IETF Logo Mail Archive

Re: [Secdispatch] Fw: New Version Notification for draft-paine-smart-indicators-of-compromise-00.txt

Michael Richardson <mcr@sandelman.ca> Tue, 10 March 2020 17:39 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D4033A180C for <secdispatch@ietfa.amsl.com>; Tue, 10 Mar 2020 10:39:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RaW4dhlXfebK for <secdispatch@ietfa.amsl.com>; Tue, 10 Mar 2020 10:38:59 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86FD63A1801 for <secdispatch@ietf.org>; Tue, 10 Mar 2020 10:38:59 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 733C93818F; Tue, 10 Mar 2020 13:37:44 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 6D1B2825; Tue, 10 Mar 2020 13:38:56 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>
cc: "secdispatch@ietf.org" <secdispatch@ietf.org>
In-Reply-To: <LNXP123MB2330E7D239FABA31AA1B93C7D7FF0@LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM>
References: <158349344094.2274.4065518603647811950@ietfa.amsl.com>, <LNXP123MB23300837148D795BB004451DD7E30@LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM> <LNXP123MB2330E7D239FABA31AA1B93C7D7FF0@LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 10 Mar 2020 13:38:56 -0400
Message-ID: <16468.1583861936@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/gqdcU9MbuNgZYf8bmGlfMkz6C6Q>
Subject: Re: [Secdispatch] Fw: New Version Notification for draft-paine-smart-indicators-of-compromise-00.txt
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 17:39:03 -0000

Hi, thank you for this interesting document.
It uses terminology which I did not know existed before.

The document does not specify a protocol of any kind, although MISP-project
is referenced.   It does not seem to be about any kind of directly
implementable Best Current Practice, but seems like background for something
bigger.

I'm not sure how publishing this as an RFC would be helpful.
Are you considering ways to represent the Indicators such that they can be
more easily exchanged?  I believe that the IETF has done a bunch of work in
that area (INCH, MILE, IODEF come to mind), but perhaps not exactly in this
direction.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email