2.4.5 G and R for Security Incident Processing (grip)

NOTE: This charter is a snapshot of the 40th IETF Meeting in Washington, DC. It may now be out-of-date. Last Modified: 27-Oct-97


Louis Mamakos <louie@uu.net>
Barbara Fraser <byf@cert.org>
K.P. Kossakowski <kpk@cert.dfn.de>

Operations and Management Area Director(s):

John Curran <jcurran@bbn.com>
Michael O'Dell <mo@uu.net>

Operations and Management Area Advisor:

Michael O'Dell <mo@uu.net>

Mailing Lists:

General Discussion:grip-wg@uu.net
To Subscribe: grip-wg-request@uu.net

Description of Working Group:

The full name of this working group is Guidelines and Recommendations for Security Incident Processing.

This working group is co-chartered by the Security Area.

The purpose of the GRIP Working Group is to provide guidelines and recommendations to facilitate the consistent handling of security incidents in the Internet community. Guidelines will address technology vendors, network service providers, response teams in their roles assisting organizations in resolving security incidents. These relationships are functional and can exist within and across organizational boundaries.

The working group will produce two quality documents:

1) Guidelines for security incident response teams.

2) Guidelines for vendors (this will include both technology producers and network service providers).

Goals and Milestones:

Feb 95


Produce document describing problem statement and document taxonomy/vocabulary. Also cite the Site Security Handbook documents to make clear the relationship and scope between the two working groups and documents.

Feb 95


Produce draft outline for remainder of Response Team Document.



Meet at Danvers IETF to review full Internet-Draft of Response Team Document.

Jun 95


Produce Internet-Draft on Guidelines for vendors.

Jun 95


Produce final version of Response Team Internet-Draft.



Meet at Stockholm IETF. Review vendor Guideline Internet-Draft.

Sep 95


Produce final version of Vendor Guideline Internet-Draft. Submit to IESG for review.


No Request For Comments

Current Meeting Report

Minutes of the G and R for Security Incident Processing (grip) WG

Reported by: Barbara Fraser

The GRIP working group met once during the 40th IETF meeting held in Washington D.C. The agenda for the meeting included the following topics:

The IRT document is complete and just waiting for formal action by the IESG/IETF. The group decided that they would like to submit the document for consideration as a BCP, and this will be done immediately after the IETF meeting.

Most of the meeting was spent discussing the current -01 draft of the ISP document (draft-ietf-grip-isp-01.txt). They had been discussion on the mailing list concerning two recommendations included in the draft. These were: 1) ingress filtering and 2) open mail relays.

There was consensus in the group to accept the current wording of the document with regards to both of these topics. The document editor will solicit comments from the ADs as well as other ISPs and if they can't support the recommendations, he will ask for specific examples of why the recommendations are flawed.

The editor will change the phrase "unsolicited commercial e-mail" to "unsolicited bulk email" to better describe the recommendation since it isn't only commercial organizations who send unsolicited email.

One other topic concerning the ISP document came up. A person in the community emailed Barbara about the relationship between this document and the SSE-CMM work going on in the community. Barbara will take the action item to review the SSE-CMM material for relevance and forward to the list any specifics, which Tom can then incorporate into the draft document.

The group briefly discussed the technology producer document and two people volunteered to develop a draft from the current outline. This will be ready by the end of January.

There was a suggestion to develop a document that would describe a common formatting for vulnerability reports. Computer incident response teams (e.g., CERT/CC), product vendors, and other organizations create their own documents with unique formatting. If these conformed to a set of basic guidelines, software could be written to parse the text to facilitate forwarding pertinent information to those who need it. This is currently a difficult task given the variety of formats. It was decided to encourage the author to write the draft document and the group would decide how to handle it once it existed.


ISP draft -02 from Tom Killelea: week of December 15
Informational RFC/BCP status for ISP document: by January 15
Submit IRT document to IETF last call for BCP action: week of December 15
Updated ISP draft -03: third week of January
Final ISP draft: 2nd week February
Submit ISP document to IETF last call for BCP action: March 1
Informational RFC/BCP status: by March 31, 1998


None Received

Attendees List

go to list

Previous PageNext Page