From nobody Mon Feb 2 09:48:04 2015 Return-Path: X-Original-To: lime@ietfa.amsl.com Delivered-To: lime@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE2401A87AB for ; Mon, 2 Feb 2015 09:32:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.61 X-Spam-Level: X-Spam-Status: No, score=-0.61 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hvkQIk3A418O for ; Mon, 2 Feb 2015 09:32:27 -0800 (PST) Received: from resqmta-po-12v.sys.comcast.net (resqmta-po-12v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:171]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1252C1A87AA for ; Mon, 2 Feb 2015 09:32:26 -0800 (PST) Received: from resomta-po-13v.sys.comcast.net ([96.114.154.237]) by resqmta-po-12v.sys.comcast.net with comcast id nVXH1p00457bBgG01VYSrZ; Mon, 02 Feb 2015 17:32:26 +0000 Received: from [192.168.0.5] ([72.187.162.59]) by resomta-po-13v.sys.comcast.net with comcast id nVYC1p0081HC2N001VYFDA; Mon, 02 Feb 2015 17:32:24 +0000 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: David Harrington In-Reply-To: <54BB6D67.6010509@gmx.net> Date: Mon, 2 Feb 2015 12:32:11 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <23D534A9-90E7-45C0-AE78-419617965D15@comcast.net> References: <54BB6D67.6010509@gmx.net> To: "B.-C. Boesch" X-Mailer: Apple Mail (2.1878.6) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1422898346; bh=8pUoZYFPNPe6N1SEtoWGzQJHwLbKjoLAD/Vstz68ZAc=; h=Received:Received:Content-Type:Mime-Version:Subject:From:Date: Message-Id:To; b=kjsDvrFJO15m120KruowxU5N/VNc5j6x9UsDTn4BJVHzNoHDWR0+9lMh2sICqJ8oE KDeeMg6oCXTsYFofex5E664J0xBKwRSaCj0UmLhCUepWTZY9r88iMZQH5cRmCq2vZh l77+IsIbo1PfTDhovEvlApVghNlQ5ZQwhiZM2sP42Gm0wMAx7j7vzKJuRwGLybZ9Sm 0NZMSOeVZr8LGkiPvQ6Ra2lX9e8KZt8X//GTDTwj7NfWJm5PSMlw1i+qIX+mImc8bz A2r36ncuDgcsl39YYdSwxvZhZ/tUqwKwe/nip1dKwY9b46zLkd7D4A1LXQx9sTRsjQ KzD0YEA5m+eww== Archived-At: X-Mailman-Approved-At: Mon, 02 Feb 2015 09:47:56 -0800 Cc: OPSAWG@ietf.org, Lime@ietf.org Subject: Re: [Lime] [OPSAWG] Internet Draft: Standardized Parameterization of Intrusion Detection Entities X-BeenThere: lime@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Layer Independent OAM Management in Multi-Layer Environment \(LIME\) discussion list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2015 17:32:29 -0000 I think similar work is being addressed in the sacm wg. David Harrington ietfdbh@comcast.net On Jan 18, 2015, at 3:23 AM, B.-C. Boesch wrote: > Dear Community, >=20 > Efficiency of Intrusion Detection Systems (IDS) depends on their = configuration and coverage of services. The coverage depends on used IDS = with currently vendor-specific configurations. In case of usage of = multiple systems the operations could become complex. Individual = Communication between management interface and the IDS entities results = that current multi-vendor IDS architectures do not interact with each = other. They are independent coexistent. >=20 > The Internet Draft defines data formats and exchange procedures to = standardize parametrization information exchange into intrusion = detection and response systems from a Manager to an Analyzer. >=20 > The created Intrusion Detection Parametrization Exchange Format = (IDPEF) is intended to be a standard data format to parametrize IDS. The = development of this open standardized format and the Intrusion Detection = Message Exchange Format (IDMEF) will be enable in combination = interoperability among commercial, open source, and research systems, = allowing users to mix-and-match the deployment of these systems = according to their strong and weak points to obtain an optimal IDS = implementation. >=20 > The most obvious place to implement IDPEF is in the data channel = between a Manager and an Analyzer of an IDS within this data channel = where the Manager sends the configuration parameters to the Analyzers. = But there are other places where the IDPEF can be useful: >=20 > - Combination of specialized IDS like application-IDS with server-IDS, = WLAN-IDS and network-IDS to one functional interacting meta-IDS. >=20 > - Management of different IDS vendors with one central management = interface. >=20 > - Interaction of different IDS by using IDPEF and IDMEF. >=20 > - Parametrization backups and restore of parametrized IDS entities. >=20 > - For a communication between a Manager and a Manager in a multi-stage = management architecture. >=20 > I am happy to invite you to give me feedback, suggestions, notations, = hints, recommendations, etc. to improve the Internet Draft. The initial = version of the Internet Draft could be found at: >=20 > http://www.ietf.org/id/draft-boesch-idxp-idpef-00.txt >=20 > Kind regards, >=20 > B.