Managed Incident Lightweight Exchange (MILE)
Monday, July 17, 2017 (Prague)
15:50-17:20
Room: Karlin III

Note takers: Roman Danyliw and David Waltermire 
Jabber scribe: Chris Inacio

Chairs Summary
==============
presenters: Nancy Cam-Winget and Takeshi Takahashi
slides: https://www.ietf.org/proceedings/99/slides/slides-99-mile-status-update-01.pdf

The chairs provided a status update on the milestones and drafts of the WG.


Rolie draft status
==================
drafts: draft-ietf-mile-rolie-07
        draft-banghart-mile-rolie-csirt-01
presenters: David Waltermire and Stephen Banghart
slides: https://www.ietf.org/proceedings/99/slides/slides-99-mile-rolie-draft-00.pdf

Banghart summarized the changes based on WGLC feedback in draft-ietf-mile-rolie-07. (slide #2)
Banghart summarized the changes additional feedback (after the WGLC period) in draft-ietf-mile-rolie-08. (slide #3)

Q: (Banghart): To WG/chairs, what are the next steps?
A: (Cam-Winget): Most substaintial comments came through WGLC.  Next the AD should review.
A: (Moriarty): Just do the shepherd writeup and then I will do my AD review, and then send it forward for IETF/IESG review

Q: (Jordan): I'd like to better understand the direction of ROILE.  As the chair of TAXII, I'd like see convergence.
A: (Moriarty): These are different transport protocols making convergence difficult/interoperable.
A: (Jordan): I'd like to see how we can help product managers with adoption. There aren't multiple transports in v2.
A: (Moriarty): Perhaps the WG could have an updated on TAXII 2.0
A: (Waltermire): We'd like to see ROILE used as a transport for STIX.  ROILE uses ATOM syndication/pub; and TAXII uses JSON.  ATOM has the flexibility to request feeds in formats other than XML.
A: (Cam-Winget): I'd like to hear an updated on the status of TAXII v2 to understand the overlap.  This would let the WG define the gaps.
A: (Banghart): The JSON updated to ATOM pub is something that would be useful beyond MILE.
A: (Jordan): If we wanted to investigate CBOR for STIX or TAXII we can work on that.
A: (Cam-Winget): First order of business is for this WG to understand TAXII v2.  We can do this at an interim meeting.

Poll: (Cam-Winget): Hum to signal interest in understanding the links between ROILE and TAXII
WG: Signals interest
Comment: (Cam-Winget): I'll take the action to setup a time to discuss this issue with the WG.
Comment: (Jordan): As as vendor, I'd like to see JSON in ROILE.  XML is not in the development stack of many vendors.
Comment: (Cam-Winget) to (Banghart): We (chairs) will want you to lead a conversation about ROLIE JSON when the time comes.

Q: (Banghart): To WG/chairs, I'd like WG adoption on this draft.
A: (Cam-Winget): Who's read this document?
WG: very few.
A: (Cam-Winget): We need more reviewers.  Any volunteers?  
Volunteers: Chris and Frank will review.
A: (Cam-Winget): I'll send a note to the mailing list asking for reviewers

TDOD: Assign Chris I and Frank as reviewers.
TODO: Cam-Winget will send an email asking for more reviews

Banghart summarized activity during the Hackathon.  The activity included:
    - serving SWID tags and vulnerability bulletins used by other SACM components in the Hackathon
    - Also used ROILE to extract and serve OVAL content
    - Rolie worked well for these applications; no problems were found with the specification

XMPP draft status
=================
draft: draft-ietf-mile-xmpp-grid-03
presenter: Nancy Cam-Winget
slides: https://www.ietf.org/proceedings/99/slides/slides-99-mile-xmpp-draft-00.pdf

Cam-Winget summarized the current status of draft-ietf-mile-xmpp-grid-03, a major rewrite.
Comment: (Cam-Winget) Due to the large number of changes, the draft needs another WGLC

TODO: Takahashi will start a new WGLC on the draft after this meeting ends.

Cam-Winget also summarized work during the Hackathon on XMPP-Grid.  
  - Showed use of I2NSF with XMPP-Grid to share topology and session information
  - Showed inter-op of Cisco and Huawei switches

guidance draft status
=====================
draft: draft-ietf-mile-iodef-guidance-10
presenter: Mio Suzuki
slides: https://www.ietf.org/proceedings/99/slides/slides-99-mile-iodef-guidance-00.pdf

Suzuki summarized the current status of draft-ietf-mile-iodef-guidance-10.

Q: (Suzuki) Is this draft ready to send to Kathleen/IESG for publication?
A: (Cam-Winget) Yes, we will do the Shepherd writeup and send it to Kathleen for review.
    
Some comments on the IODEFv2 schema
===================================
presenter: Takeshi Takahashi
slides: https://www.ietf.org/proceedings/99/slides/slides-99-mile-comments-on-the-iodefv2-schema-01.pdf

Takahashi summarized recent experience using the IODEF v2 schema.

Q: (Takahashi) Can we remove the space in the schemaLocation of the IODEF schema?
A: (Moriarty) I will approve this, we need to make sure the schema in the draft is corrected as well.
Q: (Danyliw): The spacing in the XSD can be fixed easily in the registry.  Will there be a line-wrapping issue to correct that in the draft?

Further errors were introduced by Takahashi.

A: (Cam-Winget/Moriarity) An errata is going to be needed for this.
A: (Takahashi) I will send these information to the mailing list and to confirm the changes.
A: (Kathleen) Based on the discussion on the mailing list, I'll approve the changes.

The need for Json representation of IODEF was asked by Takahashi
The chair (Cam-Winget) has initiated the hum call to check whether the WG is intereted in this work.
The hum seems to be in favor of this work.

Related discussion in TLS v1.3
============================

Moriarty updated the WG on current discussions in the TLS WG.  In TLS v1.3, there is perfect forward secrecy removing the capability of enterprises that use static keys to inspect traffic.