* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Mile Status Pages

Managed Incident Lightweight Exchange (Active WG)
Sec Area: Eric Rescorla, Kathleen Moriarty | 2011-Oct-25 —  
Chairs
 
 


IETF-100 mile minutes

Session 2017-11-16 1810-1910: Olivia - Audio stream - mile chatroom

Minutes

minutes-100-mile-00 minutes



          Managed Incident Lightweight Exchange (MILE)
          
          Thursday, November 16, 2017 (Singapore) 18:10-19:10
          Room: Olivia
          
          Chairs and Secretary: Nancy Cam-Windget, Takeshi Takahashi, David
          Waltermire
          Note takers: David Waltermire and Roman Danyliw
          Jabber scribe: Adam Montville
          
          -----------------------------------
          
          WG Status
          =========
          presenters: co-chairs
          slides:
          https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-administrivia/
          
          
          The co-chairs summarized the status of the milestones and drafts in the
          working group.
          
          
          Guidance draft status
          =====================
          presenter: Mio Suzuki
          slides:
          https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-draft-ietf-mile-iodef-guidance/
          
          draft: draft-ietf-mile-iodef-guidance-11
          
          Suzuki presented on the recent changes to the guidance draft that is
          now in AUTH48 state.
          
          
          ROILE draft status
          ==================
          presenters: David Waltermire and Stephen Banghart
          slides:
          https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-draft-ietf-mile-rolie/
          
          drafts: draft-ietf-mile-rolie-13
                : draft-banghart-mile-rolie-csirt-01
          
          Banghart presented on the multiple revisions to the ROILE draft based
          on AD, ART and IESG review.
          
          Q: (Roman Danyliw): Is the resource usage changed in the ROLIE draft,
          is that consistent with the CSIRT draft?
          A: (Stephen Banghart): No, but the usage is really strict in the CSIRT
          draft and would prefer it to stay that way.
          
          Comment: (David Waltermire): To provide a more details on the /.well-known
          registration, ART wanted a more complete discovery story.  In response,
          wefll be starting a new ROILE discovery draft - perhaps with an SRV
          record or a NANA record.  In particular in a multi-tenant deployment,
          more flexibility is needed for discovery.
          A: (Stephen Banghart): Additional text has been added to the ROILE core
          draft on how to do the discovery.
          
          Banghart also presented on the CSIRT ROILE extension.
          
          Q: (Adam Montville): To clarify, is the extension template publicly
          hosted or privately hosted on GitHub?
          A: (Stephen Banghart): privately
          A: (Adam Montville): we moved it into a public GitHub repo to work on
          our extension
          A: (Dave Waltermire): I have concerns that just putting the template on
          GitHub will make it difficult to find.
          
          Per slide 9:
          
          Q: (Roman Danyliw):  Why do we want to make it different?  We want to
          be more secure with CSIRT draft than ROLIE core?
          A: (Dave Waltermire):  The ROLIE draft says it MAY be for backward
          compatibility; which isn't as strong as security as you would like,
          especially for CSIRT operation.
          A: (Roman Danyliw): The inconsistency without an explanation is
          bothersome.
          A: (Dave Waltermire):  conditional must on if you have a RID endpoint
          A: (Stephen Banghart): option (C) for running a RID endpoint
          A: (Roman Danyliw): that works and seems more consistent
          
          The authors will update the draft to reflect option C - Indicate that the
          "/" requirement MUST be supported, only if the organization runs a RID
          endpoint.
          
          The authors will eliminate requirements in ROLIE that restrict what must
          be included in a referenced IODEF document.
          
          
          XMPP draft status
          =================
          presenter: Nancy Cam Winget
          slides:
          https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-slides-100-mile-xmpp-grid/
          
          draft: draft-ietf-mile-xmpp-grid-04
          
          Nancy Cam-Winget summarized the results of WGLC which identified that
          the document was not ready.  Outstanding areas of improvement are now
          better understood.
          
