Skip to main content

The Intrusion Detection Message Exchange Format (IDMEF)
RFC 4765

Discuss


Yes

(Sam Hartman)
(Steven Bellovin)

No Objection

(Alex Zinin)
(Bert Wijnen)
(Bill Fenner)
(David Kessens)
(Jeffrey Schiller)
(Patrik Fältström)
(Russ Housley)
(Thomas Narten)

Note: This ballot was opened for revision 16 and is now closed.

Randy Bush Former IESG member
Discuss
Discuss [Treat as non-blocking comment] (2005-08-18)
Dicuss comment transferred from old ballot:

needs to separate into at least two docs, the xml and transport model 
and the particular application

 xml-dir review comment

 1) There is too much description and teaching about XML and UML. The 
 document should merely reference the XML and UML standards and explain 
 the restrictions and/or extensions to those specs in the definition of 
 IDMEF.

 2) Section 3.3.4 mentions XML Schema and how they would one day use it. 
 Well, it has been out for awhile, so why aren't they? If they 
 switched from DTD's to XML Schema, they could probably get rid of half 
 of the data type sections (3.4.1 to 3.4.6) and their entire need for UML.
Scott Bradner Former IESG member
Discuss
Discuss [Treat as non-blocking comment] (2005-08-18)
Discuss transferred from old ballot:

note:
      I would have thought that there should eb an IANA considerations
      section that at least points to sec 5 on how extensions
      can get made but also, I would have thought that sec 5 would
      have included what IETF proocesses (see RFC 2434) should
      be used to extend teh protocol

      I'm sensitive to this because we are getting a pile of
      requests to extend IETF protools (MPLS, RSVP etc) of
      late and we did not have any -must be extened within the
      ietf only- IANA mesage so we are being asked to OK
      some messy extensions - it woudl be good to cut this off at the
      pass and include such restrictions in new docs
Ned Freed Former IESG member
Yes
Yes (2005-08-18)
Comment transferred from old ballot:
>To: Randy Bush <randy@psg.com>

> discuss

> ...

> 2) Section 3.3.4 mentions XML Schema and how they would one day use it.
> Well, it has been out for awhile, so why aren't they? If they
> switched from DTD's to XML Schema, they could probably get rid of half
> of the data type sections (3.4.1 to 3.4.6) and their entire need for UML.

This isssue is discussed in section 4.7 of
draft-hollenbeck-ietf-xml-guidelines-07.txt, recently approved as a BCP. 
This section makes it clear that either a DTD or a Schema based approach 
is permissible; neither one is inherently better than the other:

     The choice of tool depends on the needs for extensibility or for a 
     formal language and mechanism for constraining permissible values 
     and validating adherence to the constraints.

I read this as saying that unless a case can be made that these needs 
aren't met by the chosen mechanism we should not be insisting they make a 
different choice.
Sam Hartman Former IESG member
Yes
Yes ()

                            
Steven Bellovin Former IESG member
Yes
Yes ()

                            
Alex Zinin Former IESG member
No Objection
No Objection ()

                            
Allison Mankin Former IESG member
(was Yes) No Objection
No Objection (2006-03-02)
It would be helpful to have boilerplate about this not being
a standard.
Bert Wijnen Former IESG member
(was Discuss, No Objection) No Objection
No Objection ()

                            
Bill Fenner Former IESG member
No Objection
No Objection ()

                            
Brian Carpenter Former IESG member
(was No Record, No Objection) No Objection
No Objection (2006-03-02)
I'm probably a No Objection on this to avoid delay, but
I note that there is nothing to tell the reader how
its success or failure as an Experimental spec will
be evaluated. Experimental does not mean de facto standard!
David Kessens Former IESG member
No Objection
No Objection ()

                            
Jeffrey Schiller Former IESG member
No Objection
No Objection ()

                            
Patrik Fältström Former IESG member
No Objection
No Objection ()

                            
Russ Housley Former IESG member
No Objection
No Objection ()

                            
Scott Hollenbeck Former IESG member
No Objection
No Objection (2006-02-27)
If the XML Schema were normative I'd enter this as a discuss.  Since it's not, though, a comment will suffice.

XML namespaces minted in the IETF should be registered with IANA as described in RFC 3688.  This document uses an IANA URL to identify the namespace.

There's also some redundancy in the schema.  I see an empty derivation by restriction, for example:

<xsd:simpleType name="mime-type">
  <xsd:restriction base="xsd:string">
  </xsd:restriction>
</xsd:simpleType>

Any place this type is referenced, xsd:string can be used instead since there's no actual restriction included in this definition.  What they've done with the above is create an alias for the Schema "string" type, which can make things confusing to understand.
Thomas Narten Former IESG member
No Objection
No Objection ()