Last Call Review of draft-ietf-mile-sci-09
review-ietf-mile-sci-09-secdir-lc-hoffman-2013-10-17-00

Request Review of draft-ietf-mile-sci
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-10-22
Requested 2013-10-10
Draft last updated 2013-10-17
Completed reviews Genart Last Call review of -09 by Alexey Melnikov (diff)
Genart Telechat review of -11 by Alexey Melnikov (diff)
Secdir Last Call review of -09 by Paul Hoffman (diff)
Assignment Reviewer Paul Hoffman
State Completed
Review review-ietf-mile-sci-09-secdir-lc-hoffman-2013-10-17
Reviewed rev. 09 (document currently at 13)
Review result Ready
Review completed: 2013-10-17

Review
review-ietf-mile-sci-09-secdir-lc-hoffman-2013-10-17

draft-ietf-mile-sci, "IODEF-extension for structured cybersecurity information", describes extensions to the IODEF format to describe "cybersecurity information" such as types of attacks, vulnerabilities, and so on. This extension allows systems exchanging IODEF information to use a more standardized way to describe these specific types of information in XML.

The security considerations section basically says "when you transport sensitive cybersecurity information, do so carefully" which is probably sufficient because there are already standardized ways of securely transporting IODEF items, particularly RID. Nothing in this document warrants more security than what is already being transported in IODEF messages today.

--Paul Hoffman