draft-ietf-mile-enum-reference-format-13.txt   draft-ietf-mile-enum-reference-format-14.txt 
INTERNET-DRAFT Adam W. Montville INTERNET-DRAFT Adam W. Montville
Intended Status: Standards Track (CIS) Intended Status: Standards Track (CIS)
Expires: July 18, 2015 David Black Expires: August 3, 2015 David Black
(EMC) (EMC)
January 14, 2015 January 30, 2015
IODEF Enumeration Reference Format IODEF Enumeration Reference Format
draft-ietf-mile-enum-reference-format-13 draft-ietf-mile-enum-reference-format-14
Abstract Abstract
The Incident Object Description Exchange Format (IODEF) is an XML The Incident Object Description Exchange Format (IODEF) is an XML
data representation framework for sharing information about computer data representation framework for sharing information about computer
security incidents. In IODEF, the Reference class provides security incidents. In IODEF, the Reference class provides
references to externally specified information such as a references to externally specified information such as a
vulnerability, Intrusion Detection System (IDS) alert, malware vulnerability, Intrusion Detection System (IDS) alert, malware
sample, advisory, or attack technique. In practice, these references sample, advisory, or attack technique. In practice, these references
are based on external enumeration specifications that define both the are based on external enumeration specifications that define both the
skipping to change at page 2, line 35 skipping to change at page 2, line 35
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Referencing External Enumerations . . . . . . . . . . . . . . 3 2. Referencing External Enumerations . . . . . . . . . . . . . . 3
3 Security Considerations . . . . . . . . . . . . . . . . . . . . 6 3 Security Considerations . . . . . . . . . . . . . . . . . . . . 6
4 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 4 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
5 The ReferenceName Schema . . . . . . . . . . . . . . . . . . . . 9 5 The ReferenceName Schema . . . . . . . . . . . . . . . . . . . . 8
6 References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 6 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 9
6.1 Normative References . . . . . . . . . . . . . . . . . . . 9 7 References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.2 Informative References . . . . . . . . . . . . . . . . . . 10 7.1 Normative References . . . . . . . . . . . . . . . . . . . 9
7.2 Informative References . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
1 Introduction 1 Introduction
There is an identified need to specify a format to include relevant There is an identified need to specify a format to include relevant
enumeration values from other data representation formats in an IODEF enumeration values from other data representation formats in an IODEF
document. It is anticipated that this requirement will exist in other document. It is anticipated that this requirement will exist in other
standardization efforts within several IETF Working Groups, but the standardization efforts within several IETF Working Groups, but the
scope of this document pertains solely to IODEF. This format is used scope of this document pertains solely to IODEF. This format is used
in IODEF v2 [I-D.draft-ietf-mile-rfc5070-bis] which replaces the in IODEF v2 [I-D.draft-ietf-mile-rfc5070-bis] which replaces the
skipping to change at page 6, line 20 skipping to change at page 6, line 20
similar distribution of misinformation. similar distribution of misinformation.
Use of enumeration reference IDs from trusted sources are Use of enumeration reference IDs from trusted sources are
preferred to mitigate the risk of receiving and/or providing preferred to mitigate the risk of receiving and/or providing
misinformation. Trust decisions with respect to enumeration misinformation. Trust decisions with respect to enumeration
reference providers are beyond the scope of this document. reference providers are beyond the scope of this document.
However, receiving an IODEF [IODEF] document containing an unknown However, receiving an IODEF [IODEF] document containing an unknown
ReferenceName (i.e. the SpecIndex does not exist in the IANA ReferenceName (i.e. the SpecIndex does not exist in the IANA
table) may indicate a misled or malicious source. table) may indicate a misled or malicious source.
In some cases it might be possible for a third-party to host
content associated with an enumeration reference ID. In such a
circumstance, trust extends from the origin of the enumeration
reference ID to the third-party, effectively making the third-
party a trusted third-party in the context of providing a
particular set of enumeration reference IDs.
This document is establishing a container for publicly available This document is establishing a container for publicly available
enumeration values to be included in an IODEF [IODEF] document, enumeration values to be included in an IODEF [IODEF] document,
and it is important to note the distinction between the and it is important to note the distinction between the
enumeration value's format and the information conveyed by the enumeration value's format and the information conveyed by the
value itself. While the enumeration value may hold information value itself. While the enumeration value may hold information
deemed to be private by relying parties, the enumeration format is deemed to be private by relying parties, the enumeration format is
likely not subject to privacy concerns. likely not subject to privacy concerns.
However, if the Reference class includes an enumeration value in However, if the Reference class includes an enumeration value in
combination with other data in an IODEF [IODEF] document, the combination with other data in an IODEF [IODEF] document, the
skipping to change at page 9, line 34 skipping to change at page 9, line 27
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>
<xs:element name="ID" type="xs:NCName"/> <xs:element name="ID" type="xs:NCName"/>
</xs:sequence> </xs:sequence>
<xs:attribute name="specIndex" <xs:attribute name="specIndex"
type="xs:integer" use="required"/> type="xs:integer" use="required"/>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
</xs:schema> </xs:schema>
6 References 6 Acknowledgements
6.1 Normative References The authors would like to thank Eric Burger for the recommendation
to rely on XML, Roman D. Danyliw for his schema contribution and
insight, and Tim Bray, Panos Kampanakis, Barry Leiba, Ted Lemon,
Alexey Melnikov, Kathleen Moriarty, Takeshi Takahashi, Henry S.
Thompson, and David Waltermire for their contributions and
reviews.
7 References
7.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[IODEF] Danyliw, R., Meijer, J., and Y. Demchenko, "The Incident [IODEF] Danyliw, R., Meijer, J., and Y. Demchenko, "The Incident
Object Description Exchange Format", RFC 5070, December Object Description Exchange Format", RFC 5070, December
2007. 2007.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
skipping to change at page 10, line 12 skipping to change at page 10, line 14
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005. RFC 3986, January 2005.
[RFC5234] Crocker, D., Ed., and P. Overell, "Augmented BNF for [RFC5234] Crocker, D., Ed., and P. Overell, "Augmented BNF for
Syntax Specifications: ABNF", STD 68, RFC 5234, January Syntax Specifications: ABNF", STD 68, RFC 5234, January
2008. 2008.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004. January 2004.
6.2 Informative References 7.2 Informative References
[RFC0020] Cerf, V., "ASCII format for network interchange", RFC 20, [RFC0020] Cerf, V., "ASCII format for network interchange", RFC 20,
October 1969. October 1969.
[I-D.draft-ietf-mile-rfc5070-bis] Danyliw, R., and Stoecker, P., "The [I-D.draft-ietf-mile-rfc5070-bis] Danyliw, R., and Stoecker, P., "The
Incident Object Description Exchange Format v2", draft- Incident Object Description Exchange Format v2", draft-
ietf-mile-rfc5070-bis-10 (work in progress), November ietf-mile-rfc5070-bis-10 (work in progress), November
2014. 2014.
[CCE] http://cce.mitre.org [CCE] http://cce.mitre.org
 End of changes. 8 change blocks. 
17 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/