Enumeration Reference Format for the Incident Object Description Exchange Format (IODEF)
draft-ietf-mile-enum-reference-format-14
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2015-03-25
|
14 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2015-03-20
|
14 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2015-03-04
|
14 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2015-03-04
|
14 | (System) | RFC Editor state changed to RFC-EDITOR from IANA |
2015-03-04
|
14 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2015-03-02
|
14 | (System) | RFC Editor state changed to IANA from EDIT |
2015-02-24
|
14 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2015-02-24
|
14 | (System) | IANA Action state changed to In Progress from On Hold |
2015-02-11
|
14 | (System) | IANA Action state changed to On Hold from In Progress |
2015-02-03
|
14 | Cindy Morgan | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2015-02-03
|
14 | (System) | RFC Editor state changed to EDIT |
2015-02-03
|
14 | (System) | Announcement was received by RFC Editor |
2015-02-02
|
14 | (System) | IANA Action state changed to In Progress |
2015-02-02
|
14 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup |
2015-02-02
|
14 | Cindy Morgan | IESG has approved the document |
2015-02-02
|
14 | Cindy Morgan | Closed "Approve" ballot |
2015-02-02
|
14 | Cindy Morgan | Ballot approval text was generated |
2015-01-30
|
14 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-14.txt |
2015-01-14
|
13 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2015-01-14
|
13 | Adam Montville | IANA Review state changed to Version Changed - Review Needed from IANA - Not OK |
2015-01-14
|
13 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-13.txt |
2015-01-08
|
12 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from Waiting for AD Go-Ahead::Revised I-D Needed |
2015-01-07
|
12 | Joel Jaeggli | [Ballot comment] opsdir review looked fine |
2015-01-07
|
12 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2015-01-07
|
12 | Ted Lemon | [Ballot comment] This looks a bit random: The aggregate classes that constitute ReferenceName: ID One. ID. Name … [Ballot comment] This looks a bit random: The aggregate classes that constitute ReferenceName: ID One. ID. Name of the reference. I see that it's analogous to similar statements in RFC 5070, but it would be nice if you wrote it out less tersely. As written it looks like a mistake--like something got left out when the document was rendered. |
2015-01-07
|
12 | Ted Lemon | [Ballot Position Update] New position, No Objection, has been recorded for Ted Lemon |
2015-01-07
|
12 | Richard Barnes | [Ballot Position Update] New position, No Objection, has been recorded for Richard Barnes |
2015-01-07
|
12 | Cindy Morgan | Changed consensus to Yes from Unknown |
2015-01-07
|
12 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2015-01-07
|
12 | Alia Atlas | IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for AD Go-Ahead |
2015-01-07
|
12 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2015-01-07
|
12 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2015-01-06
|
12 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick |
2015-01-05
|
12 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2015-01-05
|
12 | Kathleen Moriarty | Ballot writeup was changed |
2015-01-05
|
12 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2015-01-05
|
12 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2015-01-04
|
12 | Barry Leiba | [Ballot comment] None of these comments are highly important, and none are meant to block the document. Please consider these and discuss them with me … [Ballot comment] None of these comments are highly important, and none are meant to block the document. Please consider these and discuss them with me if you think it's appropriate... but I'll leave it to the authors/shepherd/working group/AD to decide whether to make any changes. Thanks. I'm not happy with the 2119 "SHOULD"s in the Security Considerations. None of them appear to be protocol-related: they're all sound advice, and such advice should definitely be given, but it would fit better with both 2119 and reasonable understanding if these were just put in terms of sage advice with reasons and consequences given (which you are giving; thanks). In particular, "producers ... SHOULD be careful to ensure ..." is certainly not in compliance with 2119; I'd say "It is very important that producers of IODEF [IODEF] content ensure a proper mapping...." I'm not sure what "SHOULD be preferred" even means, so I think fixing this one is important. If what you mean is that if is receiving enumeration reference IDs and has a choice between a trusted source and an untrusted one, it should use the trusted source, then please say it that way, and don't use passive voice. Similarly, "trust SHOULD extend from... to...": this would be far better if we got rid of the passive voice and said that it's highly recommended that use third parties for which there is a trust relationship . In the IANA Considerations... I note that you have ABNF grammar to define "abbreviation", and presume that grammar is for the designated expert's use, and not really aimed at IANA. That's fine (just see below). Version: The version of the enumeration (i.e. the referenced specification) as a free-form string from the printable ASCII character set excepting white space. It might be good, I think, to have ABNF here as well, also for the designated expert... lest some DE in the future wonder which characters are part of "the printable ASCII character set" and which are "white space". Thank you for giving good instructions to the DE; that's important. I would lost the "MUST", and just say that the designated expert will review any specification that is associated with the request. Again, this isn't a protocol interop issue, which is what 2119 language is generally for. |
