Chairs - ============================== [chair] XMPP Grid Last call? [nancy] late on posting update, but need reviews [nancy] Bill & Adam did reviews, need more [adam] have some questions he can ask now, or ask later? [nancy] ask during presentation [nancy] Take has to shepard [take] I'll do that. [chair] can do WGLC by IETF-103? [group] (mostly adam & bill) November is okay [take] target WGLC by IETF-103, but blocked by CDDL spec [chair] 4 errata posted [chair] all errata confirmed by Roman, the author of RFC7970. [AD] there are no hard/fast rules about errata vs. RFC update [roman] hold off deciding how to advance errata solution because we might find more doign the JSON work [chair] begin to document / track errata (prefferably with a draft) but then do the right thing when we know [roman] willing to be editor on the errata draft Nancy Cam Winget - XMPP ============================== [nancy] focused on cleaning up on understanding on what's mandatory to implement [nancy] added a paragraph to that point [nancy] Bill & Adam requested help on operational considerations in running XMPP-grid [nancy] added informative, not normative info on that topic, but most feel its out of scope [nancy] there's already an IANA registery for XMPP topics, so we can add that for XMPP-grid [nancy] AD is there a more formal process for that [AD] send him a more specific question, and we can do more formal request to XMPP Foundation [nancy] co-author is in both XMPP Found & IETF, and tweaked draft to work for XMPP Foundation [adam] his questions were really directed to SACM operational [adam] really wanted to standardize topics to SACM needs [nancy] started work on that with Henk, need to write document to register topics with XMPP Found [nancy] will work with Adam offlfine to define SACM topics Takeshi Takahashi - JSON IODEF ============================== [take] conversation in previous meeting about using JSON Schema vs. CDDL - switched to CDDL from last meeting [AD] JSON Schema & CDDL in his AoR - his advice: pick the one that works for you, but don't switch because you think one is closer to publish [take] CDDL is nicer to define types, that's a benefit [take] want to issue JSON draft [bret] using CDDL why? verification of the data? [take] initialially yes, but also now using to for CBOR mapping [bret] there aren't really tools for CDDL [audience] there are some tools [take] using Carsten's Ruby CDDL tool, not perfect, but workable [frank] using CDDL, that is just CBOR? [take] want to get both JSON & CBOR [dave w] if you define in CDDL you get both JSON & CBOR for free; not with JSON schema [take] question about VulBulkDescriptor representation [roman] array is a better idea Stephen Banghart - ROLIE draft ============================== [stephen] have an update to CSIRT document [stephen] want to split CSIRT document into 2 documents [stephen] this requires recharter to include this draft [chair] current charter really speaks to IODEF and IODEF transport; so that would be a recharter [stephen] or generic incident data formats [chair] doesn't prefer to make it generic incident formats [take] does support extending to STIX [take] but should it just be STIX or other formats [chair] yes, that's the question [stephen] would like more format flexability [bret] would prefer to support STIX; ROLIE and TAXI are very similar - would like to work more on both of those [bret] would like to see eventual convergence of ROLLIE & TAXI [chair] bret, want to support just STIX or more [bret] would support larger set of data formats, not just STIX [chair] need to put a liason agreement in place [chair] need IP disclosure / understanding [stephen] solving STIX IP issues [chair] that isn't how IETF works [roman] rechartering to capture constellation of ROLLIE data format types and drafts for each [stephen] more than just STIX, things like ROLIE JSON have been asked for as well [stephen] Bret and I are working on JSON draft [chair] your intent is really to show the mapping of ROLIE, not just to IODEF, but to other formats [roman] mapping to generic formats, a list of formats, or somehting else [chair] plan to update the charter to use ROLIE as update/discovery mechanism to support incident data? [dave w] in ipsecme explicitly itemize the work items in the charter to manage the effort [chair] that might work, so the question of "is this just STIX, but then actually heard to more formats immediately" [kathleen] extensibility would be good, but not multiple transports, for formats [kathleen] maybe define the extension mechanism [kathleen] okay with supporting that, going back to INCH we supported more formats [stephen] CVE is desired as well [roman] I support data formats, but not other transports [henk] we have base ROLIE stuff which is the CORE, might need to define the hierarchy and the set of encodings [chair] do we need to define mandatory to implement [stephen] ROLIE just provides references to files [henk] you can use HTTP to request a data element, you don't know what format to expect [stephen] take that offline might have solved that [chair] any objections to recharter to support additional ROLIE data [AD] some subset of folks will work on recharter text, send to list, confirm, send to AD, do update [stephen] working on -00 draft of ROLIE-JSON [stephen] -00 of ROLIE-CVE is basically ready, waiting for recharter conversation to submit ======== [AD] just added accepted date for new milestones, chair's please update. ======= [stephen] will be splitting the CSIRT into 2 documents and they will be submitted well before Bangkok [chair] not likely ready for WGLC in Bangkok, target for WGLC in April - month after following face-to-face [stephen] agree ======= [AD] promised sweets is chairs update milestones without running out of time