Extended Incident Handling (INCH) WG Minutes IETF 66 Wednesday, July 12, 2005, 13.00-15.00 Montreal, Canada Chair: Roman Danyliw AD Adviser: Sam Hartman ---[ Agenda ]----------------------------------------------------------- o Administrative (Roman Danyliw, 15 min) o Status review of all document (20 min) - Requirements: draft-ietf-inch-requirements-08 (Gleen Keeni-Mansfield) - IODEF data model: draft-ietf-inch-iodef-07 (Roman Danyliw) - RID: draft-ietf-inch-rid-07 (Kathleen Moriarty) - Transport: draft-ietf-inch-soap-02 (Kathleen Moriarty) - Phishing: draft-ietf-inch-phishingextns-03 (Pat Cain) o Inter-Op Results (Brian Trammell, 30 min) o Implementation Reports - MIT Linconln Labs (Stephen Boyer, 15 min) - DIM (Dario Forte, 15 min) ---[ Requirements ]----------------------------------------------------- document: draft-ietf-inch-requirements-08 presentation: http://www3.ietf.org/proceedings/06jul/slides/inch-2.pdf Gleen Keeni-Mansfield (proxy presentation) relayed status on the requirements drafted. Based on substantial comments to the -07 version of during last call, a new draft was produced. This -08 version will be run through another short last call in August. ---[ Data Model ]------------------------------------------------------- document: draft-ietf-inch-iodef-07 presentation: http://www3.ietf.org/proceedings/06jul/slides/inch-1.pdf Roman Danyliw reviewed the updates in -07 and the remaining work necessary to complete the data model draft. Minor technical an editorial changes from the inter-op event and IANA considerations will be added to the future draft. This document will then undergo WG last call in August. Comments: - A need to represent additional information about the sensor Detecting activity was raised. The proposed solution was to add System@type="sensor". ---[ RID draft ]------------------------------------------------------- ---[ SOAP Binding draft ]---------------------------------------------- document: draft-ietf-inch-rid-07 document: draft-ietf-inch-rid-soap-02 Kathleen Moriarty noted than an updated -07 draft of RID and -02 draft of the SOAP binding were produced based on changes in the -07 version of the data model. Otherwise, all drafts are ready for WG last call. Comments: none ---[ Phishing Extensions draft ]--------------------------------------- document: draft-ietf-inch-phishingextns-03 presentation: http://www3.ietf.org/proceedings/06jul/slides/inch-5.pdf Pat Cain presented on the status of the phishing extension draft. Numerous outside reviewers provided feedback on this document which is reflected in the -03 draft. It is ready for last call, but relies on the data model draft as a normative reference. Comments: none ---[ Inter-Op Report ]------------------------------------------------ presentation: http://www3.ietf.org/proceedings/06jul/slides/inch-0.pdf Brian Trammell presented on the results of IODEF inter-op. Based on the performance of the implementers, the following changes to the draft were suggested: - Adding to all high-level significant classes - Adding examples to the POSTAL data type ---[ MIT Lincoln Labs Implementation Report ]-------------------------- Stephen Boyer presented on the MIT Lincoln Labs IODEF implementation. This experience suggested the following changes in the specification: - Additional language in the text noting that while all child elements of the Assessment and Contact classes are optional in the schema, there are mandatory data elements per the data model. - Adding "sensor" as an option to System@type to allow the representation of the sensor that detected the activity. ---[ Digital Investigation Manager Implementation Report ]------------- presentation: http://www3.ietf.org/proceedings/06jul/slides/inch-4.pdf Dario Forte presented on the D.I.M. (Digital Investigation Manager) IODEF implementation.