[saag] MILE Summary

"Moriarty, Kathleen" <kathleen.moriarty@emc.com> Thu, 08 November 2012 15:27 UTC

Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A61D21F85AA for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 07:27:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Level:
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F5GgdlCNU9Dx for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 07:27:05 -0800 (PST)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id ADAD821F87DF for <saag@ietf.org>; Thu, 8 Nov 2012 07:27:03 -0800 (PST)
Received: from hop04-l1d11-si04.isus.emc.com (HOP04-L1D11-SI04.isus.emc.com [10.254.111.24]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id qA8FR26O007020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <saag@ietf.org>; Thu, 8 Nov 2012 10:27:02 -0500
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.221.251]) by hop04-l1d11-si04.isus.emc.com (RSA Interceptor) for <saag@ietf.org>; Thu, 8 Nov 2012 10:26:44 -0500
Received: from mxhub04.corp.emc.com (mxhub04.corp.emc.com [10.254.141.106]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id qA8FQeXc012148 for <saag@ietf.org>; Thu, 8 Nov 2012 10:26:43 -0500
Received: from mx15a.corp.emc.com ([169.254.1.83]) by mxhub04.corp.emc.com ([10.254.141.106]) with mapi; Thu, 8 Nov 2012 10:26:42 -0500
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: "saag@ietf.org" <saag@ietf.org>
Date: Thu, 8 Nov 2012 10:26:41 -0500
Thread-Topic: MILE Summary
Thread-Index: AQHNvcVzk0Hb9rt61EW/bB7k285pYA==
Message-ID: <F5063677821E3B4F81ACFB7905573F24092B0357@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: [saag] MILE Summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 15:27:08 -0000

MILE WG Summary:
MILE met on November 6th, Tuesday at 3:20 and had a productive session.  Two new drafts were reviewed and there seems to be general agreement that the work is needed.  The drafts will require a call for WG adoption and a charter change.
   Resource Oriented Lightweight Indicator Exchange: 
   http://datatracker.ietf.org/doc/draft-field-mile-rolie/

   IODEF Enumeration Reference Format
   http://datatracker.ietf.org/doc/draft-montville-mile-enum-reference-format/

The Structured Cyber Security (SCI) draft was reviewed and updates per the WG decision from the last meeting were made to the current version.  The editor will drive the document with a use case focus going forward to ensure the use cases that are requirements driven are actually met through this draft.  We'll need to see discussion on the mailing list and participation from incident responders (a little tough as they don't like to talk openly).
   IODEF extension to Support structured cybersecurity information
   http://datatracker.ietf.org/doc/draft-ietf-mile-sci/

Additionally, two other drafts are expected before the next meeting to update the base format to exchange incident information as well as provide guidance to implementers to ensure consistent representation of incidents can be done for interoperability between implementations.
   RFC5070-bis with 2 volunteer editors (one was an RFC5070 editor)
   IODEF Guidance with 3 volunteer editors

Additional drafts expected to be updated before the next meeting
   WG document: GRC Exchange, 
   http://datatracker.ietf.org/doc/draft-ietf-mile-grc-exchange/

  non-WG document: IODEF Forensics extension
  http://datatracker.ietf.org/doc/draft-inacio-mile-forensics/

Some discussion on an XMPP binding for IODEF/RID and we need to hear feedback on the list if this will be helpful with some use case background/explanation.  Peter St. Andre has volunteered to work on such a draft if it is useful to the WG.