Minutes for MILE at IETF-89
minutes-89-mile-2

======================================================================
MILE WG meeting notes
London, UK - March 7, 2014
======================================================================

Volunteers
  - Note takers: David Black, David Misell
  - Jabber scribe: David Waltermire

Notes are in addition to slides.

----------------------------------------------------------------------
I.      Welcome and Administrivia
----------------------------------------------------------------------
11:50   Welcome, Status, and Agenda Bash
   10m  Chairs (K. Moriarty, B. Trammell)
----------------------------------------------------------------------

Note Well

WG did not meet in Vancouver, progress on 5070bis draft on mailing list.
SCI draft is now in RFC Editor Queue.  Thank you to authors!

Complete change in WG leadership (!):
- Sean Turner (AD) is departing
        Many thanks to Sean with gift for his support of the mile WG
- Kathleen Moriarty (chair) is joining the IESG as Security AD.
        Kathleen is the new responsible AD for the mile WG.
- Brian Trammell (chair) is joining the IAB.

New AD for WG - Kathleen Moriarty
New WG chairs - Alexey Melnikov, Takeshi Takahashi
New WG secretary - David Waltermire

Welcome to all.

----------------------------------------------------------------------
II.     Current Working Group Drafts
----------------------------------------------------------------------
12:00   draft-ietf-mile-rfc5070-bis
   20m  R. Danyliw
----------------------------------------------------------------------

Draft is now at -06 version, lots of changes since Berlin meeting.
Slides contain comprehensive summary of changes.

Summary of incompatible v1 -> v2 changes.
  - result of the survey between the meetings was reported
  - the incompatible points are clarified

Review of open issues
  - See slide and issue tracker for remaining open issues.
  - comments on items discussed in meeting

Internationalization (issue #1):
  - Peter St Andre has volunteered to write text
  - David Black agrees to help out
Enumerated values (issue #3):
  - will be recorded in IANA registries.
Interaction of IANA registries with XML schema:
  - need advice
  - Alexey will help out
Related DNS (issue #39):
  - unclear on how to represent
  - there should be something that is better than comma-separated-values
  - Chris Inacio offers to help do something
        - Aaron Kaplan, working on similar issue in JSON, offers to help out.
New issue #46:
  - (not on slide)
  - add timestamp.

-- Proposals for specific issues

Indicator proposals
- Narrow: timestamps for when indicator is valid to all indicator attributes
        (addresses #28 only), OR
- Broad: Rethink indicator representation, put in new top level Indicator class,
        (addresses #14, #28, #41, #42).  This sorts out "incident data" vs.
        "indicator data" confusion.  This may have a significant impact on
        implementations, as indicators are current in EventData class.

Computer email and file hash discussion now has an issue in the tracker

Remaining untracked discussion - Is there any incident reporting data missing?

Does anyone have any other issues from mailing list not covered in slides?
        Not in room or on jabber.

New milestone for this draft to go to IESG
  - Late this year (around Hawaii)
        - Needs one more meeting cycle.

Kathleen Moriarty (now as Security AD): Please start doing reviews on this
draft.

Dave Misell: What's status of predicate logic discussion?
Aaron Kaplan: Have some fairly simple proposals on the list (AND/OR/NOT).
Expert imput/review is welcome. Kathleen Moriarty: There was a list comment
that some string functions would be useful (e.g., contains, starts-with,
ends-with). Chris Inacio: This is headed for regular expressions, should we
just go all the way there?

Aaron Kaplan: Please be careful, regular expression is quite a bit to expect in
CERT tools, as it invites someone sending in abusive regular expressions that
cause a lot of computation. At a minimum, limit recursive descent and
complexity in supported regular expressions.

Will take regular expression discussion to list.

----------------------------------------------------------------------
III.    Other Presentations
----------------------------------------------------------------------
12:20   draft-murillo-mile-cps-00
   15m  TBD for M. Murillo
----------------------------------------------------------------------

Presenter was not able to come to meeting, please look at draft and comment on
list.

----------------------------------------------------------------------
12:35   draft-daisuke-iodef-experiment
   15m  D. Miyamoto
----------------------------------------------------------------------

See slides.  This was very useful input!

Roman Danyliw: Thank you for very useful feedback!
- #3: Impact "type" - Need to be able to use local CERT types (e.g., JP-CERT).
- #7: Very active list discussion on SWID usage, no conclusion yet.
- #4: Need to support proxy server and web mailer options.

Brian Trammell: Sees problem in #1 with schema usage.
Roman Danyliw: Current XSD and examples checked with both xmllint and xmlspy.

Dave Waltermire: #2: Should we revise XSD to remove usage of hyphens.
--> Take issue to list.

Dave Waltermire: Apply Enumeration and ExtendedData classes here to pick up
data in software IDs.

----------------------------------------------------------------------
12:50   draft-moriarty-mile-implementreport
   5m  K. Moriarty
----------------------------------------------------------------------

Draft can continue to absorb additional submissions and edits.
Contributors welcome to revise their inputs, base on what others have sent in.
As a new AD, Kathleen cannot continue as draft editor.

New editors: Daisuke Miyamoto and Chris Inacio
  - All implementation-related draft should be incorporated into onw.
  - Material from draft-daisuke (previous item) will get incorporated into this
  draft.

----------------------------------------------------------------------
12:55   draft-schaad-mile-iodef-plasma
   15m  T. Freeman
----------------------------------------------------------------------

Explanation of the plasma, and similarity of IODEF and email.
See slides.

Four running implementations of PLASMA for email.

First draft is to takeing the process of plasma email.
There are other things we can do, such as plasma light, if we have interests to
continue.

Please take questions to list - interesting alternative approach to IODEF
security.

----------------------------------------------------------------------
13:10   MILE + JOSE
   10m  Karen O'Donoghue (presenting for Jim Schaad)
----------------------------------------------------------------------

(Karen presents, not Trevor as shown on posted adventure)

See slides, and there will be a PDF with detailed notes from Jim Schaad in the
meeting materials. Especially see them for canonicalization discussion.

Bottom line - Jim Schaad does not recommend JOSE for use by MILE.

-------------

Many thanks to everyone for coming down to the meeting room at the end of the
week.