[prev in list] [next in list] [prev in thread] [next in thread] 

List:       prelude-devel
Subject:    [prelude-devel] Re: [IDWG] Closing on IDMEF
From:       Yoann Vandoorselaere <yoann () prelude-ids ! org>
Date:       2006-02-01 15:39:57
Message-ID: 1138808398.13750.24.camel () arwen ! prelude-ids ! org
[Download RAW message or body]

On Tue, 2006-01-31 at 15:23 +0100, Herve Debar wrote: 
> as you have seen from Sam Hartman's message, we have one last chance to
> make IDMEF an experimental RFC, hence finalizing the document. I am
> enclosing for your perusal version -14, which has been reviewed by Sam
> Hartman, and the tentative -15 version, which I would like to be the
> final RFC. The -15 version contains minor corrections from -14.
> 
> The key issue there is to show the IESG and Sam Hartman that there is
> support from the community to have a schema instead of a DTD. Hence, I
> would like to have an opinion from all of you who care about this issue.
> Please let me know by feb. 7th midnight if you support:
> 
> - the DTD as normative (in which case -14 is the final version with DTD
> and schema swaped)
> 
> or
> 
> - the schema as normative (in which case -15 is the final version)
> 
> and additionally, whether you are using IDMEF as
> - an academic
> - an industrial vendor (including references / number of deployments if
> you can publicly state them.
> [In both cases a web site will be appreciated].
> 
> Depending on the number of answers I receive, I will make one last
> attempt to push for the schema being normative, or I will swap DTD and
> schema in the final document and move it to the RFC editor.

Hello Herve & all,

I'm writing this mail on behalf of the Prelude project
<http://www.prelude-ids.org>, the PreludeIDS Technologies company
<http://www.prelude-ids.com>, as well as the general Prelude users base.

The Prelude-IDS system is based on the IDMEF standard, and has been
getting a very large users base, including telecoms, military,
government, bank, and other critical security infrastructure world
wide. 

We have been using IDMEF in Prelude since about five years, and have
been very happy about it. 

Although the making of IDMEF has been a difficult task due to the range
of available IDS products, experience has shown that IDMEF permitted the
move to a new era of intrusion detection software, covering a much wider
range of available, heterogeneous products than was previously
possible. 

This is the reason I would like to push for the ratification of IDMEF as
an RFC. I have no formal opinion, however, on whether the DTD version
should be preferred rather than the schema.

Regards,

-- 
Yoann Vandoorselaere <yoann@prelude-ids.org>


[prev in list] [next in list] [prev in thread] [next in thread]