Minutes for MILE at IETF-94
minutes-94-mile-2

MILE: Managed Incident Lightweight Exchange

Date:  Monday, November 2, 2015 - 1300-1500
Responsible AD: Kathleen Moriarty
Chairs: Alexey Melinkov and Takeshi Takahashi
Secretary: David Waltermire
Jabber scribe: Chris Inacio
Venue: Room 413 at Pacifico Yokohama
Number of Attendees (including remote participants): around 40


############################################################
The Incident Object Description Exchange Format v2
(draft-ietf-mile-rfc5070-bis-15),
Roman Danyliw, 20 min
############################################################

* ask for more editorial review
* interest in changing schema for ordering issues?
    + Dave Waltermire - is there a requirement for strict ordering
        * roman - no
    + chair - how much work is it to change schema?
        * bunch of textual replace, but not too complicated
    + will put it on the list, but not a lot of excitement
    + kathleen Moriarty - was it an implementer?
        * roman - it was from a reviewer

* DNS as extension / included
    + no push to have it included, expected as extension
    + Chris Inacio will help

* Dave W
    + working on complete review of draft
    + won't get review done in time for WGLC
    + chair - finish this week?
        * Dave W - will finish review this week


############################################################
Differences between IODEF and IDEA
(presentation slides only),
Tomas Cejka, 20 min
############################################################

* Asking for readers / reviewers, most important is section 2
* Examples taken from v14 of IODef v2 draft
* Also has notes about CESNET thoughts about JSON implementation

* Source has to be an address / net resource
        + always a target that can be blocked / mitigated

* Linda Dunbar - examples VIII
    + Does that mean that source = byte count
        * no, shortened example, each source can have its own counter


* Bob Moscowitz -
    + Is this the "first mile"; reporting off of device (e.g. firewall)
for reporting?
    + It's really interesting, but the draft is backwards in its
construction; present IDEA first, then relate it to IODef

* Daisuke Miyamoto -
    + IDEA is machine readable
    + IODef is human readable, but IODef is machine readable too
        * IDEA is easier for algorithmic processing, information elements
can only exist in one place
        * IODef allows free form text in places
        * IODef allows recursion in its definition - harder to process
    + Does JSON representation of IODef help the group?

    + how does this compare to the n6 system?
        * comparison not done yet


############################################################
IODEF Usage Guidance
draft-ietf-mile-iodef-guidance-04
Mio Suzuki, 10 min
############################################################

* chair - what's the scope
    + IODef only? JSON?
        * IODef only;
    + could review other drafts, e.g. phishing, and find more mistakes and
share with Roman
        * okay
    + when do you think draft will be ready?
        * no idea, but we hope to finalize this work as soon as possible.


############################################################
MILE Implementation Report and its related activities
(draft-ietf-mile-implementreport-06)
Daisuke Miyamoto, 10 min
############################################################

* chair - ROLIE PoC, in scope / out of scope?
    * in current state, not sure?
    * would be good to include, but draft almost done, and ROLIE might
not be far enough

* chair - do you want WGLC?
    * want last call at next IETF
    * better to have new IODef published and then this is published



############################################################
XMPP Protocol Extensions for Use with IODEF
(draft-appala-mile-xmpp-grid-00),
Nancy Cam-Winget, 15 min
############################################################

* chris I - what does IODef add to XMPP-Grid?
    + (Nancy, Joe Saloway, Kathleen) adds federation and external exchange
of threat / incident information between organizations

* Chair - AD wants XMPP-Grid moved to MILE from SACM
    + amend charter conversation later



############################################################
Resource-Oriented Lightweight Indicator Exchange
(draft-ietf-mile-rolie-00.txt),
John P. Field, 10 min
############################################################



* chair - what should we do with this draft?
    + no responses

* kathleen M (no ad hat on) - I'm curious if implementers of RESTful
interfaces in this space have interest in ROLIE.  Lots of products for
exchanging incident and indicator information support REST, but haven't
done it in a standardized way.
    + no response

* chair - are you trying to have a std based draft or informational? (lots
of MUST & SHOULD)
    + just from architecure hat in order to have an interoperable set of
solutions
    + informational is okay, but std would be good too


### Kaoru Maeda - ROLIE example implementation

############################################################
PoC Implementation of Mile-Rolie-00
(presentation slides only),
Kaoru Maeda, 10 min
############################################################

Presentation on the ROLIE PoC implementaion was done.
It verified the feasibility of the technique described in the ROLIE draft.


############################################################
Discussion on JSON based IODef
############################################################

* chair - people want JSON based IODef?
    + IODef JSON definition
    + IDEA as JSON

    + Roman IODef and extensions define a data model
        * option 1 - reimplement those data models in JSON
        * option 2 - implement a subset of the data model (e.g. IDEA)
        * option 3 - implement a similar model (e.g. IDEA) in JSON

* IDEA implements some features not in IODef
    + chairs - send those to list

* general sentiment is that people DO NOT want option 3

* chairs - who wants to work on JSON mappings?
    + Tomas is interested / willing
    + Takeshi is interested, but scope isn't defined enough to committ

* waltermire - who is going to implement the JSON version
    + chair - included on who is willing to work on it
    + takeshi - we don't have good IODef v2 XML implementations, hopefully
we would get more in JSON, maybe
    + roman - it seems like IDEA seems like the idea of a profile of IODef
(a subset) for a more specific purpose
    + bob - like the idea of profiles