Last Modified: 2005-06-27
Done | Initial I-D of the incident data language specification | |
Done | Initial I-D for the requirements specification | |
Done | Initial I-D of the implementation guidelines document | |
Done | Initial I-D of the traceback extension specification | |
Apr 05 | Submit requirements I-D to the IESG as Informational | |
Apr 05 | Submit initial draft of phishing extension specification I-D | |
Jul 05 | Submit incident data language specification I-D to the IESG as Proposed | |
Jul 05 | Submit traceback extension specification I-D to the IESG as Proposed | |
Jul 05 | Submit phishing extension specification I-D to the IESG as Proposed | |
Aug 05 | Submit implementation guidelines I-D to the IESG as Informational |
Extended Incident Handling (INCH) WG Minutes
IETF 63 Wednesday, August 3, 2005, 10.30-12.30 Paris, France Chair: Roman Danyliw <rdd@cert.org> AD Adviser: Sam Hartman <hartmans-ietf@mit.edu> ---[ Agenda ]----------------------------------------------------------- o Administrative (Roman Danyliw, 5 min) o Requirements draft review (draft-ietf-inch-requirements-04) (Glenn Keeni-Mansfield, 5 min) o Data Model draft review (draft-ietf-inch-iodef-04) (Roman Danyliw, 25 min) o Implementation guide draft (draft-ietf-inch-implement-01) (Roman Danyliw, 1 min) o RID draft review (draft-ietf-inch-rid-03) (Kathleen Moriarty, 20 min) o Transport draft review (draft-moriarty-soap-00) (Brian Trammell, 20 min) o Phishing extension draft review (draft-ietf-inch-phishingextns-01) (Pat Cain, 20 min) ---[ Administrative ]--------------------------------------------------- presentation: <http://www.cert.org/ietf/inch/ietf63/ietf63-inch-agenda.pdf> Roman Danyliw presented a summary of the INCH working group. o A new WG document that extends the IODEF to describe phishing incidents has been accept. This work was previously presented at IETF 62. See draft-ietf-inch-phishingextns-01. o An individual draft, draft-moriarty-soap-00, was submitted to describe a SOAP transport binding for the IODEF. This draft will help inform the WG and the IESG as to whether this direction is appropriate for the WG. Transport entails a substantial expansion of the charter. o Updates to the schedule were made to reflect a slight slippage in the delivery dates (WG last-call) of the WG drafts. ] Sep 05 Submit requirements I-D to the IESG as Informational ] Dec 05 Submit incident data language specification I-D to the IESG as Proposed ] Dec 05 Submit phishing extension specification I-D to the IESG as Proposed ] Dec 05 Submit traceback extension specification I-D to the IESG as Proposed ] Feb 06 Submit implementation guidelines I-D to the IESG as Informational ---[ Requirements ]----------------------------------------------------- document: draft-ietf-inch-requirements-04 presentation: <http://www.cert.org/ietf/inch/ietf63/ietf63-inch-req.pdf> Glenn Keeni-Mansfield reported on the new -04 version of the requirements draft. It addressed a number of proofing changes. Another final set of comments were provided just before the meeting. An -05 draft will be produced by August 30, and the document will then enter WG last call. ---[ Data Model ]------------------------------------------------------- document: draft-ietf-inch-iodef-04 presentation: <http://www.cert.org/ietf/inch/ietf63/ietf63-inch-dm.pdf> Roman Danyliw presented on the substantial updates found in the -04 draft, (notably the introduction of an XML Schema), and the group discussed the remaining modeling issues. The WG is aiming to freeze the data model by September 2005 and use the subsequent months till December 2005 to address the editorial issues. Comments and Discussion on open issues: #698: Representing a Name in <Contact> o WG consensus was to adopt both Proposal #2 (i.e., Rename the name class used in Contact to PersonOrgName) and Proposal #3 (i.e., a DN-like syntax) but require only one to be present. o If a DN-like construct is introduced, it should be made explicit that no certificate processing is required. #855: Formalize <Location> o The existing proposal is poorly understood. The original commenter on this change needs to clarify their position o There was limited support for binding a DN syntax (i.e., certificate information often stored in LDAP repositories) to hosts #701: Review of Default Values o Progress is slower than expected due to the conflicting specifications found in the text, DTD, and Schema. #551: Formalizing <RecordData> o Proposed schema changes exist, but it remains poorly understood. The original commenter has been asked to provide text for the schema. #857: Handling Binary Files o Still awaiting to hear back from original commenter on a proposal Comments unrelated to open issues: o Specifications on using XML-Encryption and Signature are found in multiple drafts: data model, RID, and SOAP. It should be only in once place and referenced from the others. The authors of the various drafts will determine the right way to accomplish this task. o The actions taken in a trace previously represented in RID must be moved into the RecordItem class. ---[ Implementation Guide draft ]--------------------------------------- document: draft-ietf-inch-implement-01 (now expired) Roman Danyliw reported that no changes have been made to the implementation draft pending resolution on transport and data model issues. All open issues remain open. ---[ RID draft ]-------------------------------------------------------- document: draft-ietf-inch-rid-03 presentation: <http://www.cert.org/ietf/inch/ietf63/ietf63-inch-rid.pdf> Kathleen Moriarty presented the new -03 draft which has completed RID's transformation into a generalized messaging format for IODEF. Given the recent changes in the data model, a revision of this draft is necessary. Discussion: Q: Does RID always need to be used in a consortium? A: No, bilateral or peer relationships are very much possible. Q: It appears that RID has a way to specify a policy for the sender, but what about a policy for the receiver? A: When working with peers, one will likely trust one more than the other. For this circumstance, there is the Confidence class in IODEF. ---[ SOAP Binding draft ]----------------------------------------------- presentation: <http://www.cert.org/ietf/inch/ietf63/ietf63-inch-soap.pdf> document: draft-moriarty-soap-00 Complementing the RID message format, Brian Trammel presented a new individual I-D that provides a SOAP transport binding. This draft was a response to the community's request and the WG's and AD's uncertainty about adopting a transport specification. Additional coordination with RID and the implementation draft are necessary and will be included in the -01 draft. ---[ Phishing Extensions draft ]---------------------------------------- presentation: <http://www.cert.org/ietf/inch/ietf63/ietf63-inch-phishing.pdf> document: draft-ietf-inch-phishingextns-01 Pat Cain presented the -01 draft of the phishing extensions to the IODEF. A new version of the draft will be ready in mid-August. Comments: o An XForm generator for phishing IODEF message can be found at http://coopercain.com/incidents/index.htm |