Meetings:
30th IETF, 31st IETF, 32nd IETF, 33rd IETF, 34th IETF, 35th IETF, 36th IETF, 38th IETF, 39th IETF,
40th IETF, 41st IETF, 43rd IETF, 44th IETF, 45th IETF and 46th IETF

40th IETF, Washington, DC - December 1997

Guidelines and Recommendations for Incident Processing (GRIP)

The GRIP working group met once during the 40th IETF meeting held in Washington D.C. The agenda for the meeting included the following topics:

• Review status of the current IRT draft document
• Discuss current ISP document
• Review status of future product developers document
• Suggestion for new document on standardized vulnerability reporting format

The IRT document is complete and just waiting for formal action by the IESG/IETF. The group decided that they would like to submit the document for consideration as a BCP, and this will be done immediat ely after the IETF meeting.

Most of the meeting was spent discussing the current -01 draft of the ISP document (draft-ietf-grip-isp-01.txt). They had been discussion on the mailing list concerning two recommendations included in the draft. These were: 1) ingress filtering an d 2) open mail relays.

There was consensus in the group to accept the current wording of the document with regards to both of these topics. The document editor will solicit comments from the ADs as well as other ISPs and if they can't support the recommendations, he wil l ask for specific examples of why the recommendations are flawed.

The editor will change the phrase "unsolicited commercial e-mail" to "unsolicited bulk email" to better describe the recommendation since it isn't only commercial organizations who send unsolicited email.

One other topic concerning the ISP document came up. A person in the community emailed Barbara about the relationship between this document and the SSE-CMM work going on in the community. Barbara will take the action item to review the SSE-CMM mat erial for relevance and forward to the list any specifics, which Tom can then incorporate into the draft document.

The group briefly discussed the technology producer document and two people volunteered to develop a draft from the current outline. This will be ready by the end of January.

There was a suggestion to develop a document that would describe a common formatting for vulnerability reports. Computer incident response teams (e.g., CERT/CC), product vendors, and other organizations create their own documents with unique forma tting. If these conformed to a set of basic guidelines, software could be written to parse the text to facilitate forwarding pertinent information to those who need it. This is currently a difficult task given the variety of formats. It was decided t o encourage the author to write the draft document and the group would decide how to handle it once it existed.

Dates:

• ISP draft -02 from Tom Killelea: week of December 15
• Informational RFC/BCP status for ISP document: by January 15
• Submit IRT document to IETF last call for BCP action: week of December 15
• Updated ISP draft -03: third week of January
• Final ISP draft: 2nd week February
• Submit ISP document to IETF last call for BCP action: March 1
• Informational RFC/BCP status: by March 31, 1998

Please send questions, comments, and/or suggestions regarding the GRIP working group to the open mailing list grip-wg@uu.net.

All issues regarding these web pages should be directed to klaus-peter@kossakowski.de.

These pages are hosted on http://www.kossakowski.de and are provided on an "AS IS" basis without any explicite or implicite responsibility, liability, etc. (For a more fully understanding please refer to the legal statements within the Impressum, which is only available in German.)