From nobody Sun Nov 4 01:41:48 2018 Return-Path: X-Original-To: cacao@ietfa.amsl.com Delivered-To: cacao@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFBD6128DFD; Sun, 4 Nov 2018 01:41:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eUUPKS5Mib9R; Sun, 4 Nov 2018 01:41:44 -0700 (PDT) Received: from mail-pf1-x441.google.com (mail-pf1-x441.google.com [IPv6:2607:f8b0:4864:20::441]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4A12127133; Sun, 4 Nov 2018 01:41:41 -0700 (PDT) Received: by mail-pf1-x441.google.com with SMTP id y18-v6so569568pfn.1; Sun, 04 Nov 2018 01:41:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:date:to; bh=hI1Ji5xDQQ+cmPe13UC+ELN092I7GhYhN6df96ofVv8=; b=p6Z6QqUkLoBjXoiEQBLCJaEkMhYwxpCTfHGDC9sE4T/bndc1jwPv+TipEH/Rmn5Vam lc0IlWyukRKGInAmNPm6SjskIsPuIuGNgguM/Q8RJewS2GbWoXYaiv86arYWPy0WEL7v oW1nXO5l4fl6/F6IKs2giUKFXAtywOF4ENc2TgsbKUu1DUbTXlqPy0jXwQ6pPAaBokiG FlvSepWjpbMfc9Dd7INn1hquMrptb3gDFahJ27ZwVcVAN9hRuPzfmjnJyt3itvdcFmKI yH5DKIttRZMr4Tobs+WXwW0TB1agoqaVjEYKbaiZvG3cR8crQH4GqfaS8uMGkiowIPqv lRUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=hI1Ji5xDQQ+cmPe13UC+ELN092I7GhYhN6df96ofVv8=; b=bPsHDJkoBh5jueH72zWOl0B/jBnEhXdJghTHyQ0gIKFsCANRMO4L3yX0pTuR+NZg9y 8QKim7/YvV7dDFW8I6r2/CyrTeF5ZouOifY520WGkC2e5mplqh1QBSoiLQ7MrIDoH7vt 86tlZBaARIhJrLh/ByKfwSkRxox21mB323f677NdAJc7jYdiML8nPKRjvTU0KSR0clzP 78nRz8nIv7gMmdBQI4k5bgEiRqJs9vsx39ORYqVn05P6YI/btIeobGDra91AHRzXm8yQ K/OZ5QL04+gjH9ZJpqCpGIWhS7OrQTDrcWLCmhAyzj9cfaRsvJGjup9SY/0Lyk1zmkdx FDtA== X-Gm-Message-State: AGRZ1gKLfyNeIa56ETyvxnUxlct78Rn/zYscD2Oy0PiWoizunlJvOnsn 3M6FQba4JgcG44c7KR5bJjzTlZKK X-Google-Smtp-Source: AJdET5c1Sz75zXHrj2sxMIjwQ6v10iKCbIaujKamTWlxEc6WwdalIMXbDA6d8ZAeeyjRnBOdcfszXA== X-Received: by 2002:a63:e055:: with SMTP id n21mr2714654pgj.397.1541320900536; Sun, 04 Nov 2018 01:41:40 -0700 (PDT) Received: from [172.20.24.247] (110-170-235-6.static.asianet.co.th. [110.170.235.6]) by smtp.gmail.com with ESMTPSA id d64-v6sm7781012pfa.80.2018.11.04.01.41.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 04 Nov 2018 01:41:39 -0700 (PDT) From: Bret Jordan Content-Type: multipart/alternative; boundary="Apple-Mail=_FE0F3960-533C-4337-8B48-183471BAC0A4" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Message-Id: <606EB479-0F4D-40D1-B1AF-463CB0FB6418@gmail.com> Date: Sun, 4 Nov 2018 15:41:27 +0700 To: "saag@ietf.org" , Secdispatch@ietf.org, cacao@ietf.org X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: [Cacao] CACAO meetings at IETF 103 Bangkok X-BeenThere: cacao@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Collaborative Automated Course of Action Operations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Nov 2018 08:41:47 -0000 --Apple-Mail=_FE0F3960-533C-4337-8B48-183471BAC0A4 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii All, This is just a friendly reminder about the two scheduled activities = around CACAO at this IETF. If anyone would like further information, or = would like to talk at an additional time, please let me know. =20 Sunday Night 18:00 Hot RFC Talk in Chitlada 3, 2nd floor Tuesday Night 17:00 Side Meeting in Pagoda, 4th floor Document The initial introduction draft document can be found here: = https://tools.ietf.org/html/draft-jordan-cacao-introduction-00 = Abstract The CACAO draft describes the need for defining a standardized language = and associated protocols to capture and automate a collection of = coordinated cyber security actions and responses. This collection of = actions is called a Course of Action (COA) Project.=20 Goals Our goal is to have a BOF at IETF 104 Prague and hopefully a working = group shortly there after. If you are interested in Course of Action = Projects, Security Playbooks, the Integrated Adaptive Cyber Defense = (IACD) work from Johns Hopkins University - Applied Physics Lab (APL), = or automated security response please join us. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that = can not be unscrambled is an egg." --Apple-Mail=_FE0F3960-533C-4337-8B48-183471BAC0A4 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii All,

