[Secdispatch] Fw: New Version Notification for draft-paine-smart-indicators-of-compromise-00.txt

Kirsty P <Kirsty.p@ncsc.gov.uk> Tue, 10 March 2020 17:00 UTC

Return-Path: <Kirsty.p@ncsc.gov.uk>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCBC03A16F0 for <secdispatch@ietfa.amsl.com>; Tue, 10 Mar 2020 10:00:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5uiWq2NqxIqd for <secdispatch@ietfa.amsl.com>; Tue, 10 Mar 2020 10:00:48 -0700 (PDT)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100134.outbound.protection.outlook.com [40.107.10.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 820C43A16ED for <secdispatch@ietf.org>; Tue, 10 Mar 2020 10:00:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nOQN0TCRWTIPsg/GQFoM5M+8fQ43ZJ5P7LnEfbTHlICu3oPH6C76S+P1Yli73oyjD8Z2JKEykkwDjcph3pAish63dwtq4U0RQNiAVqQytNqYhH47Ragfo2bivRBDdavi4hSVlrsRHW82FITfPpbY1Fe8sUnIRi9e3iZc57c3++nk3CsFVtZMI1ITkq3VtZHrJcLsonwcxQPNC3pJuKOMrlvBJl2T4Dzh9ke6Z1ppDo8jPmX5fHmI3N5LJfU2IgdhaLSldu5XAoaUngiu8+4CDDTnu+19eX1mejelfbDqCb+3cBqpfHQ5Wowb5LJyTCmyX2+sQonrRrU9/tWdxsk3xg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3bmfu1gC8s0lLojgwv1k7jlQd5biZc/4mmly7DDMJVc=; b=MaIBOdurKLm4lgPgND0hoZlwPGr4UV2FmSOFYVFMhm0yQ6mkd5LKuXSEtH+H8IIxykWs+038ltZqTrbVMu3B1GBmGiB/obteU9sdsfLzWrzLsEvU+Hng9kIb96BI5EGWm69jQRu5MmchgnS0CsFH1p3oMVQS2rEa2GnXQ3cC6vYfX64Avl7u0hx6r8t/KSm6xM4uV0QG9Wyt+DVszKxxfspOQHInSesHA82y+XHFpgWe09Dx4TbcXPNiatCz7FhxxB18k+Jz4cymViT6ygnvbM709yIKgUT7YDGhH1WEef70hB7qYfCJOUWHWoa/mPpTJBlCKVVnQNaKcJaIralfhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3bmfu1gC8s0lLojgwv1k7jlQd5biZc/4mmly7DDMJVc=; b=jijOr+cAzo74gDgUwSUhchV23WlTNTVWGmAmJTf7+MSw34i0xHww8eE3d9I5U5vTG81t+v05tNSfEmVgPiLpPNPrn2NCzRfgZaDQVbsBhrJFCrDeJjJZ4k0ytXj/1+9mtBSQbF+KhWpMZaf/F8Hh499JOt6P6oEDjMWrlfEVTa0=
Received: from LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM (20.179.131.80) by LNXP123MB2122.GBRP123.PROD.OUTLOOK.COM (20.176.159.211) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.15; Tue, 10 Mar 2020 17:00:43 +0000
Received: from LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM ([fe80::dc7a:97bb:102a:9c1c]) by LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM ([fe80::dc7a:97bb:102a:9c1c%6]) with mapi id 15.20.2793.013; Tue, 10 Mar 2020 17:00:43 +0000
From: Kirsty P <Kirsty.p@ncsc.gov.uk>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: New Version Notification for draft-paine-smart-indicators-of-compromise-00.txt
Thread-Index: AQHV86jPt3WqYZHQGkS6Pyj9v0KtrKg7fH1MgAaWl5o=
Date: Tue, 10 Mar 2020 17:00:43 +0000
Message-ID: <LNXP123MB2330E7D239FABA31AA1B93C7D7FF0@LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM>
References: <158349344094.2274.4065518603647811950@ietfa.amsl.com>, <LNXP123MB23300837148D795BB004451DD7E30@LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM>
In-Reply-To: <LNXP123MB23300837148D795BB004451DD7E30@LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kirsty.p@ncsc.gov.uk;
x-originating-ip: [51.141.26.231]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 66ea9a61-c63d-4760-b44a-08d7c51491d6
x-ms-traffictypediagnostic: LNXP123MB2122:
x-microsoft-antispam-prvs: <LNXP123MB2122F32B5A5059858D8FEFAFD7FF0@LNXP123MB2122.GBRP123.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 033857D0BD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(136003)(376002)(346002)(366004)(396003)(39850400004)(199004)(189003)(316002)(966005)(6506007)(55236004)(478600001)(86362001)(52536014)(71200400001)(7696005)(186003)(76116006)(6916009)(8676002)(5660300002)(66946007)(19627405001)(8936002)(33656002)(9686003)(55016002)(64756008)(81166006)(26005)(15650500001)(66446008)(66556008)(2906002)(81156014)(66476007); DIR:OUT; SFP:1102; SCL:1; SRVR:LNXP123MB2122; H:LNXP123MB2330.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: s3YuZs21Jws/RB/pYNpTpD4FKqoIkDcC3Go93h5VKyOoeNfwo6VVmg5KVO+hzujonVSA6cH5XK2FNXTdpYLSVFJ4U8mPArPK22X+NRQVE+054A6IoCU6f++FzyvKySdWNiwjPb/hj5hrh/qLMPOPWfxPukiWNMNOt/IxGm8raIfmANSVAuIsdxv+yxf8b9My74dwCkfm8sO0WvvBGGYQDH/YI9coKtLVSUJ/DgZSRxpak++T72hsCI5ULGq2Uisry6Qj2g8yoGs+8yEUjicwjJ7zvKlx8PpI/JPhX3edrzkkqNKissJzVItPw4jI4l0AZC+cSpG34y5y6zF/cFCm1rsazR3FTNtlKHeYze/M41cZWEUDLYPf8vI0I30Pc2s5sB3C4tmndtRwWkYmXXPe/hGVQmWY/UMdVmV4LdDyp+iESnpoeCbnhbRiTfLxUlGbJF/zTVMDdSVCQwio95ncFDndPyvLFU4DIqGOmMN6ewcvbOr+FLtyEpOjwlXe1XiuOAPkXi5qplIAwBF5vOxrUw==
x-ms-exchange-antispam-messagedata: dSBUH/GIyMHihyRR42U0I3ceHflVExCcPpy9iAj7PcVLZ60Stw5VCLPeGhxeOPQYyls+qQlnXXblRwa06TqqATnRSSC7kZeuesn+civiYjBXJZuKnX1aniZ9bU+iGg3GzT+hUTNovzL2zyTHxErUWA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_LNXP123MB2330E7D239FABA31AA1B93C7D7FF0LNXP123MB2330GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 66ea9a61-c63d-4760-b44a-08d7c51491d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2020 17:00:43.1990 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uI7dGG5Hur2L2aXZcd+Yghv36TxS81vJftCngUPrRq1Yu/2SRNPwmm38HOqQnbDmXJ/aY7YGr2U02ccPcG9CwQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LNXP123MB2122
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/Pt3-hZkYq-Psp_V63nT0tlJRlRM>
Subject: [Secdispatch] Fw: New Version Notification for draft-paine-smart-indicators-of-compromise-00.txt
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 17:00:54 -0000

