Managed Incident Lightweight Exchange (MILE)

Thursday, November 16, 2017 (Singapore) 18:10-19:10
Room: Olivia

Chairs and Secretary: Nancy Cam-Windget, Takeshi Takahashi, David Waltermire
Note takers: David Waltermire and Roman Danyliw
Jabber scribe: Adam Montville

-----------------------------------

WG Status
=========
presenters: co-chairs
slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-administrivia/

The co-chairs summarized the status of the milestones and drafts in the working group.


Guidance draft status
=====================
presenter: Mio Suzuki
slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-draft-ietf-mile-iodef-guidance/
draft: draft-ietf-mile-iodef-guidance-11

Suzuki presented on the recent changes to the guidance draft that is now in AUTH48 state.


ROILE draft status
==================
presenters: David Waltermire and Stephen Banghart
slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-draft-ietf-mile-rolie/
drafts: draft-ietf-mile-rolie-13
      : draft-banghart-mile-rolie-csirt-01

Banghart presented on the multiple revisions to the ROILE draft based on AD, ART and IESG review.

Q: (Roman Danyliw): Is the resource usage changed in the ROLIE draft, is that consistent with the CSIRT draft?
A: (Stephen Banghart): No, but the usage is really strict in the CSIRT draft and would prefer it to stay that way.

Comment: (David Waltermire): To provide a more details on the /.well-known registration, ART wanted a more complete discovery story.  In response, we’ll be starting a new ROILE discovery draft - perhaps with an SRV record or a NANA record.  In particular in a multi-tenant deployment, more flexibility is needed for discovery.
A: (Stephen Banghart): Additional text has been added to the ROILE core draft on how to do the discovery. 

Banghart also presented on the CSIRT ROILE extension.

Q: (Adam Montville): To clarify, is the extension template publicly hosted or privately hosted on GitHub?
A: (Stephen Banghart): privately
A: (Adam Montville): we moved it into a public GitHub repo to work on our extension
A: (Dave Waltermire): I have concerns that just putting the template on GitHub will make it difficult to find.

Per slide 9:

Q: (Roman Danyliw):  Why do we want to make it different?  We want to be more secure with CSIRT draft than ROLIE core?
A: (Dave Waltermire):  The ROLIE draft says it MAY be for backward compatibility; which isn't as strong as security as you would like, especially for CSIRT operation.  
A: (Roman Danyliw): The inconsistency without an explanation is bothersome.
A: (Dave Waltermire):  conditional must on if you have a RID endpoint
A: (Stephen Banghart): option (C) for running a RID endpoint
A: (Roman Danyliw): that works and seems more consistent

The authors will update the draft to reflect option C - Indicate that the "/" requirement MUST be supported, only if the organization runs a RID endpoint.

The authors will eliminate requirements in ROLIE that restrict what must be included in a referenced IODEF document.


XMPP draft status
=================
presenter: Nancy Cam Winget
slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-slides-100-mile-xmpp-grid/
draft: draft-ietf-mile-xmpp-grid-04

Nancy Cam-Winget summarized the results of WGLC which identified that the document was not ready.  Outstanding areas of improvement are now better understood.


JSON binding of IODEF
=====================
presenter: Takeshi Takahashi
slides: https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-draft-ietf-mile-jsoniodef/
draft: draft-ietf-mile-jsoniodef-01

Takeshi Takahashi introduced the current status and issues of the draft on the json representation of IODEF.

Per slide 3 (ML String)
Comment: (Chris Inacio): I could agree to either option, as long as it is possible to create a converter from JSON-to-XML-JSON without loss.

Q: (Brett Jordan): What is the purpose of MLString?
A: (Takeshi Takahashi): The original IODEFv2 supports multi-character languages by providing MLString class. With this class, non-English language, including Japanese, could be used for representing the data.

Q: (David Waltermire): There are things in IODEF like SoftwareReference that lets you embed arbitrary XML.  How will you support xml:any in JSON?
A: (Takeshi Takahashi): Likely as a base64

Per slide 4 (Binary strings)
Q: (Takeshi Takahashi): Which approach should we use?
A: (Chris Inacio): Pick one. Any one.
Q: (Roman): How will you be able to round trip the XML to JSON and back to XML if both base64 and hexadecimal are not supported?
A: (Roman): We will need to sweep through the IODEF XML specification to understand the impact of any given choice on that.
A: (Kathleen): We need to review this issue.

Per slide 5 (Omitting semantic classes)
Q: (Stephen Banghart): Clarification. What do you mean by "removing the class"?
A: (Takeshi Takahashi): Class A has an element of this class, which has element B. In this case, the class A may directly include the element B. In this way, we do not need this class.
A: (Roman Danyliw): Those are "container classes" so the semantics could be inferred from the JSON structure.
Q: (Takeshi Takahashi): So, would you mind deleting these classes in the draft?
A: (Roman Danyliw): Yes, but documentation is needed in the draft to maintain consistency with the IODEFv2 XML document.


Closing
=======
presenters: co-chairs

The co-chairs explored the milestones for the WG.
  - XMPP-grid will have another WGLC soon.
  - ROLIE is almost completed.
  - JSON IODEF is just initiated, reviews are appreciated.
  - The ROLIE CSIRT extension is currently not a WG draft.

Comment: (Roman Danyliw): I have feedback from the ROILE CSIRT extension.

Comment: (David Waltermire): I am interested to implement the ROILE draft and extension.  Exploring STIX is also of interest.
A: (Nancy Cam-Winget): STIX would not be in scope according to our current charter.
A: (David Waltermire): I consider the CSIRT extension is within the scope of MILE.
A: (Nancy Cam-Windget): I'm ok with the scope, but my point is that I haven't seen enough interests on the mailing list.
A: (David Waltermire): I believe it is reasonable. I would like to welcome any comments or feedbacks on the draft.
A: (Nancy Cam-Winget): Is there interest in the draft?
A: (Chris Inacio): I've read it. I just didn't post anything to the mailing list. I can post something to the list.
A: (Nancy Cam-Winget): I'll reissue the interest to the mailing list.
A: (Takeshi Takahashi): If we can change the charter of MILE a bit and suppport STIX for ROLIE, I am interested.
Q: (Nancy Cam-Winget): This point is well taken, but STIX is currently not in our charter.
                       Once we reach that point, we can discuss rechartering.
                       Show of hands, is there interest on the CSIRT extension work?
(Many hands are raised)

Comment: (Nancy Cam-Winget): I’ll ask this question again on the mailing list.

Comment: (Brett Jordan): I really like what was done with ROILE.  I would like a JSON binding for ROILE.

A: (Chris Inacio): What does that mean?
A: (David Waltermire): Creating a constrained version of the proposal.  There appeared to be interest in this work at IETF 99.
A: (Nancy Cam-Winget): There is interest.