|
1.
|
Clear description of the referenced document:
|
|
|
|
|
2.
|
Status of approval:
|
|
|
Approved by IETF as an RFC on November 2016.
|
|
3.
|
Justification for the specific reference:
|
|
|
The document is considered stable and provides a complete data model of IODEF version 2. This draft revised Recommendation X.1541 defines a data model for incident information by referencing the data model defined in RFC 7970. It is not appropriate to include the full text of the IETF RFC 7970 here. Thus, this draft revised Recommendation X.1541 references related sections of the RFC in order to specify the data model.
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
The IETF takes no position regarding the validity or scope of IPRs, but any IPR issues are recommended to be filed. See https://datatracker.ietf.org/ipr/ for the information. No IPR issue is filed pertaining to the RFC 7970.
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
The document is the revision of IODEF version 1, which has been thoroughly reviewed, and which has been adopted by several tools for years. The revision itself has been reviewed for several years before it becomes an RFC, thus the editor of revised X.1541 believes the quality is good enough.
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
The status of all the referred specifications is "approved specification".
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
References within the referenced specifications are listed under item 8, below.
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
[E.164] ITU Telecommunication Standardization Sector, "The International Public Telecommunication Numbering Plan", ITU-T Recommendation E.164, November 2010./
/
[IANA.Media] IANA, "Media Types", http://www.iana.org/assignments/media-types/./
/
[IANA.Ports] IANA, "Service Name and Transport Protocol Port Number Registry", http://www.iana.org/assignments/service-names-port-numbers/./
/
[IANA.Protocols] IANA, "Assigned Internet Protocol Numbers",/
http://www.iana.org/assignments/protocol-numbers/./
/
[IEEE.POSIX] IEEE, "Information Technology - Portable Operating System Interface (POSIX) Base Specifications, Issue 7", IEEE Std 1003.1-2001, DOI 10.1109/IEEESTD.2009.5393893, September 2009./
/
[ISO19770] International Organization for Standardization, "Information technology -- Software asset management -- Part 2: Software identification tag", ISO Standard 19770-2:2015, October 2015./
/
[ISO4217] International Organization for Standardization, "Codes for the representation of currencies", ISO 4217:2015, 2015./
/
[NIST.CPE] Cheikes, B., Waltermire, D., and K. Scarfone, "Common Platform Enumeration: Naming Specification Version 2.3", NIST Interagency Report 7695, August 2011,/
http://csrc.nist.gov/publications/nistir/ir7695/ NISTIR-7695-CPE-Naming.pdf./
/
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, http://www.rfc-editor.org/info/rfc2119./
/
[RFC2781] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO 10646", RFC 2781, DOI 10.17487/RFC2781, February 2000, http://www.rfc-editor.org/info/rfc2781./
/
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 2003, http://www.rfc-editor.org/info/rfc3629./
/
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, http://www.rfc-editor.org/info/rfc3688./
/
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005,/
http://www.rfc-editor.org/info/rfc3986./
/
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006, http://www.rfc-editor.org/info/rfc4291./
/
[RFC4519] Sciberras, A., Ed., "Lightweight Directory Access Protocol (LDAP): Schema for User Applications", RFC 4519, DOI 10.17487/RFC4519, June 2006,/
http://www.rfc-editor.org/info/rfc4519./
/
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, October 2008, http://www.rfc-editor.org/info/rfc5322./
/
[RFC5646] Phillips, A., Ed. and M. Davis, Ed., "Tags for Identifying Languages", BCP 47, RFC 5646, DOI 10.17487/RFC5646, September 2009, http://www.rfc-editor.org/info/rfc5646./
/
[RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 Address Text Representation", RFC 5952, DOI 10.17487/RFC5952, August 2010,/
http://www.rfc-editor.org/info/rfc5952./
/
[RFC6531] Yao, J. and W. Mao, "SMTP Extension for Internationalized Email", RFC 6531, DOI 10.17487/RFC6531, February 2012, http://www.rfc-editor.org/info/rfc6531./
/
[RFC7203] Takahashi, T., Landfield, K., and Y. Kadobayashi, "An Incident Object Description Exchange Format (IODEF) Extension for Structured Cybersecurity Information",/
RFC 7203, DOI 10.17487/RFC7203, April 2014, http://www.rfc-editor.org/info/rfc7203./
/
