MILE: Managed Incident Lightweight Exchange Date: Monday, November 2, 2015 - 1300-1500 Responsible AD: Kathleen Moriarty Chairs: Alexey Melinkov and Takeshi Takahashi Secretary: David Waltermire Jabber scribe: Chris Inacio Venue: Room 413 at Pacifico Yokohama Number of Attendees (including remote participants): around 40 ############################################################ The Incident Object Description Exchange Format v2 (draft-ietf-mile-rfc5070-bis-15), Roman Danyliw, 20 min ############################################################ * ask for more editorial review * interest in changing schema for ordering issues? + Dave Waltermire - is there a requirement for strict ordering * roman - no + chair - how much work is it to change schema? * bunch of textual replace, but not too complicated + will put it on the list, but not a lot of excitement + kathleen Moriarty - was it an implementer? * roman - it was from a reviewer * DNS as extension / included + no push to have it included, expected as extension + Chris Inacio will help * Dave W + working on complete review of draft + won't get review done in time for WGLC + chair - finish this week? * Dave W - will finish review this week ############################################################ Differences between IODEF and IDEA (presentation slides only), Tomas Cejka, 20 min ############################################################ * Asking for readers / reviewers, most important is section 2 * Examples taken from v14 of IODef v2 draft * Also has notes about CESNET thoughts about JSON implementation * Source has to be an address / net resource + always a target that can be blocked / mitigated * Linda Dunbar - examples VIII + Does that mean that source = byte count * no, shortened example, each source can have its own counter * Bob Moscowitz - + Is this the "first mile"; reporting off of device (e.g. firewall) for reporting? + It's really interesting, but the draft is backwards in its construction; present IDEA first, then relate it to IODef * Daisuke Miyamoto - + IDEA is machine readable + IODef is human readable, but IODef is machine readable too * IDEA is easier for algorithmic processing, information elements can only exist in one place * IODef allows free form text in places * IODef allows recursion in its definition - harder to process + Does JSON representation of IODef help the group? + how does this compare to the n6 system? * comparison not done yet ############################################################ IODEF Usage Guidance draft-ietf-mile-iodef-guidance-04 Mio Suzuki, 10 min ############################################################ * chair - what's the scope + IODef only? JSON? * IODef only; + could review other drafts, e.g. phishing, and find more mistakes and share with Roman * okay + when do you think draft will be ready? * no idea, but we hope to finalize this work as soon as possible. ############################################################ MILE Implementation Report and its related activities (draft-ietf-mile-implementreport-06) Daisuke Miyamoto, 10 min ############################################################ * chair - ROLIE PoC, in scope / out of scope? * in current state, not sure? * would be good to include, but draft almost done, and ROLIE might not be far enough * chair - do you want WGLC? * want last call at next IETF * better to have new IODef published and then this is published ############################################################ XMPP Protocol Extensions for Use with IODEF (draft-appala-mile-xmpp-grid-00), Nancy Cam-Winget, 15 min ############################################################ * chris I - what does IODef add to XMPP-Grid? + (Nancy, Joe Saloway, Kathleen) adds federation and external exchange of threat / incident information between organizations * Chair - AD wants XMPP-Grid moved to MILE from SACM + amend charter conversation later ############################################################ Resource-Oriented Lightweight Indicator Exchange (draft-ietf-mile-rolie-00.txt), John P. Field, 10 min ############################################################ * chair - what should we do with this draft? + no responses * kathleen M (no ad hat on) - I'm curious if implementers of RESTful interfaces in this space have interest in ROLIE. Lots of products for exchanging incident and indicator information support REST, but haven't done it in a standardized way. + no response * chair - are you trying to have a std based draft or informational? (lots of MUST & SHOULD) + just from architecure hat in order to have an interoperable set of solutions + informational is okay, but std would be good too ### Kaoru Maeda - ROLIE example implementation ############################################################ PoC Implementation of Mile-Rolie-00 (presentation slides only), Kaoru Maeda, 10 min ############################################################ Presentation on the ROLIE PoC implementaion was done. It verified the feasibility of the technique described in the ROLIE draft. ############################################################ Discussion on JSON based IODef ############################################################ * chair - people want JSON based IODef? + IODef JSON definition + IDEA as JSON + Roman IODef and extensions define a data model * option 1 - reimplement those data models in JSON * option 2 - implement a subset of the data model (e.g. IDEA) * option 3 - implement a similar model (e.g. IDEA) in JSON * IDEA implements some features not in IODef + chairs - send those to list * general sentiment is that people DO NOT want option 3 * chairs - who wants to work on JSON mappings? + Tomas is interested / willing + Takeshi is interested, but scope isn't defined enough to committ * waltermire - who is going to implement the JSON version + chair - included on who is willing to work on it + takeshi - we don't have good IODef v2 XML implementations, hopefully we would get more in JSON, maybe + roman - it seems like IDEA seems like the idea of a profile of IODef (a subset) for a more specific purpose + bob - like the idea of profiles