Editor's note: These minutes have not been edited. GRIP Working Group Minutes June, 1996 IETF Montreal, Canada Prepared by: Tom Markham The GRIP working group met once during the Montreal IETF. The group began by reviewing the Stoughton comments. The discussion notes for each comment are given below. o Distinguish between SIRTs and government organizations such as compute crime units. - The purpose of the document will be clarified so that it is clear this document in not intended for law enforcement organizations such as the computer crime unit. o Include a completed template as an example. - There was concern expressed that if we write an example template it must not become outdated quickly. Anne Bennett will approach her management and determine if they will support her developing the example template. o Other changes suggested: - Replace the wording in the introduction: The group decided to keep the original wording instead of using the suggested replacement text. - The definition of constituency was questioned: The group decided to keep the existing wording but add "users" within the text in addition to terms such as clients and site. - The definition of a security incident was questioned: The definition was expanded to include threats (unsuccessful attacks) as well as actual compromises. - Consider adding additional text concerning law enforcement agencies: The group considered the proposed text but decided that it should not be added. The group next discussed the comments from Peter Kossakowski. o Public policy or operation: This text was modified to use "services provided by" instead of "operation." o Selection of SIRT: This was replaced with "interacting with" because an organization may not have a choice which SIRT it works with. Text was added to point out that this information should be useful in making a selection. o The names of the topics and their order within the body need to be made consistent with their names and order within the template. o The use of the term "integrity" was questioned. The text will be modified to make it clearer and to eliminate the controversy. o It was noted that a number of editorial changes will be handled directly by the document editor. o It was noted that a central repository for templates may not be practical. A pointer to the appendix will be added. It was noted that we need to ping Jeff Schiller for the text he promised. This text concerns a method of securely publicizing which other response teams you (the described response team) are working with and trust. General comments which were made during the meeting o The template may include more information than a site is willing to give away. Eric Guttman will rewrite portions of text to make a distinction between what the team "may" do and what they "should" do. o The term "PGP" will be replaced with a more generic reference to secure e-mail. Other references to PGP within the text will be modified. o It was noted that the document needs to distinguish between how to securely communicate with the SIRT and which response team you trust. o Generalize "PGP Public Key" with a term which is appropriate for other public key mechanisms. o Make it clear that listing the names of team members is an option. It may not be wise to give out information about team members because it could bring them unwanted attention. o The disclosure of information on the template was discussed. The template should be expanded to make it clear what will be exposed to whom. For example, what information will be given to the victim and what information will be given to others. Change the term "sites" to "parties." o The internal reference to the document title will be removed. o paragraph 4.2.2 was deemed an operational detail and will be removed from the document. NEXT STEPS Anne Bennett will determine if she can create the updated template. Ann will provide the chair, Barb Fraser, with an answer within 2 weeks. Members of the mailing list should review the documents from the point of view of the constituency. Comments should be submitted to the list no later than October 1. The group discussed creating other documents (a guide for ISPs) but the tasks was deferred because the group may not have the time or energy to complete them.