Editor's note:  These minutes have not been edited.


GRIP Working Group Minutes
June, 1996 IETF
Montreal, Canada

Prepared by: Tom Markham

The GRIP working group met once during the Montreal IETF. 

The group began by reviewing the Stoughton comments. The discussion 
notes for each comment are given below.

o Distinguish between SIRTs and government organizations such as 
compute crime units.
- The purpose of the document will be clarified so that it is clear this 
document in not intended for law enforcement organizations such as the 
computer crime unit.

o Include a completed template as an example. 
- There was concern expressed that if we write an example template it 
must not become outdated quickly. Anne Bennett will approach her 
management and determine if they will support her developing the 
example template.
o Other changes suggested:
- Replace the wording in the introduction: The group decided to keep 
the original wording instead of using the suggested replacement text. 
- The definition of constituency was questioned: The group decided to 
keep the existing wording but add "users" within the text in addition to 
terms such as clients and site. 
- The definition of a security incident was questioned: The definition 
was expanded to include threats (unsuccessful attacks) as well as actual 
compromises.
- Consider adding additional text concerning law enforcement agencies: 
The group considered the proposed text but decided that it should not be 
added.

The group next discussed the comments from Peter Kossakowski. 

o Public policy or operation: This text was modified to use "services 
provided by" instead of "operation."

o Selection of SIRT: This was replaced with "interacting with" because 
an organization may not have a choice which SIRT it works with. Text 
was added to point out that this information should be useful in making 
a selection.

o The names of the topics and their order within the body need to be 
made consistent with their names and order within the template. 

o The use of the term "integrity" was questioned. The text will be 
modified to make it clearer and to eliminate the controversy. 

o It was noted that a number of editorial changes will be handled 
directly by the document editor.

o It was noted that a central repository for templates may not be 
practical. A pointer to the appendix will be added. 


It was noted that we need to ping Jeff Schiller for the text he promised. 
This text concerns a method of securely publicizing which other 
response teams you (the described response team) are working with and 
trust. 

General comments which were made during the meeting 

o The template may include more information than a site is willing to 
give away. Eric Guttman will rewrite portions of text to make a 
distinction between what the team "may" do and what they "should" 
do. 

o The term "PGP" will be replaced with a more generic reference to 
secure e-mail. Other references to PGP within the text will be 
modified.

o It was noted that the document needs to distinguish between how to 
securely communicate with the SIRT and which response team you 
trust. 

o Generalize "PGP Public Key" with a term which is appropriate for 
other public key mechanisms.

o Make it clear that listing the names of team members is an option. It 
may not be wise to give out information about team members because it 
could bring them unwanted attention.

o The disclosure of information on the template was discussed. The 
template should be expanded to make it clear what will be exposed to 
whom. For example, what information will be given to the victim and 
what information will be given to others. Change the term "sites" to 
"parties."

o The internal reference to the document title will be removed. 

o paragraph 4.2.2 was deemed an operational detail and will be 
removed from the document.


NEXT STEPS

Anne Bennett will determine if she can create the updated template. 
Ann will provide the chair, Barb Fraser, with an answer within 2 
weeks. 

Members of the mailing list should review the documents from the 
point of view of the constituency. Comments should be submitted to the 
list no later than October 1.

The group discussed creating other documents (a guide for ISPs) but the 
tasks was deferred because the group may not have the time or energy 
to complete them.