Minutes IETF99: mile
minutes-99-mile-01

Managed Incident Lightweight Exchange (MILE)
Monday, July 17, 2017 (Prague)
15:50-17:20
Room: Karlin III

Note takers: Roman Danyliw and David Waltermire
Jabber scribe: Chris Inacio

Chairs Summary
==============
presenters: Nancy Cam-Winget and Takeshi Takahashi
slides:
https://www.ietf.org/proceedings/99/slides/slides-99-mile-status-update-01.pdf

The chairs provided a status update on the milestones and drafts of the WG.

Rolie draft status
==================
drafts: draft-ietf-mile-rolie-07
        draft-banghart-mile-rolie-csirt-01
presenters: David Waltermire and Stephen Banghart
slides:
https://www.ietf.org/proceedings/99/slides/slides-99-mile-rolie-draft-00.pdf

Banghart summarized the changes based on WGLC feedback in
draft-ietf-mile-rolie-07. (slide #2) Banghart summarized the changes additional
feedback (after the WGLC period) in draft-ietf-mile-rolie-08. (slide #3)

Q: (Banghart): To WG/chairs, what are the next steps?
A: (Cam-Winget): Most substaintial comments came through WGLC.  Next the AD
should review. A: (Moriarty): Just do the shepherd writeup and then I will do
my AD review, and then send it forward for IETF/IESG review

Q: (Jordan): I'd like to better understand the direction of ROILE.  As the
chair of TAXII, I'd like see convergence. A: (Moriarty): These are different
transport protocols making convergence difficult/interoperable. A: (Jordan):
I'd like to see how we can help product managers with adoption. There aren't
multiple transports in v2. A: (Moriarty): Perhaps the WG could have an updated
on TAXII 2.0 A: (Waltermire): We'd like to see ROILE used as a transport for
STIX.  ROILE uses ATOM syndication/pub; and TAXII uses JSON.  ATOM has the
flexibility to request feeds in formats other than XML. A: (Cam-Winget): I'd
like to hear an updated on the status of TAXII v2 to understand the overlap. 
This would let the WG define the gaps. A: (Banghart): The JSON updated to ATOM
pub is something that would be useful beyond MILE. A: (Jordan): If we wanted to
investigate CBOR for STIX or TAXII we can work on that. A: (Cam-Winget): First
order of business is for this WG to understand TAXII v2.  We can do this at an
interim meeting.

Poll: (Cam-Winget): Hum to signal interest in understanding the links between
ROILE and TAXII WG: Signals interest Comment: (Cam-Winget): I'll take the
action to setup a time to discuss this issue with the WG. Comment: (Jordan): As
as vendor, I'd like to see JSON in ROILE.  XML is not in the development stack
of many vendors. Comment: (Cam-Winget) to (Banghart): We (chairs) will want you
to lead a conversation about ROLIE JSON when the time comes.

Q: (Banghart): To WG/chairs, I'd like WG adoption on this draft.
A: (Cam-Winget): Who's read this document?
WG: very few.
A: (Cam-Winget): We need more reviewers.  Any volunteers?
Volunteers: Chris and Frank will review.
A: (Cam-Winget): I'll send a note to the mailing list asking for reviewers

TDOD: Assign Chris I and Frank as reviewers.
TODO: Cam-Winget will send an email asking for more reviews

Banghart summarized activity during the Hackathon.  The activity included:
    - serving SWID tags and vulnerability bulletins used by other SACM
    components in the Hackathon - Also used ROILE to extract and serve OVAL
    content - Rolie worked well for these applications; no problems were found
    with the specification

XMPP draft status
=================
draft: draft-ietf-mile-xmpp-grid-03
presenter: Nancy Cam-Winget
slides:
https://www.ietf.org/proceedings/99/slides/slides-99-mile-xmpp-draft-00.pdf

Cam-Winget summarized the current status of draft-ietf-mile-xmpp-grid-03, a
major rewrite. Comment: (Cam-Winget) Due to the large number of changes, the
draft needs another WGLC

TODO: Takahashi will start a new WGLC on the draft after this meeting ends.

Cam-Winget also summarized work during the Hackathon on XMPP-Grid.
  - Showed use of I2NSF with XMPP-Grid to share topology and session information
  - Showed inter-op of Cisco and Huawei switches

guidance draft status
=====================
draft: draft-ietf-mile-iodef-guidance-10
presenter: Mio Suzuki
slides:
https://www.ietf.org/proceedings/99/slides/slides-99-mile-iodef-guidance-00.pdf

Suzuki summarized the current status of draft-ietf-mile-iodef-guidance-10.

Q: (Suzuki) Is this draft ready to send to Kathleen/IESG for publication?
A: (Cam-Winget) Yes, we will do the Shepherd writeup and send it to Kathleen
for review.

Some comments on the IODEFv2 schema
===================================
presenter: Takeshi Takahashi
slides:
https://www.ietf.org/proceedings/99/slides/slides-99-mile-comments-on-the-iodefv2-schema-01.pdf

Takahashi summarized recent experience using the IODEF v2 schema.

Q: (Takahashi) Can we remove the space in the schemaLocation of the IODEF
schema? A: (Moriarty) I will approve this, we need to make sure the schema in
the draft is corrected as well. Q: (Danyliw): The spacing in the XSD can be
fixed easily in the registry.  Will there be a line-wrapping issue to correct
that in the draft?

Further errors were introduced by Takahashi.

A: (Cam-Winget/Moriarity) An errata is going to be needed for this.
A: (Takahashi) I will send these information to the mailing list and to confirm
the changes. A: (Kathleen) Based on the discussion on the mailing list, I'll
approve the changes.

The need for Json representation of IODEF was asked by Takahashi
The chair (Cam-Winget) has initiated the hum call to check whether the WG is
intereted in this work. The hum seems to be in favor of this work.

Related discussion in TLS v1.3
============================

Moriarty updated the WG on current discussions in the TLS WG.  In TLS v1.3,
there is perfect forward secrecy removing the capability of enterprises that
use static keys to inspect traffic.