-C. Boesch >=20 > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg From nobody Mon Feb 2 11:59:21 2015 Return-Path: X-Original-To: lime@ietfa.amsl.com Delivered-To: lime@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 009A11A1A42; Mon, 2 Feb 2015 11:13:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.91 X-Spam-Level: X-Spam-Status: No, score=-0.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VfQtoxJrRgGL; Mon, 2 Feb 2015 11:13:49 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC6DC1A1A46; Mon, 2 Feb 2015 11:13:38 -0800 (PST) Received: from [192.168.2.105] ([79.246.19.23]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MOw4N-1YKqsp1qkh-006KeN; Mon, 02 Feb 2015 20:13:36 +0100 Message-ID: <54CFCC5F.6080709@gmx.net> Date: Mon, 02 Feb 2015 20:13:35 +0100 From: "B.-C. Boesch" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: David Harrington References: <54BB6D67.6010509@gmx.net> <23D534A9-90E7-45C0-AE78-419617965D15@comcast.net> In-Reply-To: <23D534A9-90E7-45C0-AE78-419617965D15@comcast.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:D8XI1M81zqUQs/mD82mPNbovlVl+YhAB2M0BxmN6l+yef3I72Gm RBmqa8MIcSSPBmRuo7euT1KgU7SC6+22Hjsqb0m6UnLMWHWBoauPK3DMWFpN6c30gf3rJD9 wxDyLGVHK3wydOcPCfyFxUTkuudUJjmthFo7XtAwkYOgtjMustNP/mZQRiujTXbB4Ky9Six bzZn7HNj623gks1pjxXkw== X-UI-Out-Filterresults: notjunk:1; Archived-At: X-Mailman-Approved-At: Mon, 02 Feb 2015 11:59:19 -0800 Cc: ietf@ietf.org, OPSAWG@ietf.org, Lime@ietf.org, sacm@ietf.org, saag@ietf.org Subject: Re: [Lime] [OPSAWG] Internet Draft: Standardized Parameterization of Intrusion Detection Entities X-BeenThere: lime@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Layer Independent OAM Management in Multi-Layer Environment \(LIME\) discussion list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2015 19:13:51 -0000 Dear David, thanks for your hint to the SACM WG. I have also posted it within the SACM community for any comments, feedback, suggestions, notations, hints, recommendations, etc. but havenīt received any response or feedback to the Internet Draft so far. I hope this will change and a lively discussion is going to come up. Kind regards B.-C. Boesch Am 02.02.2015 um 18:32 schrieb David Harrington: > I think similar work is being addressed in the sacm wg. > > David Harrington > ietfdbh@comcast.net > > > > On Jan 18, 2015, at 3:23 AM, B.-C. Boesch wrote: > >> Dear Community, >> >> Efficiency of Intrusion Detection Systems (IDS) depends on their configuration and coverage of services. The coverage depends on used IDS with currently vendor-specific configurations. In case of usage of multiple systems the operations could become complex. Individual Communication between management interface and the IDS entities results that current multi-vendor IDS architectures do not interact with each other. They are independent coexistent. >> >> The Internet Draft defines data formats and exchange procedures to standardize parametrization information exchange into intrusion detection and response systems from a Manager to an Analyzer. >> >> The created Intrusion Detection Parametrization Exchange Format (IDPEF) is intended to be a standard data format to parametrize IDS. The development of this open standardized format and the Intrusion Detection Message Exchange Format (IDMEF) will be enable in combination interoperability among commercial, open source, and research systems, allowing users to mix-and-match the deployment of these systems according to their strong and weak points to obtain an optimal IDS implementation. >> >> The most obvious place to implement IDPEF is in the data channel between a Manager and an Analyzer of an IDS within this data channel where the Manager sends the configuration parameters to the Analyzers. But there are other places where the IDPEF can be useful: >> >> - Combination of specialized IDS like application-IDS with server-IDS, WLAN-IDS and network-IDS to one functional interacting meta-IDS. >> >> - Management of different IDS vendors with one central management interface. >> >> - Interaction of different IDS by using IDPEF and IDMEF. >> >> - Parametrization backups and restore of parametrized IDS entities. >> >> - For a communication between a Manager and a Manager in a multi-stage management architecture. >> >> I am happy to invite you to give me feedback, suggestions, notations, hints, recommendations, etc. to improve the Internet Draft. The initial version of the Internet Draft could be found at: >> >> http://www.ietf.org/id/draft-boesch-idxp-idpef-00.txt >> >> Kind regards, >> >> B.