This = is just a friendly reminder about the two scheduled activities around = CACAO at this IETF. If anyone would like further information, or would = like to talk at an additional time, please let me know.  

  1. Sunday Night 18:00 Hot RFC Talk in Chitlada 3, 2nd = floor
  2. Tuesday Night 17:00 Side Meeting in Pagoda, 4th = floor

Document
The initial = introduction draft document can be found here: https://tools.ietf.org/html/draft-jordan-cacao-introduction-00<= /a>




= --Apple-Mail=_FE0F3960-533C-4337-8B48-183471BAC0A4-- From nobody Tue Nov 6 03:36:44 2018 Return-Path: X-Original-To: cacao@ietfa.amsl.com Delivered-To: cacao@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A309130DC3 for ; Tue, 6 Nov 2018 03:36:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OsQOwJ2CWx0P for ; Tue, 6 Nov 2018 03:36:41 -0800 (PST) Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D76F12D4F1 for ; Tue, 6 Nov 2018 03:36:41 -0800 (PST) Received: by mail-pl1-x635.google.com with SMTP id w22-v6so2749943plk.0 for ; Tue, 06 Nov 2018 03:36:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:date:to; bh=QhwryBfdItV5px4TPnBIzBdQOf3Q4XY3Jr43vADEJOA=; b=KThtXZsdv1Kq3PeO+h2xWIszb7e/tTx+u0cH+fS1hXtcdalI6UBSKs98OCudku1KI7 bytDDmijWZAV3W2E/JibV7B6awI9HHKTmvwetH2H5t0n+1epAgvoYP/+sKqt9p7dO/km v8nSVFRYe2uLKDP1WMddh4DECi6amQpR34RO+46FYvl/XiztQUjuTvlKLCD1Xju6bfTR 6JSciufdFIRX7ZU9TtrCHERDXJxgvOBJNeTEFFftdv1EDzFMEFF4exZdOd2E96BIw/uH dvxgHBs6mqgj1bAe03CLGniyFzwEZA1VOIiL3DpH+l2hksu5O9lOITtLR8P9PC/w3OlA PlQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=QhwryBfdItV5px4TPnBIzBdQOf3Q4XY3Jr43vADEJOA=; b=gDGao0jGambXb+nOQt6c2e/Nj3okyXyu42QLOjP65L1WN3Z33pPekvT/Q+vMmgB4/v W4J90PqsifxdPTM8Qo6QIbDyq6gLfGj+gCpOtIfxIPZqYs5OGz2lWUP1wkaBLzCPltEg phfDh1gbFCxpX5TXPBIemlIM1HLlANJFXUU+zxo2+rL10S+VpfV5UaAUb7VBdS4YRVkr OuCPQXA/fbPyVqblG0WXgdWs0R80Orno5NYF2fewoWKlBZCc+SRzqX/mXjEz/eBV1UAb IratkaPfb/mBfSfhnubqKJhrikB9xB5JI8BmG0bB9w8IiuriXJhvlyV5s4LIzUt8I0U6 UwvA== X-Gm-Message-State: AGRZ1gI8/i6MKyhpmtNXlsMNfHb4SeRs5d62LujACLnU93jQoRHWgoUz NZPk3SXct6ytzZPkx53RVc2vHb75 X-Google-Smtp-Source: AJdET5fVCcVgo6iF39DnSZYczCb+GLCiojaUf0DQKXABW3gAZuLog0uvYMsJxGIhN6Ug7FouHMXaZg== X-Received: by 2002:a17:902:b486:: with SMTP id y6-v6mr26184674plr.263.1541504200920; Tue, 06 Nov 2018 03:36:40 -0800 (PST) Received: from [172.20.24.247] (110-170-235-6.static.asianet.co.th. [110.170.235.6]) by smtp.gmail.com with ESMTPSA id e8-v6sm17410952pfi.61.2018.11.06.03.36.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Nov 2018 03:36:40 -0800 (PST) From: Bret Jordan Content-Type: multipart/alternative; boundary="Apple-Mail=_B32A890E-7561-49FA-874B-B0CA4607AC0B" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Message-Id: <2D7C3B85-F9C9-4862-B832-F9B746F0B75B@gmail.com> Date: Tue, 6 Nov 2018 18:36:26 +0700 To: cacao@ietf.org X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: [Cacao] Recap of Side Meeting X-BeenThere: cacao@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Collaborative Automated Course of Action Operations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2018 11:36:43 -0000 --Apple-Mail=_B32A890E-7561-49FA-874B-B0CA4607AC0B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii