All Draft-dulaunoy-dnsop-passive-dns-cof was originally submitted back in 2014, and has had 10 revisions since then.
https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/ Note that the format is now fixed, and there are several implementations. We had asked DNSOP (in the poll we held)to help us assess the level of interest in it, and the responses largely put it moderately high ("Adopt, but not now"). It would be helpful to find out if this is still the case, as things have progressed since then: the format is now widely used, and so the format itself is basically fixed. As an example, the format is being used within the US government agencies for event logging and incident response[0]. One of two things could happen: 1: DNSOP decides that they are really interested, adopts and improves the justification / operational / supporting text, and the draft gets published as an IETF RFC; or 2: DNSOP says "No thanks, but we don't actively object". In which case the ISE (and Warren!) has a much easier time explaining why it's being published as an RFC on the Independent stream. . We will also ask for a DNS Directorate review. Feedback Welcome tim [0]: Because the draft had expired, and the USG cannot (realistically) point at expired IDs, they had to copy and paste it into an internal document: https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf Page 15 is the table where they defined the Passive DNS Log fields.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