2015-01-04
|
12 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2015-01-02
|
12 | Kathleen Moriarty | Notification list changed to mile-chairs@tools.ietf.org, draft-ietf-mile-enum-reference-format@tools.ietf.org, mile@ietf.org from mile-chairs@tools.ietf.org, draft-ietf-mile-enum-reference-format@tools.ietf.org |
2015-01-02
|
12 | Stephen Farrell | [Ballot comment] These are nits only, feel free to ignore entirely or fix as you prefer. - The write-up says that this updates 5070 but … [Ballot comment] These are nits only, feel free to ignore entirely or fix as you prefer. - The write-up says that this updates 5070 but the abstract says it does not. I'm fine either way but it's a little confusing. (That is, I agree with Adrian.) - Maybe expand IDS in abstract - Maybe expand CVE, CCE etc too - "readily apparent" makes me think I'm reading a patent, and thus slightly less happy:-) - I don't know what "trust SHOULD extend" might mean (but it's harmlessly ok I think) - I was surprised you didn't at least include the CVE as an initial registration. |
2015-01-02
|
12 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell |
2014-12-30
|
12 | (System) | IANA Review state changed to IANA - Not OK from Version Changed - Review Needed |
2014-12-29
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Tom Taylor |
2014-12-29
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Tom Taylor |
2014-12-29
|
12 | Spencer Dawkins | [Ballot comment] In 3 Security Considerations Producers of IODEF [IODEF] content SHOULD be careful to ensure a proper mapping … [Ballot comment] In 3 Security Considerations Producers of IODEF [IODEF] content SHOULD be careful to ensure a proper mapping of enumeration reference ID elements to the correct SpecIndex. Potential consequences of not mapping correctly include inaccurate information references and similar distribution of misinformation. I'm not understanding why SHOULD is appropriate. When would a producer not ensure a proper mapping? ("SHOULD be careful to" seems like "SHOULD" would be appropriate, but I'll leave that up to you) |
2014-12-29
|
12 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2014-12-28
|
12 | Adrian Farrel | [Ballot comment] I have read and re-read the Abstract, Introduction, and shepherd write-up. I think the Abstract gives the false impression that this extension is … [Ballot comment] I have read and re-read the Abstract, Introduction, and shepherd write-up. I think the Abstract gives the false impression that this extension is not to be used with IODEF v1. I believe it is your intention that this feature should become selectively available in enhanced v1 implementations. The confusion arises because of: While this memo does not update IODEV v1, this enumeration reference format is used in IODEF v2 and is applicable to other formats that support this class of enumeration references. This sounds like, but does not say, the format is not to be used with v1 deployments. (NB "IODEV"???) I think you need: While this memo does not update IODEF v1 because it is not necessary for IODEF v1 implementations to support the enumeration reference format, new or upgraded IODEF v1 implementation may include support for the format. Furthermore, the enumeration reference format is used in IODEF v2 and is applicable to other formats that support this class of enumeration references. This also (I think) helps explain why this is a stand-alone document and not part of the 5070bis document. |
2014-12-28
|
12 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
2014-12-24
|
12 | Kathleen Moriarty | Ballot has been issued |
2014-12-24
|
12 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2014-12-24
|
12 | Kathleen Moriarty | Created "Approve" ballot |
2014-12-24
|
12 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-12.txt |
2014-12-19
|
11 | Adam Montville | IANA Review state changed to Version Changed - Review Needed from IANA - Not OK |
2014-12-19
|
11 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-11.txt |
2014-12-17
|
10 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Has Issues. Reviewer: Stefan Winter. |
2014-12-16
|
10 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2014-12-11
|
10 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Dacheng Zhang. |
2014-12-10
|
10 | (System) | IANA Review state changed to IANA - Not OK from IANA - Review Needed |
2014-12-10
|