All, I want to thank everyone that attended our unofficial hour-long side = meeting this evening. We had 16 people in the room and had a great = discussion. For those of you that could not attend, I gave a quick = introduction/overview to CACAO and the problem that we are trying to = solve. I also talked through some of the requirements that we have = already identified. There were lots of great questions about this work = and I feel things went really well. The consensus in the room was that this is a problem that we should work = on and that those in the room would be supportive of moving this work = forward. Some concerns were expressed about ensuring that this is done = securely and ensuring that we work with other groups as appropriate.=20 Here is my back of the napkin proposal for next steps: 1) Hold another Introduction to CACAO WebEx session (a request = from the room) 2) Start working on a mission statement / charter for this group 3) Identify the buckets of work we can address and the order in = which we can address them (crawl - walk - run) 4) Work towards an official BOF for Prague (consensus from the = room) If you have concerns with any of this, or would like to talk with me = more about it, please let me know. For those here in Bangkok we can = setup a time to talk face-2-face. Thanks again for all of the great questions and discussion that we had = tonight. =20 Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that = can not be unscrambled is an egg." --Apple-Mail=_B32A890E-7561-49FA-874B-B0CA4607AC0B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii All,

I = want to thank everyone that attended our unofficial hour-long side = meeting this evening. We had 16 people in the room and had a great = discussion.

For = those of you that could not attend, I gave a quick introduction/overview = to CACAO and the problem that we are trying to solve. I also talked = through some of the requirements that we have already identified. There = were lots of great questions about this work and I feel things went = really well.

The= consensus in the room was that this is a problem that we should work on = and that those in the room would be supportive of moving this work = forward. Some concerns were expressed about ensuring that this is done = securely and ensuring that we work with other groups as = appropriate. 

Here is my back of the napkin proposal for next = steps:

1) Hold = another Introduction to CACAO WebEx session (a request from the = room)
2) Start working on a mission = statement / charter for this group
3) = Identify the buckets of work we can address and the order in which we = can address them (crawl - walk - run)
4) Work = towards an official BOF for Prague (consensus from the = room)

If you = have concerns with any of this, or would like to talk with me more about = it, please let me know. For those here in Bangkok we can setup a time to = talk face-2-face.

Thanks again for all of the great questions and discussion = that we had tonight.  

Bret
PGP = Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 = 0050
"Without = cryptography vihv vivc ce xhrnrw, however, the only thing that can not = be unscrambled is an = egg."

