Dear All, I am not in favour of adopting the draft at this stage because of the following concerns:
1. In my opinion, the draft falls under the category of *Taxonomy and Problem Statement Documents, *as it is mostly filled with definitions and theory. 2. It does not provide for any protocols, tools and technologies that are used to address the threat except for *hashes of emails/IPs/Domain Names*, which are already well established and do not add any additional value to the draft document. 3. The examples of Cobalt Strike and APT33 bring out no concrete ways in which the IOCs could be extracted. It is the same old technique of *hashes of emails/IPs/Domain Names.* In my opinion, there is a definite requirement of working and brainstorming on the issue before the final call for adoption. We can look at picking up specific protocols such as HTTP/1/2/3, OAuth 2.0 and then work on the IOCs that can be extracted from these specific protocols. Regards Jaimandeep Singh On Thu, Jul 28, 2022 at 5:02 AM Jen Linkova <[email protected]> wrote: > This email starts a WG Last Call for > draft-ietf-opsec-indicators-of-compromise > https://datatracker.ietf.org/doc/draft-ietf-opsec-indicators-of-compromise/ > > The WGLC finishes on Sunday, Aug 14th, 25:59 UTC. > > The chairs are looking for people who would review the document and > respond to the list stating their support (or concerns regarding) > advancing the draft. > > Thank you! > -- > SY, Jen Linkova aka Furry > > _______________________________________________ > OPSEC mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsec >
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
