Guidelines for Extensions to IODEF for Managed Incident Lightweight Exchange

Document Type Expired Internet-Draft (individual)
Last updated 2012-03-26 (latest revision 2011-09-21)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document provides extensions to Managed Incident Lightweight Exchange (MILE). MILE describes a subset of Incident Object Description Exchange Format (IODEF) defined in RFC 5070. The Data Markers extension is aimed at exchanging data tags or markers that label categories of information that have significance in the exchange of incident information. These data marker extension is aimed at exchanging data tags or markers that label information exchanged during incident handling. Data markers include sensitivity and data handling requirements that can prevent possible criminal errors in mismarking data. Both network and information security incidents typically result in the loss of service, data, and resources both human and system. Existing extensions to the IODEF- Document Class for Reporting Phishing [RFC 5901] have already been introduced for network security incidents. Data markers introduce extensions for information security incidents so that network providers and Computer Security Incident Response Teams (CSIRT) are equipped and ready to assist in communicating and tracing security incidents with tools and procedures in place before the occurrence of an attack. Data Markers also support Real-time Inter-network Defense (RID) [RFC 6045] that outlines a proactive inter-network communication method to facilitate sharing incident handling data while integrating existing detection, tracing, source identification, and mitigation mechanisms for a complete incident handling solution. Combining these capabilities in a communication system provides a way to achieve higher security levels on networks. Policy guidelines for handling incidents are recommended and can be agreed upon by a consortium using the security recommendations and considerations.


Katherine Goodier (
Damir Rajnovic (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)