Hi,

I'd like to request a slot at secdispatch for IETF 107 to present the draft below.
Additionally, comments/feedback on the draft from interested parties are very welcome.

Kirsty



A new version of I-D, draft-paine-smart-indicators-of-compromise-00.txt
has been successfully submitted by Kirsty Paine and posted to the
IETF repository.

Name:           draft-paine-smart-indicators-of-compromise
Revision:       00
Title:          Indicators of Compromise (IoCs) and Their Role in Attack Defence
Document date:  2020-03-06
Group:          Individual Submission
Pages:          15
URL:            https://www.ietf.org/id/draft-paine-smart-indicators-of-compromise-00.txt<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fid%2Fdraft-paine-smart-indicators-of-compromise-00.txt&data=02%7C01%7Ckirsty.p%40ncsc.gov.uk%7C3283447022044502363808d7c1c9fb79%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C637190945558787055&sdata=HE08SVSSndeW8w3%2BLhIuPIN6UHQgS12CyJyzkU6Pbb4%3D&reserved=0>
Status:         https://datatracker.ietf.org/doc/draft-paine-smart-indicators-of-compromise/<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-paine-smart-indicators-of-compromise%2F&data=02%7C01%7Ckirsty.p%40ncsc.gov.uk%7C3283447022044502363808d7c1c9fb79%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C637190945558787055&sdata=HIi8VC1pjpoVEiRKxGCTYC6Uh3AU9Rnw%2FBZlMM6aYaQ%3D&reserved=0>
Htmlized:       https://tools.ietf.org/html/draft-paine-smart-indicators-of-compromise-00<https://tools.ietf..org/html/draft-paine-smart-indicators-of-compromise-00>
Htmlized:       https://datatracker.ietf.org/doc/html/draft-paine-smart-indicators-of-compromise<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-paine-smart-indicators-of-compromise&data=02%7C01%7Ckirsty.p%40ncsc.gov.uk%7C3283447022044502363808d7c1c9fb79%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C637190945558787055&sdata=71V38VD17LA01QwaLsf3GR7gHKhscVYVsI9dyomCXgs%3D&reserved=0>


Abstract:
   Indicators of Compromise (IoCs) are an important technique in attack
   defence (often called cyber defence).  This document outlines the
   different types of IoC, their associated benefits and limitations,
   and discusses their effective use.  It also contextualises the role
   of IoCs in defending against attacks through describing a recent case
   study.  This draft does not pre-suppose where IoCs can be found or
   should be detected - as they can be discovered and deployed in
   networks, endpoints or elsewhere - rather, engineers should be aware
   that they need to be detectable (either by endpoint security
   appliances or network-based defences, or ideally both) to be
   effective.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk. All material is UK Crown Copyright ©