Greetings, For those interested in the MILE side meeting, it will take place right after the plenary, 19:30, in room 301A.
Best regards, Brian Begin forwarded message: > From: <[email protected]> > Date: July 25, 2011 12:03:01 PM EDT > To: <[email protected]>, <[email protected]>, <[email protected]>, > <[email protected]> > Subject: RE: [mile] MILE side meeting, IETF81 in Quebec, Monday night July > 25th > > Hello, > > Tonight's side meeting for MILE will be held in Room 301A, starting right > after the plenary at 19:30 EST. We plan to use the following bridge number > for those who could not be here in person: > > Dial-in: 857.207.4204, 1, 60363236# > > Thank you, > Kathleen & Brian > > > ________________________________________ > Managed Incident Lightweight Exchange (mile) > -------------------------------------------- > > Proposed Working Group Charter > > Chairs: > Kathleen Moriarty <[email protected]> > Brian Trammell <[email protected]> > > Security Area Directors: > Stephen Farrell <[email protected]<mailto:[email protected]>> > Sean Turner <[email protected]<mailto:[email protected]>> > > Security Area Advisor: > Sean Turner <[email protected]> > > Mailing Lists: > General Discussion: [email protected] > To Subscribe: http://www.ietf.org/mailman/listinfo/mile > Archive: http://www.ietf.org/mail-archive/web/mile > > Description: > > The Managed Incident Lightweight Exchange (MILE) pre-working group will > develop standards and extensions for the purpose of improving incident > information sharing and handling capabilities based on the work developed in > the IETF Extended INCident Handling (INCH) working group. The Incident > Object Description Exchange Format (IODEF) in RFC5070 and Real-time > Inter-network Defense (RID) in RFC6045 were developed in the INCH working > group by international Computer Security Incident Response Teams (CSIRTs) and > industry to meet the needs of a global community interested in sharing, > handling, and exchanging incident information. The extensions and guidance > created by the MILE working group assists with the daily operations of CSIRTs > at an organization, service provider, law enforcement, and at the country > level. The application of IODEF and RID to interdomain incident information > cooperative exchange and sharing has recently expanded and the need for > extensions has become more im > portant. Efforts continue to deploy IODEF and RID, as well as to extend them > to support specific use cases covering reporting and mitigation of current > threats such as anti-phishing extensions. > > An incident could be a benign configuration issue, IT incident, an infraction > to a service level agreement (SLA), a system compromise, socially engineered > phishing attack, or a denial-of-service (DoS) attack, etc.. When an incident > is detected, the response may include simply filing a report, notification to > the source of the incident, a request to a third party for > resolution/mitigation, or a request to locate the source. IODEF defines a > data representation that provides a standard format for sharing information > commonly exchanged about computer security incidents. RID enables the secure > exchange of incident related information in an IODEF format providing options > for security, privacy, and policy setting. > > MILE leverages collaboration and sharing experiences with the work developed > in the INCH working group which includes the data model detailed in the > IODEF, existing extensions to the IODEF for Anti-phishing (RFC5901), and RID > (RFC6045, RFC6046) for the secure exchange of information. MILE will also > leverage the experience gained in using IODEF and RID in operational > contexts. Related work, drafted outside of INCH will also be reviewed and > includes RFC5941, Sharing Transaction Fraud Data. > > The MILE working group provides coordination for these various extension > efforts to improve the capabilities for exchanging incident information. > MILE has several objectives with the first being a description a subset of > IODEF focused on ease of deployment and applicability to current information > security data sharing use cases. MILE also describes a generalization of RID > for secure exchange of other security-relevant XML formats. MILE produces > additional guidance needed for the successful exchange of incident > information for new use cases according to policy, security, and privacy > requirements. Finally, MILE produces a document template with guidance for > defining IODEF extensions to be followed when producing extensions to IODEF > as appropriate, for: > > * labeling incident reports with data protection, data retention, and other > policies, regulations, and > laws restricting the handling of those reports > * reporting on mail service abuse incidents > * reporting forensic data generated during incident investigation > * reporting indicators of compromise in incident reports > * reporting on financial fraud incidents > * reporting incidents involving virtualized environments > * referencing SCAP enumerations from within incident reports > * profiling and reporting on characteristics of malware suspected or > confirmed to be involved in an incident > * profiling and reporting on characteristics of actors (persons or groups) > suspected or confirmed to be > involved in an incident > * reporting on misuse incidents > > _______________________________________________ > mile mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/mile _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
