====================================================================== MILE WG meeting notes London, UK - March 7, 2014 ====================================================================== Volunteers - Note takers: David Black, David Misell - Jabber scribe: David Waltermire Notes are in addition to slides. ---------------------------------------------------------------------- I. Welcome and Administrivia ---------------------------------------------------------------------- 11:50 Welcome, Status, and Agenda Bash 10m Chairs (K. Moriarty, B. Trammell) ---------------------------------------------------------------------- Note Well WG did not meet in Vancouver, progress on 5070bis draft on mailing list. SCI draft is now in RFC Editor Queue. Thank you to authors! Complete change in WG leadership (!): - Sean Turner (AD) is departing Many thanks to Sean with gift for his support of the mile WG - Kathleen Moriarty (chair) is joining the IESG as Security AD. Kathleen is the new responsible AD for the mile WG. - Brian Trammell (chair) is joining the IAB. New AD for WG - Kathleen Moriarty New WG chairs - Alexey Melnikov, Takeshi Takahashi New WG secretary - David Waltermire Welcome to all. ---------------------------------------------------------------------- II. Current Working Group Drafts ---------------------------------------------------------------------- 12:00 draft-ietf-mile-rfc5070-bis 20m R. Danyliw ---------------------------------------------------------------------- Draft is now at -06 version, lots of changes since Berlin meeting. Slides contain comprehensive summary of changes. Summary of incompatible v1 -> v2 changes. - result of the survey between the meetings was reported - the incompatible points are clarified Review of open issues - See slide and issue tracker for remaining open issues. - comments on items discussed in meeting Internationalization (issue #1): - Peter St Andre has volunteered to write text - David Black agrees to help out Enumerated values (issue #3): - will be recorded in IANA registries. Interaction of IANA registries with XML schema: - need advice - Alexey will help out Related DNS (issue #39): - unclear on how to represent - there should be something that is better than comma-separated-values - Chris Inacio offers to help do something - Aaron Kaplan, working on similar issue in JSON, offers to help out. New issue #46: - (not on slide) - add timestamp. -- Proposals for specific issues Indicator proposals - Narrow: timestamps for when indicator is valid to all indicator attributes (addresses #28 only), OR - Broad: Rethink indicator representation, put in new top level Indicator class, (addresses #14, #28, #41, #42). This sorts out "incident data" vs. "indicator data" confusion. This may have a significant impact on implementations, as indicators are current in EventData class. Computer email and file hash discussion now has an issue in the tracker Remaining untracked discussion - Is there any incident reporting data missing? Does anyone have any other issues from mailing list not covered in slides? Not in room or on jabber. New milestone for this draft to go to IESG - Late this year (around Hawaii) - Needs one more meeting cycle. Kathleen Moriarty (now as Security AD): Please start doing reviews on this draft. Dave Misell: What's status of predicate logic discussion? Aaron Kaplan: Have some fairly simple proposals on the list (AND/OR/NOT). Expert imput/review is welcome. Kathleen Moriarty: There was a list comment that some string functions would be useful (e.g., contains, starts-with, ends-with). Chris Inacio: This is headed for regular expressions, should we just go all the way there? Aaron Kaplan: Please be careful, regular expression is quite a bit to expect in CERT tools, as it invites someone sending in abusive regular expressions that cause a lot of computation. At a minimum, limit recursive descent and complexity in supported regular expressions. Will take regular expression discussion to list. ---------------------------------------------------------------------- III. Other Presentations ---------------------------------------------------------------------- 12:20 draft-murillo-mile-cps-00 15m TBD for M. Murillo ---------------------------------------------------------------------- Presenter was not able to come to meeting, please look at draft and comment on list. ---------------------------------------------------------------------- 12:35 draft-daisuke-iodef-experiment 15m D. Miyamoto ---------------------------------------------------------------------- See slides. This was very useful input! Roman Danyliw: Thank you for very useful feedback! - #3: Impact "type" - Need to be able to use local CERT types (e.g., JP-CERT). - #7: Very active list discussion on SWID usage, no conclusion yet. - #4: Need to support proxy server and web mailer options. Brian Trammell: Sees problem in #1 with schema usage. Roman Danyliw: Current XSD and examples checked with both xmllint and xmlspy. Dave Waltermire: #2: Should we revise XSD to remove usage of hyphens. --> Take issue to list. Dave Waltermire: Apply Enumeration and ExtendedData classes here to pick up data in software IDs. ---------------------------------------------------------------------- 12:50 draft-moriarty-mile-implementreport 5m K. Moriarty ---------------------------------------------------------------------- Draft can continue to absorb additional submissions and edits. Contributors welcome to revise their inputs, base on what others have sent in. As a new AD, Kathleen cannot continue as draft editor. New editors: Daisuke Miyamoto and Chris Inacio - All implementation-related draft should be incorporated into onw. - Material from draft-daisuke (previous item) will get incorporated into this draft. ---------------------------------------------------------------------- 12:55 draft-schaad-mile-iodef-plasma 15m T. Freeman ---------------------------------------------------------------------- Explanation of the plasma, and similarity of IODEF and email. See slides. Four running implementations of PLASMA for email. First draft is to takeing the process of plasma email. There are other things we can do, such as plasma light, if we have interests to continue. Please take questions to list - interesting alternative approach to IODEF security. ---------------------------------------------------------------------- 13:10 MILE + JOSE 10m Karen O'Donoghue (presenting for Jim Schaad) ---------------------------------------------------------------------- (Karen presents, not Trevor as shown on posted adventure) See slides, and there will be a PDF with detailed notes from Jim Schaad in the meeting materials. Especially see them for canonicalization discussion. Bottom line - Jim Schaad does not recommend JOSE for use by MILE. ------------- Many thanks to everyone for coming down to the meeting room at the end of the week.