= --Apple-Mail=_B32A890E-7561-49FA-874B-B0CA4607AC0B-- From nobody Tue Nov 13 10:11:47 2018 Return-Path: X-Original-To: cacao@ietfa.amsl.com Delivered-To: cacao@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A75212777C for ; Tue, 13 Nov 2018 10:11:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WwRA9cNM27Vt for ; Tue, 13 Nov 2018 10:11:42 -0800 (PST) Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AADE128B14 for ; Tue, 13 Nov 2018 10:11:42 -0800 (PST) Received: by mail-yb1-xb2d.google.com with SMTP id i78-v6so5796441ybg.0 for ; Tue, 13 Nov 2018 10:11:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:date:to; bh=BVr7bT+ggc9BYmtEtQk250X7mlhUKD4pqVuzefK6ABc=; b=XOvZURycaGc1Sg3GaiJ4Aw0Mg+41rqHVDx/NE4jAk5VquO6t6Ey0mZV74nuggpFyci 5jRqpole4QJOuL+Uy8CziMQJ0rBNodoLAlq/TtRY1TMcVX5lcChda1mcKCsFtR6oY7HY IMRbxPVO+JegMJe4A5qRHPd1EwdZP0Pd9hMnTUXfKZLz09+2WXs6fhAc/Kg1+Y2OzCct lZwp6TQp+JDZPMDNEftySAYjsUiJhSiuAsJFzg03NZSUXbjHtLF/T1PHZSQJjtROOCO5 YQzUXW6v4FKCxtT3VoI9vrGJAvhtx3bqx6hp82Q2/FnGyqlIgemFKmhjY55erBv3ULZI ACng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=BVr7bT+ggc9BYmtEtQk250X7mlhUKD4pqVuzefK6ABc=; b=R9JH9cy3oahWXf94+ovpaeksCB2Tf6k+6D3GWQKtkokgksohOBR0W1S5GBb7CtALPk nah9grewU6zra3nIkBGQoOrA0rlitENn2pUIvuD084SmrBvRsghqTabOJokstg7/lff+ WvcTkiV/dY5Mfp8UgcgrkOeTFabsQchA4L+7h7hZ72HG76fdMpYVBj7JsasI3hkqgZE9 dS3S58QXKCP/QvwgCVugrRs528cSAjhJBilsoic1QEWpj54kjd3gUP2x8skzI2KtRLH0 eE6/65/Cy9frpFqts2t2qgrmYnN97KgJpBnxgF9ONcL3Mp2y/+OVLR9aUKFos9l5r8PP hq5Q== X-Gm-Message-State: AGRZ1gLLhP2Y3J3ADEXGle5k1N0hRA+MB99tufLor3Xk65EiejEhYSf5 nN/Mf2olSRPLGIKzkeixATW2OWHD X-Google-Smtp-Source: AJdET5d61lxACMpaNgiWPOnPFj8qOtFmwuEyyQO6++pI7LYqYvlZj8hcI15BaZKmTMJ4Jmbvb9/j2Q== X-Received: by 2002:a25:b7d1:: with SMTP id u17-v6mr6102210ybj.119.1542132701089; Tue, 13 Nov 2018 10:11:41 -0800 (PST) Received: from ?IPv6:2605:a601:3260:266:2cca:6522:681b:e2d8? ([2605:a601:3260:266:2cca:6522:681b:e2d8]) by smtp.gmail.com with ESMTPSA id c6-v6sm15075873ywh.34.2018.11.13.10.11.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Nov 2018 10:11:40 -0800 (PST) From: Bret Jordan Content-Type: multipart/alternative; boundary="Apple-Mail=_80BDB370-2A6B-4E7A-921F-B2142224A8D1" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Message-Id: <7AD9334A-8C11-4F68-A389-DB92722F8C89@gmail.com> Date: Tue, 13 Nov 2018 11:11:32 -0700 To: cacao@ietf.org X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: [Cacao] IBM Article on CACAO X-BeenThere: cacao@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Collaborative Automated Course of Action Operations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2018 18:11:45 -0000 --Apple-Mail=_80BDB370-2A6B-4E7A-921F-B2142224A8D1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii All, IBM Wrote a great article on the need for sharing and collaboration in = Cyber Defense. It references our CACAO work. You can find the article = here: https://securityintelligence.com/busting-cybersecurity-silos/ Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that = can not be unscrambled is an egg." --Apple-Mail=_80BDB370-2A6B-4E7A-921F-B2142224A8D1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii All,