Incident Handling (INCH) WG report Thursday, November 13. 2003, 13.00-15.00 IETF 58: Minneapolis, USA Chair: Roman Danyliw AD Adviser: Steven Bellovin The Minneapolis INCH meeting was productive in discussing many of the remaining issues in the working group. - The requirements draft [1] is heading toward completion. The remaining work on the requirements draft is in: o providing more descriptive text for certain requirements o proof reading of the text - The data model [2] is largely stabilized. The remaining work is in: o evaluating and refining the new XML Schema implementation o review of the XML Schema by the XML Doctors o fully integrating XML-Signature and XML-Encryption o examining and further enumerating certain enumerated attribute values o codifying the semantics of document updates, and making any appropriate data model changes that might be necessary (note: might require re-charter to do correctly through an IODEF protocol) o confirming that all FINE requirements are being met o proof reading of the text - An initial draft of the implementation guide is not yet complete. - Several independent implementations of the IODEF now exist. o ihsh (eCSIRT.net) o libair (CERT/CC) o IODEF Verifier (JPCERT/CC) Interoperability testing will be discussed with results for IETF 59. - There has been interest to bring in related work or taking on additional tasks. The WG felt quite strongly about publishing the data model as is. However, accepting additional drafts as IODEF extensions was met with favor. Hence, volunteers will create drafts that extent IODEF to: o represent statistics o encapsulate the RID protocol (draft-moriarty-ddos-rid-05.txt) (note: this has required re-chartering which has been sent to the AD for IESG approval) The idea was to create a core IODEF data model, and series of extensions for domain-specific usage. Implementors have voiced that there is a need for a protocol to exchange IODEF. Specifically, handling updates, acks, etc. is currently addressed in an ad hoc fashion. Since such a protocol would be a change in the scope of the WG, further discussion will occur on the mailing list. - Milestone updates were made to reflect a slight slippage in the delivery dates (WG last-call) of the WG drafts. o Requirements Draft: December 2003 (on-track) o Data Model: Feb 2003 (new date) o Implementation Guide: early 2004, with an initial draft by December 2003. (new date) Relevant Documents [1] Requirements: draft-ietf-inch-requirements-02 [2] Data Model: draft-ietf-inch-iodef-02