-C. Boesch >> >> _______________________________________________ >> OPSAWG mailing list >> OPSAWG@ietf.org >> https://www.ietf.org/mailman/listinfo/opsawg From nobody Mon Feb 9 04:51:49 2015 Return-Path: X-Original-To: lime@ietfa.amsl.com Delivered-To: lime@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB3EB1A036B; Mon, 9 Feb 2015 04:51:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.902 X-Spam-Level: X-Spam-Status: No, score=-101.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKIJm0gN-ZdM; Mon, 9 Feb 2015 04:51:46 -0800 (PST) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0784.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::784]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E29BD1A037F; Mon, 9 Feb 2015 04:51:45 -0800 (PST) Received: from CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) by CO1PR05MB444.namprd05.prod.outlook.com (10.141.73.140) with Microsoft SMTP Server (TLS) id 15.1.81.19; Mon, 9 Feb 2015 12:51:22 +0000 Received: from CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.56]) by CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.56]) with mapi id 15.01.0075.002; Mon, 9 Feb 2015 12:51:22 +0000 From: Ronald Bonica To: "lime@ietf.org" , "lime-oam-model@ietf.org" Thread-Topic: IETF 92 Thread-Index: AdBEZvrzDmCaIE4gQ1unRCKAiiZCuA== Date: Mon, 9 Feb 2015 12:51:21 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [66.129.241.11] authentication-results: ietf.org; dkim=none (message not signed) header.d=none; x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:CO1PR05MB444; x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:CO1PR05MB444; x-forefront-prvs: 04825EA361 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(92566002)(66066001)(87936001)(102836002)(74316001)(2656002)(2501002)(33656002)(86362001)(76576001)(122556002)(450100001)(40100003)(46102003)(62966003)(229853001)(77156002)(99286002)(50986999)(54356999)(107886001); DIR:OUT; SFP:1102; SCL:1; SRVR:CO1PR05MB444; H:CO1PR05MB442.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2015 12:51:21.6135 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR05MB444 Archived-At: Subject: [Lime] IETF 92 X-BeenThere: lime@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Layer Independent OAM Management in Multi-Layer Environment \(LIME\) discussion list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2015 12:51:48 -0000 Folks, We have schedule a thirty minutes session at IETF 92 for the LIME WG. At t= hat session, the LIME OAM Model design team will discuss their progress to = date. Since there has been almost no activity on the LIME WG mailing list, discus= sion will be limited to the work of the design team. Carlos and Ro= n From nobody Sun Feb 15 06:27:05 2015 Return-Path: X-Original-To: lime@ietfa.amsl.com Delivered-To: lime@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FE881A1E0E; Sun, 15 Feb 2015 06:27:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -96.355 X-Spam-Level: X-Spam-Status: No, score=-96.355 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DOS_OUTLOOK_TO_MX=2.845, USER_IN_WHITELIST=-100] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id izL-uEJElsTX; Sun, 15 Feb 2015 06:27:01 -0800 (PST) Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) by ietfa.amsl.com (Postfix) with ESMTP id CB0B41A1EB7; Sun, 15 Feb 2015 06:27:00 -0800 (PST) X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=74.43.47.92; From: "Susan Hares" To: "'Ronald Bonica'" , , References: In-Reply-To: Date: Sun, 15 Feb 2015 09:26:57 -0500 Message-ID: <012301d0492b$74818110$5d848330$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQF7qGGHoIzyWSHyOsfPcukNbdpqkp2bAxUA Content-Language: en-us X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [Lime] IETF 92 X-BeenThere: lime@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Layer Independent OAM Management in Multi-Layer Environment \(LIME\) discussion list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Feb 2015 14:27:03 -0000 Ron: A trill draft is dependent on the Generic OAM draft. Can you have your design team prepare a short status for the TRILL WG meeting? Can you send me pointers to the Design team's drafts? Sue Hares -----Original Message----- From: Lime [mailto:lime-bounces@ietf.org] On Behalf Of Ronald Bonica Sent: Monday, February 09, 2015 7:51 AM To: lime@ietf.org; lime-oam-model@ietf.org Subject: [Lime] IETF 92 Folks, We have schedule a thirty minutes session at IETF 92 for the LIME WG. At that session, the LIME OAM Model design team will discuss their progress to date. Since there has been almost no activity on the LIME WG mailing list, discussion will be limited to the work of the design team. Carlos and Ron _______________________________________________ Lime mailing list Lime@ietf.org https://www.ietf.org/mailman/listinfo/lime