Hi security people On Thu, 28 Jul 2022 at 00:32, Jen Linkova <[email protected]> wrote:
> The chairs are looking for people who would review the document and > respond to the list stating their support (or concerns regarding) > advancing the draft. > I've re-read this latest revision from top to bottom. In general I see the document as a valuable contribution to the fight against attackers that we all face. Personally I would say it's almost complete. I have only noted a couple of points to improve, below. 1. The definition of "Kill chain" can be misread as being about the defenders' activities. It would benefit from a tweak to make it clear this is the attacker's chain. 2. Later on it says "Broad coverage of the PoP is important as it allows the defender to cycle between high precision but high fragility options and more robust but less precise indicators." The word "cycle" here gives the impression that sometimes defenders are at the top of the pyramid, and other times at the bottom. I don't know if this happens in real life but I don't think it's useful to point people towards a behaviour that contradicts the overall recommendation about covering a broad range of IoCs. We want people to be effective in their defence, and that means spotting IoCs at as many layers of the pyramid as you can. If the above can be considered, and addressed or rejected (depending on the WG's view) then I'll be happy for it to advance to the next stage. Chris
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