[RFC7495] Montville, A. and D. Black, "Enumeration Reference Format for the Incident Object Description Exchange Format (IODEF)", RFC 7495, DOI 10.17487/RFC7495, March 2015, http://www.rfc-editor.org/info/rfc7495./
/
[W3C.SCHEMA] Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, "XML Schema Part 1: Structures Second Edition", W3C Recommendation REC-xmlschema-1-20041028, October 2004, http://www.w3.org/TR/xmlschema-1/./
/
[W3C.SCHEMA.DTYPES] Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes Second Edition", W3C Recommendation REC-xmlschema-2-20041028, October 2004,/
http://www.w3.org/TR/xmlschema-2/./
/
[W3C.XML] Bray, T., Paoli, J., Sperberg-McQueen, M., Maler, E., and F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth Edition)", W3C Recommendation REC-xml-20081126, November 2008, http://www.w3.org/TR/2008/REC-xml-20081126/./
/
[W3C.XMLNS] Bray, T., Hollander, D., Layman, A., Tobin, R., and H. Thompson, "Namespaces in XML 1.0 (Third Edition)", W3C Recommendation REC-xml-names-20091208, December 2009, http://www.w3.org/TR/2009/REC-xml-names-20091208/./
/
[W3C.XMLSIG] Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. Roessler, "XML Signature Syntax and Processing (Second Edition)", W3C Recommendation REC-xmldsig-core-20080610, June 2008, http://www.w3.org/TR/xmldsig-core/./
/
[W3C.XPATH] Robie, J., Dyck, M., and J. Spiegel, "XML Path Language (XPath) 3.1", W3C Candidate Recommendation CR-xpath-31-20151217, December 2015,/
https://www.w3.org/TR/xpath-3/./
/
11.2. Informative References/
/
[KB310516] Microsoft Corporation, "How to add, modify, or delete registry subkeys and values by using a .reg file", September 2013, https://support.microsoft.com/en-us/kb/310516./
/
[NIST800.61rev2] National Institute of Standards and Technology, "Computer Security Incident Handling Guide", NIST Special Publication 800-61, Revision 2, August 2012,/
http://dx.doi.org/10.6028/NIST.SP.800-61r2./
/
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, DOI 10.17487/RFC2818, May 2000,/
http://www.rfc-editor.org/info/rfc2818./
/
[RFC3982] Newton, A. and M. Sanz, "IRIS: A Domain Registry (dreg) Type for the Internet Registry Information Service (IRIS)", RFC 3982, DOI 10.17487/RFC3982, January 2005,/
http://www.rfc-editor.org/info/rfc3982./
/
[RFC4180] Shafranovich, Y., "Common Format and MIME Type for Comma-Separated Values (CSV) Files", RFC 4180, DOI 10.17487/RFC4180, October 2005,/
http://www.rfc-editor.org/info/rfc4180./
/
[RFC5070] Danyliw, R., Meijer, J., and Y. Demchenko, "The Incident Object Description Exchange Format", RFC 5070, DOI 10.17487/RFC5070, December 2007,/
http://www.rfc-editor.org/info/rfc5070./
/
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008,/
http://www.rfc-editor.org/info/rfc5226./
/
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/RFC5246, August 2008, http://www.rfc-editor.org/info/rfc5246./
/
[RFC5901] Cain, P. and D. Jevans, "Extensions to the IODEF-Document Class for Reporting Phishing", RFC 5901, DOI 10.17487/RFC5901, July 2010,/
http://www.rfc-editor.org/info/rfc5901./
/
[RFC6545] Moriarty, K., "Real-time Inter-network Defense (RID)", RFC 6545, DOI 10.17487/RFC6545, April 2012, http://www.rfc-editor.org/info/rfc6545./
/
[RFC6546] Trammell, B., "Transport of Real-time Inter-network Defense (RID) Messages over HTTP/TLS", RFC 6546, DOI 10.17487/RFC6546, April 2012,/
http://www.rfc-editor.org/info/rfc6546./
/
[RFC6685] Trammell, B., "Expert Review for Incident Object Description Exchange Format (IODEF) Extensions in IANA XML Registry", RFC 6685, DOI 10.17487/RFC6685, July 2012, http://www.rfc-editor.org/info/rfc6685./
/
[W3C.XMLENC] Eastlake, D., Reagle, J., Solo, D., Hirsch, F., Nystrom, M., Roessler, T., and K. Yiu, "XML Encryption Syntax and Processing Version 1.1", W3C Recommendation REC-xmldsig-core1-20130411, April 2013, https://www.w3.org/TR/xmlenc-core1/./
|
|
9.
|
Qualification of
ISOC/IETF:
|
|
|
9.1-9.6 Decisions of ITU Council to admit ISOC to participate in the work of the Sector (June 1995 and June 1996).
9.7 The Internet Engineering Steering Group (IESG) is responsible for ongoing maintenance of the RFCs when the need arises. Comments on RFCs and corresponding changes are accommodated through the existing standardization process.
9.8 Each revision of a given RFC has a different RFC number, so no confusion is possible. All RFCs always remain available on-line. An index of RFCs and their status may be found in the IETF archives at http://www.rfc-editor.org/rfc.html.
|
|
10.
|
Other (for any supplementary information):
|
|
|
All IETF RFCs are available online: https://datatracker.ietf.org/
|
|