10 | Amanda Baber | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-mile-enum-reference-format-10. Please report any inaccuracies and respond to any questions as soon as possible. IANA's reviewer has the following comments, … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-mile-enum-reference-format-10. Please report any inaccuracies and respond to any questions as soon as possible. IANA's reviewer has the following comments, along with two questions: IANA has a question about the request in the IANA Considerations section of this document. IANA understands that, upon approval of this document, there is a single action which IANA must complete. IANA is to create a new registry called the Enumeration Reference Type Identifiers registry. The new registry will consist of the following fields: Full Name: The full name of the enumeration as a string from the printable ASCII character set. Abbreviation: An abbreviation may be an acronym - it consists of upper-case characters (at least two, upper-case is used to avoid mismatches due to case differences), as specified by this ABNF [RFC5234] syntax: ABBREVIATION = 2*UC-ALPHA ; At least two UC-ALPHA = %x41-5A ; A-Z Multiple registrations MAY use the same Abbreviation but MUST have different Versions. SpecIndex: This is an IANA-assigned positive integer that identifies the registration. The first entry added to this registry uses the value 1, and this value is incremented for each subsequent entry added to the registry. Version: The version of the enumeration (i.e. the referenced specification) as a free-form string from the printable ASCII character set excepting white space. Specification URI: A list of one or more URIs [RFC3986] from which the registered specification can be obtained. The registered specification MUST be readily and publicly available from that URI. The URI SHOULD be a stable reference to a specific version of the specification. URIs that designate the latest version of a specification (which changes when a new version appears) SHOULD NOT be used. IANA QUESTION --> Typically, a reference for registrations is included as one of the fields in a new registry. This field generally points to an RFC/I-D, the person who made the request, or a standards organization. Do you want a separate field for this, or would you prefer that the registry not include this information? Alternatively, would it be appropriate to label the field "Specification URI/Reference" and allow both URIs and other references there? IANA understands that there are no initial registrations in the new registry. The new registry is to be managed through Specification Required as defined by RFC 5226. IANA QUESTION -> Where should this new registry be located? Should it be placed at an existing URL? If not, does it belong in an existing category at http://www.iana.org/protocols, or a new one? If you'd like us to create a new webpage and/or a new category, please provide the titles of each. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. |
2014-12-09
|
10 | Kathleen Moriarty | Placed on agenda for telechat - 2015-01-08 |
2014-12-05
|
10 | Jean Mahoney | Request for Last Call review by GENART is assigned to Tom Taylor |
2014-12-05
|
10 | Jean Mahoney | Request for Last Call review by GENART is assigned to Tom Taylor |
2014-12-04
|
10 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Dacheng Zhang |
2014-12-04
|
10 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Dacheng Zhang |
2014-12-04
|
10 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Stefan Winter |
2014-12-04
|
10 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Stefan Winter |
2014-12-02
|
10 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2014-12-02
|
10 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (IODEF Enumeration Reference Format) to … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (IODEF Enumeration Reference Format) to Proposed Standard The IESG has received a request from the Managed Incident Lightweight Exchange WG (mile) to consider the following document: - 'IODEF Enumeration Reference Format' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2014-12-16. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Incident Object Description Exchange Format (IODEF) is an XML data representation framework for sharing information about computer security incidents. In IODEF, the Reference class provides references to externally specified information such as a vulnerability, IDS alert, malware sample, advisory, or attack technique. In practice, these references are based on external enumeration specifications that define both the enumeration format and the specific enumeration values, but the IODEF Reference class (as specified in RFC 5070) does not indicate how to include both of these important pieces of information. This memo establishes a stand-alone data format to include both the external specification and specific enumeration value, and establishes an IANA registry to manage external enumeration specifications. While this memo does not update IODEF, it provides the ability for future revisions of IODEF to leverage the ReferenceName class herein described. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-mile-enum-reference-format/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-mile-enum-reference-format/ballot/ No IPR declarations have been submitted directly on this I-D. |
2014-12-02
|
10 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2014-12-02
|
10 | Amy Vezza | Last call announcement was changed |
2014-12-01
|
10 | Kathleen Moriarty | Last call was requested |
2014-12-01
|
10 | Kathleen Moriarty | Ballot approval text was generated |
2014-12-01
|
10 | Kathleen Moriarty | IESG state changed to Last Call Requested from AD Evaluation |
2014-12-01
|
10 | Kathleen Moriarty | Last call announcement was generated |
2014-11-25
