Enumeration Reference Format for the Incident Object Description Exchange Format (IODEF)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, mile mailing list <email@example.com>, mile chair <firstname.lastname@example.org> Subject: Protocol Action: 'IODEF Enumeration Reference Format' to Proposed Standard (draft-ietf-mile-enum-reference-format-14.txt) The IESG has approved the following document: - 'IODEF Enumeration Reference Format' (draft-ietf-mile-enum-reference-format-14.txt) as Proposed Standard This document is the product of the Managed Incident Lightweight Exchange Working Group. The IESG contact persons are Kathleen Moriarty and Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-mile-enum-reference-format/
Technical Summary The Incident Object Description Exchange Format (IODEF) is an XML data representation framework for sharing information about computer security incidents. In IODEF, the Reference class provides references to externally specified information such as a vulnerability, IDS alert, malware sample, advisory, or attack technique. In practice, these references are based on external enumeration specifications that define both the enumeration format and the specific enumeration values, but the IODEF Reference class (as specified in IODEF v1 in RFC 5070) does not indicate how to include both of these important pieces of information. This memo establishes a stand-alone data format to include both the external specification and specific enumeration identification value, and establishes an IANA registry to manage external enumeration specifications. While this memo does not update IODEV v1, this enumeration reference format is used in IODEF v2 and is applicable to other formats that support this class of enumeration references. Working Group Summary This update is straightforward, and there was no difficulty coming to consensus on all points. The document received extensive review by the MILE working group since its first draft (published on September 1, 2012). The format of the identifier has been discussed and revised. Consequently, the structure of IANA registry has also been revised over time. All the discussion comments were reflected to the current version of the draft. The draft has completed WGLC and represents the consensus of the WG with no controversy. We believe the working group is solidly behind this. Document Quality The draft is pretty straightforward way of including references for existing enumeration formats, like CVE in a consistent way within an IODEF report and has received adequate review by the working group. Expert review has been requested and provided from the AppsDir with a focus on the XML schema changes. Personnel The document shepherd is David Waltermire. The responsible Area Director is Kathleen Moriarty. The document creates an IANA registry for identifiers to be referenced from IODEFF's Reference class subject to expert review and specification required. IANA Note 'The registries use the 5226 'Specification Required' with expert review registration policy.