Enumeration Reference Format for the Incident Object Description Exchange Format (IODEF)
RFC 7495
Internet Engineering Task Force (IETF) A. Montville
Request for Comments: 7495 CIS
Category: Standards Track D. Black
ISSN: 2070-1721 EMC
March 2015
Enumeration Reference Format
for the Incident Object Description Exchange Format (IODEF)
Abstract
The Incident Object Description Exchange Format (IODEF) is an XML
data representation framework for sharing information about computer
security incidents. In IODEF, the Reference class provides
references to externally specified information such as a
vulnerability, Intrusion Detection System (IDS) alert, malware
sample, advisory, or attack technique. In practice, these references
are based on external enumeration specifications that define both the
enumeration format and the specific enumeration values, but the IODEF
Reference class (as specified in IODEF v1 in RFC 5070) does not
indicate how to include both of these important pieces of
information.
This document establishes a stand-alone data format to include both
the external specification and specific enumeration identification
value, and establishes an IANA registry to manage external
enumeration specifications. While this document does not update
IODEF v1, this enumeration reference format is used in IODEF v2 and
is applicable to other formats that support this class of enumeration
references.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7495.
Montville & Black Standards Track [Page 1]
RFC 7495 IODEF Enumeration Reference Format March 2015
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
1.1. Terminology ................................................3
2. Referencing External Enumerations ...............................3
2.1. Reference Name Format ......................................4
2.2. Reference Method Applicability .............................5
3. Security Considerations .........................................5
4. IANA Considerations .............................................6
5. The ReferenceName Schema ........................................8
6. References ......................................................9
6.1. Normative References .......................................9
6.2. Informative References .....................................9
Acknowledgements ..................................................10
Authors' Addresses ................................................10
Montville & Black Standards Track [Page 2]
RFC 7495 IODEF Enumeration Reference Format March 2015
1. Introduction
There is an identified need to specify a format to include relevant
enumeration values from other data representation formats in an IODEF
document. It is anticipated that this requirement will exist in
other standardization efforts within several IETF Working Groups, but
the scope of this document pertains solely to IODEF. This format is
used in IODEF v2 [IODEFv2], which will replace the original IODEF v1
[IODEF] specification; this document does not specify use of this
format in IODEF v1 [IODEF].
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Referencing External Enumerations
Show full document text