          
          JSON binding of IODEF
          =====================
          presenter: Takeshi Takahashi
          slides:
          https://datatracker.ietf.org/meeting/100/materials/slides-100-mile-draft-ietf-mile-jsoniodef/
          
          draft: draft-ietf-mile-jsoniodef-01
          
          Takeshi Takahashi introduced the current status and issues of the draft
          on the json representation of IODEF.
          
          Per slide 3 (ML String)
          Comment: (Chris Inacio): I could agree to either option, as long as it
          is possible to create a converter from JSON-to-XML-JSON without loss.
          
          Q: (Brett Jordan): What is the purpose of MLString?
          A: (Takeshi Takahashi): The original IODEFv2 supports multi-character
          languages by providing MLString class. With this class, non-English
          language, including Japanese, could be used for representing the data.
          
          Q: (David Waltermire): There are things in IODEF like SoftwareReference
          that lets you embed arbitrary XML.  How will you support xml:any in JSON?
          A: (Takeshi Takahashi): Likely as a base64
          
          Per slide 4 (Binary strings)
          Q: (Takeshi Takahashi): Which approach should we use?
          A: (Chris Inacio): Pick one. Any one.
          Q: (Roman): How will you be able to round trip the XML to JSON and back
          to XML if both base64 and hexadecimal are not supported?
          A: (Roman): We will need to sweep through the IODEF XML specification
          to understand the impact of any given choice on that.
          A: (Kathleen): We need to review this issue.
          
          Per slide 5 (Omitting semantic classes)
          Q: (Stephen Banghart): Clarification. What do you mean by "removing the
          class"?
          A: (Takeshi Takahashi): Class A has an element of this class, which has
          element B. In this case, the class A may directly include the element
          B. In this way, we do not need this class.
          A: (Roman Danyliw): Those are "container classes" so the semantics could
          be inferred from the JSON structure.
          Q: (Takeshi Takahashi): So, would you mind deleting these classes in
          the draft?
          A: (Roman Danyliw): Yes, but documentation is needed in the draft to
          maintain consistency with the IODEFv2 XML document.
          
          
          Closing
          =======
          presenters: co-chairs
          
          The co-chairs explored the milestones for the WG.
            - XMPP-grid will have another WGLC soon.
            - ROLIE is almost completed.
            - JSON IODEF is just initiated, reviews are appreciated.
            - The ROLIE CSIRT extension is currently not a WG draft.
          
          Comment: (Roman Danyliw): I have feedback from the ROILE CSIRT extension.
          
          Comment: (David Waltermire): I am interested to implement the ROILE
          draft and extension.  Exploring STIX is also of interest.
          A: (Nancy Cam-Winget): STIX would not be in scope according to our
          current charter.
          A: (David Waltermire): I consider the CSIRT extension is within the
          scope of MILE.
          A: (Nancy Cam-Windget): I'm ok with the scope, but my point is that I
          haven't seen enough interests on the mailing list.
          A: (David Waltermire): I believe it is reasonable. I would like to
          welcome any comments or feedbacks on the draft.
          A: (Nancy Cam-Winget): Is there interest in the draft?
          A: (Chris Inacio): I've read it. I just didn't post anything to the
          mailing list. I can post something to the list.
          A: (Nancy Cam-Winget): I'll reissue the interest to the mailing list.
          A: (Takeshi Takahashi): If we can change the charter of MILE a bit and
          suppport STIX for ROLIE, I am interested.
          Q: (Nancy Cam-Winget): This point is well taken, but STIX is currently
          not in our charter.
                                 Once we reach that point, we can discuss
                                 rechartering.
                                 Show of hands, is there interest on the CSIRT
                                 extension work?
          (Many hands are raised)
          
          Comment: (Nancy Cam-Winget): Ifll ask this question again on the mailing
          list.
          
          Comment: (Brett Jordan): I really like what was done with ROILE.  I would
          like a JSON binding for ROILE.
          
          A: (Chris Inacio): What does that mean?
          A: (David Waltermire): Creating a constrained version of the proposal.
          There appeared to be interest in this work at IETF 99.
          A: (Nancy Cam-Winget): There is interest.
          
          



Generated from PyHt script /wg/mile/minutes.pyht Latest update: 24 Oct 2012 16:51 GMT -