Managed Incident Lightweight Exchange (MILE)

Tuesday Morning session II
11:20-12:20, March 26, 2019 (Prague)

Room: Karlin 3

--------------------------------------------------------------------------
MILE status
co-chairs                                                         -  5 mins

XMPP draft status
[draft-ietf-mile-xmpp-grid-10]
Nancy Cam Winget                                                  - 10 mins

JSON IODEF
[draft-ietf-mile-jsoniodef-07]
Takeshi Takahashi                                                 - 10 mins

Rolie draft status
[draft-ietf-mile-rolie-csirt-00]
Stephen Banghart                                                  - 10 mins

AOB                                                               - 10 mins
--------------------------------------------------------------------------

Total:                                                              45 mins

Volunteers:
  Note Takers: David Waltermire and Chris Inacio
  Jabber scribe: Stephen Banghart

Notes:

WG status
https://datatracker.ietf.org/meeting/104/materials/slides-104-mile-mile-status-overview-00
--------------------------------------------------------------------------
Stephen Banghart -  ( :) ) was ok with the April 2019 ROLIE CSIRT milestone for WGLC

XMPP draft status - Nancy Cam-Winget
https://datatracker.ietf.org/meeting/104/materials/slides-104-mile-draft-ietf-mile-xmpp-grid-10-00
[draft-ietf-mile-xmpp-grid-10]
--------------------------------------------------------------------------
AD - standard vs. information, this is an edge case; if editor has a strong preference, we should use it.
Stephen. Banghart - flexible on std vs. informational; didn't have a lot of normative language previously
Alexy - There are additional requirements above XMPP, which makes it more like a standards track
Kathleen Moriarty - concurs; has more normative language; (advising that could approve document and send last set of edits via RFC editor note)
Nancy - Not sure there is enough time to address Ben's Discuss before the Plenary. Might run out of time.
AD - Nancy, you should ask Ben if he will have time to review.


JSON IODEF - Takeshi Takahashi
https://datatracker.ietf.org/meeting/104/materials/slides-104-mile-draft-ietf-mile-jsoniodef-07-01
[draft-ietf-mile-jsoniodef-07]
--------------------------------------------------------------------------
Take needs a clean version of the XML for IODEFv2 / RFC7970
Kathleen Moriarity - You can get that from teh RFC editor
Waltermire - does RFC editor version. have erata applied?
Kathleen -  RFC editor should have updated version
Chair -  in process of mapping to CDDL/JSON, more errors were found in 7970 XML
Kathleen - publish errata, then you can get process to do a bis on the document
Kathleen - 7970-bis would be  fast if the changes are limited to applying errata; this would only require review by the experts since this approach is just veryifying documented mistakes

Nancy - an IANA registry can be used to provide extensibility
Chris Inacio - If an IANA registry is added for JSON, these need to be made available for XML IODEF
Dave  Waltermire. -  example about CDDL was w/ CoSWID (coauthor for that). creating that registry. for CoSWID in order to keep. CoSWID. in. sync. with ISO. based SWID. standard,  to. avoid divergence.
Stephen. Banghart - its a tag value registry or more?
Waltermire - no there are. more values which provide roles, etc. so they provide ability. to. sync without new. drafts
Banghart -  Is this about adding the CDDL (schema) in the IANA registry? I recommend just including the CDDL in an appendix; this is option #1 on slide #3.


Rolie draft status - Stephen Banghart
[draft-ietf-mile-rolie-csirt-00]
--------------------------------------------------------------------------
Kathleen Moriarty - what standard about developed in Europe that is gaining traction; (Need to lookup standard name from CARIS workshop Mirjam's TF-CSIRT presentation?)
Banghart - (1) can we do it?  Yes
Banghart - Need a few hours on the phone with someone who knows the format
Waltermire. - Option C - update the draft when we learn about it
Chair. -  The point of. the document is to show how. people to use ROLIE to. coordinate these data. types (as exemplars) so we don't need to wait
Options - (A) publish as is (B) split for. more support for STIX & IODEF (C) publish and do update (D) ...


Chair - does working group object to having this in one document
room. - no objections
Chair -  does the working group want to include the third format?

Chair - Kathleen will find the new format (MISP - https://www.misp-project.org/) and email the list before the end of the week; Stephen will move forward with a single draft, allowing some time to include the additional format; WGLC on next revision


Take. -  VDO is really good work (independent of MILE) and CVE has real problems when applying machine learning techniques;  so I am very supportive of this work
Chair -  Is. the group interested in working on this document in MILE?
Waltermire. - general room concensus, yes do the work, as long as the work gets a home, MILE is fine
Chair -  is anyone willing to. coauthor?
Waltermire -  I will help co-author

Chair. - Who would be interested in reviewing the vulnerability work?
Takeshi Takahashi, Jessica Fitzgerald-McKay, Kathleen Moriarity volunteered.

Waltermire. - can we do adoption comments on. the list with respect to time. and. document. status?

Chair - working group. will adopt document
Banghart - will submit updated document to working group in 1-2 weeks
Chair - preliminary review after document for working group document


AOB
--------------------------------------------------------------------------

Milestones - WGLC for ROLIE csirt extension by 3rd week of April
Kathleen Moriarty will review draft
Chris Inacio will review draft

TT,  JF-M,  KM - mid-May will work for reviews.