|
10 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-10.txt |
2014-11-05
|
09 | Kathleen Moriarty | Ballot writeup was changed |
2014-11-05
|
09 | Kathleen Moriarty | Ballot writeup was changed |
2014-11-05
|
09 | Kathleen Moriarty | Ballot writeup was changed |
2014-10-27
|
09 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-09.txt |
2014-09-06
|
08 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-08.txt |
2014-07-23
|
07 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-07.txt |
2014-07-01
|
06 | Kathleen Moriarty | IESG state changed to AD Evaluation from Publication Requested |
2014-07-01
|
06 | Kathleen Moriarty | Ballot writeup was changed |
2014-07-01
|
06 | Kathleen Moriarty | Ballot writeup was changed |
2014-07-01
|
06 | Kathleen Moriarty | Ballot writeup was generated |
2014-06-23
|
06 | Cindy Morgan | IESG process started in state Publication Requested |
2014-06-23
|
06 | (System) | Earlier history may be found in the Comment Log for /doc/draft-montville-mile-enum-reference-format/ |
2014-06-23
|
06 | Cindy Morgan | Working group state set to Submitted to IESG for Publication |
2014-06-23
|
06 | Cindy Morgan | 1. Summary The document shepherd is David Waltermire. The responsible Area Director is Kathleen Moriarty. The Incident Object Description Exchange Format (IODEF) provides a Reference … 1. Summary The document shepherd is David Waltermire. The responsible Area Director is Kathleen Moriarty. The Incident Object Description Exchange Format (IODEF) provides a Reference class used to reference external entities (such as enumeration identifiers). However, the method of external entity identification has been left unstructured. This document describes a method to provide structure for referencing external entities for the IODEF Reference class and thus updates IODEF's ReferenceName. It defines an IANA registry that lists the identifiers of enumeration reference types that can be referenced from the Reference class. This is an important update to the base spec and it defines a format extension, so Proposed Standard is suitable. The working group is quite sure that this will be a useful Standards Track update to RFC5070. 2. Review and Consensus This update is straightforward, and there was no difficulty coming to consensus on all points. The document received extensive review by the MILE working group since its first draft (published on September 1, 2012). The format of the identifier has been discussed and revised. Consequently, the structure of IANA registry has also been revised over time. All the discussion comments were reflected to the current version of the draft. The draft has completed WGLC and represents the consensus of the WG with no controversy. We believe the working group is solidly behind this. Expert review has been requested from the AppsDir to review the document, with a focus on the XML schema changes. 3. Intellectual Property Each author has confirmed conformance with BCP 78/79. There are no IPR issues so long as we can recognize. 4. Other Points The document creates an IANA registry for identifiers to be referenced from IODEFF's Reference class subject to expert review and specification required. |
2014-06-23
|
06 | Cindy Morgan | Changed document writeup |
2014-06-20
|
06 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-06.txt |
2014-05-29
|
05 | Takeshi Takahashi | Document shepherd changed to David Waltermire |
2014-05-27
|
05 | Takeshi Takahashi | Document shepherd changed to (None) |
2014-05-27
|
05 | Takeshi Takahashi | Based on the last call, conducted in May 8-26, the authors have already published revised draft (draft-ietf-mile-enum-reference-format-05.txt). The draft has reflected all the … Based on the last call, conducted in May 8-26, the authors have already published revised draft (draft-ietf-mile-enum-reference-format-05.txt). The draft has reflected all the comments discussed during the last call period. |
2014-05-27
|
05 | Takeshi Takahashi | Tag Revised I-D Needed - Issue raised by WG cleared. |
2014-05-27
|
05 | Takeshi Takahashi | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2014-05-27
|
05 | Takeshi Takahashi | The last call was initiated on May 8, 2014 and was ended on May 26, 2014. |
2014-05-27
|
05 | Takeshi Takahashi | Tag Revised I-D Needed - Issue raised by WG set. |
2014-05-27
|
05 | Takeshi Takahashi | IETF WG state changed to In WG Last Call from WG Document |
2014-05-27
|
05 | Takeshi Takahashi | Intended Status changed to Proposed Standard from None |
2014-05-27
|
05 | Takeshi Takahashi | Document shepherd changed to David Waltermire |
2014-05-27
|
05 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-05.txt |
2014-05-07
|
04 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-04.txt |
2014-03-07
|
03 | Brian Trammell | Document shepherd changed to (None) |
2013-11-07
|
03 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-03.txt |
2013-11-06
|
02 | Brian Trammell | Set of documents this document replaces changed to draft-montville-mile-enum-reference-format from None |
2013-11-04
|
02 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-02.txt |
2013-07-30
|
01 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-01.txt |
2013-07-26
|
00 | Brian Trammell | Document shepherd changed to Brian Trammell |
2013-07-15
|
00 | Adam Montville | New version available: draft-ietf-mile-enum-reference-format-00.txt |