQpBRbr4THOUQ+Ofh0tiS5tR3Q0vgPFzMXno+u9GTWo8VUQ0nyzuMoqtVOYJo3TxIz1FVYKTmvllwSY0+D7PTKvYHLEAufDr1vpWETzfrevVLzDx3c5NMVPFyRsQf2V
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO0P123MB4843.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: c18200b7-4483-4327-db04-08dc847ed59a
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2024 10:12:26.3707 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +zddeJU0vXa2QBbZvKHja6YhXvSCerUhlQcwEQWXtehHIl2PKNOD2J2LBVaAFo4co//g0RKKVSvMOdldECz02w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWXP123MB5763
Message-ID-Hash: XLI26UTE56MZABXFRUXXWZPBWEKHCIC3
X-Message-ID-Hash: XLI26UTE56MZABXFRUXXWZPBWEKHCIC3
X-MailFrom: andrew.s2@ncsc.gov.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-opsec.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "opsec@ietf.org" <opsec@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OPSEC]Re: [Technical Errata Reported] RFC9424 (7964)
List-Id: opsec wg mailing list <opsec.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/UhyZpjtCgsEh0LEnqDOVpbf0E1U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Owner: <mailto:opsec-owner@ietf.org>
List-Post: <mailto:opsec@ietf.org>
List-Subscribe: <mailto:opsec-join@ietf.org>
List-Unsubscribe: <mailto:opsec-leave@ietf.org>
As both an author of the document and the reporter of this errata, I believe that this report should be verified. Thanks, Andy -----Original Message----- From: RFC Errata System <rfc-editor@rfc-editor.org> Sent: Thursday, May 30, 2024 10:09 AM To: kirsty.ietf@gmail.com; ollie@binaryfirefly.com; james.sellwood.ietf@gmail.com; Andrew S2 <andrew.s2@ncsc.gov.uk>; warren@kumari.net; mjethanandani@gmail.com; furry13@gmail.com; rbonica@juniper.net Cc: Andrew S2 <andrew.s2@ncsc.gov.uk>; opsec@ietf.org; rfc-editor@rfc-editor.org Subject: [Technical Errata Reported] RFC9424 (7964) The following errata report has been submitted for RFC9424, "Indicators of Compromise (IoCs) and Their Role in Attack Defence". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7964 -------------------------------------- Type: Technical Reported by: Andrew Shaw <andrew.s2@ncsc.gov.uk> Section: 3.2.3 Original Text ------------- At its simplest, this indicates that the receiver may share with anyone (TLP:CLEAR), share within the defined sharing community (TLP:GREEN), share within their organisation and their clients (TLP:AMBER+STRICT), share just within their organisation (TLP:AMBER), or not share with anyone outside the original specific IoC exchange (TLP:RED). Corrected Text -------------- At its simplest, this indicates that the receiver may share with anyone (TLP:CLEAR), share within the defined sharing community (TLP:GREEN), share within their organisation and their clients (TLP:AMBER), share just within their organisation (TLP:AMBER+STRICT), or not share with anyone outside the original specific IoC exchange (TLP:RED). Notes ----- The definitions of TLP:AMBER and TLP:AMBER+STRICT are the wrong way round in the original text. Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC9424 (draft-ietf-opsec-indicators-of-compromise-04) -------------------------------------- Title : Indicators of Compromise (IoCs) and Their Role in Attack Defence Publication Date : August 2023 Author(s) : K. Paine, O. Whitehouse, J. Sellwood, A. Shaw Category : INFORMATIONAL Source : Operational Security Capabilities for IP Network Infrastructure Stream : IETF Verifying Party : IESG
- [OPSEC][Technical Errata Reported] RFC9424 (7964) RFC Errata System
- [OPSEC]Re: [Technical Errata Reported] RFC9424 (7… Andrew S2
- [OPSEC]Re: [Technical Errata Reported] RFC9424 (7… James Sellwood
- [OPSEC]Re: [Technical Errata Reported] RFC9424 (7… Warren Kumari