2.4.5 G & R for Security Incident Processing (grip)

NOTE: This charter is a snapshot of the 45th IETF Meeting in Oslo, Norway. It may now be out-of-date. Last Modified: 29-Jun-99


Barbara Fraser <byf@cert.org>
K.P. Kossakowski <kpk@work.de>

Operations and Management Area Director(s):

Randy Bush <randy@psg.com>
Bert Wijnen <wijnen@vnet.ibm.com>

Operations and Management Area Advisor:

Randy Bush <randy@psg.com>

Mailing Lists:

General Discussion:grip-wg@uu.net
To Subscribe: grip-wg-request@uu.net
Archive: http://www-ext.eng.uu.net/grip-wg/grip-wg.txt

Description of Working Group:

The full name of this working group is Guidelines and Recommendations for Security Incident Processing.

This working group is co-chartered by the Security Area.

The purpose of the GRIP Working Group is to provide guidelines and recommendations to facilitate the consistent handling of security incidents in the Internet community. Guidelines will address technology vendors, network service providers and response teams in their roles assisting organizations in resolving security incidents. These relationships are functional and can exist within and across organizational boundaries.

The working group will produce a set of documents:

1) Guidelines for security incident response teams (IRT).

2) Guidelines for internet service providers (ISP) consisting of three documents covering the following topics:

* Expectations on how ISPs will coordinate with each other and IRTs in incident handling

* Consumer Checklist on ISPs

* Site Security Handbook (SSH) Addendum for ISPs

3) Guidelines for vendors (technology producers).

Goals and Milestones:

Mar 99


Submit Expectations for ISPs as an Internet-Draft

Mar 99


Submit Consumer Checklist on ISPs as an Internet-Draft

Mar 99


Submit Internet-Draft on security guidelines for technology providers

Mar 99


Submit Roadmap document as an Internet-Draft

May 99


Submit Revisions to three major I-Ds

Jun 99


Submit ISP documents to IESG for consideration as a BCP RFC

Jul 99


Submit revision to guidelines for technology providers as an I-D

Jul 99


Meet at IETF in Oslo

Sep 99


Submit final verion of guidelines for technology providers Internet-Draft

Oct 99


Submit guidelines for technology providers to IESG for consideration as a BCP RFC


Request For Comments:







Expectations for Computer Security Incident Response

Current Meeting Report

GRIP WG meeting Oslo
Reported by Tristan Debeaupuis
12 july 1999

1. Agenda

9:00-9:10 Agenda bashing
9:10-11:15 Document reviews
- draft-ietf-grip-user-02.txt
- draft-ietf-grip-isp-expectations-01.txt
- addendum for SSH
- user security expectation of vendors
11:15-11:30 Next steps

No changes proposed.

21 attendees.

2. draft-ietf-grip-user-02.txt

Tony Hansen led a discussion on the current draft. We weren't able to complete the full review and remaining issues will be discussed on the list. The following are the issues that were discussed.

3. draft-ietf-grip-isp-expectations-01.txt

The paragraph "The (undocumented) XTND XMIT POP3 extension which allows clients to send mail through the POP3 session rather than using SMTP may also be considered. It also provides a way to support mobile users at sites where open relaying is disabled, and has the benefit of an authenticated connection and a better audit trail" will be deleted.

4. Addendum for SSH

The draft document is not issued yet.

The main ideas of the document are :

Work done :

- 3.1 Announcement of Policy
- 3.2 Sanctions

5. Next steps


None received.