MISP taxonomy format skeleton added

misp-taxonomy-format/Makefile

@@ -0,0 +1,9 @@
+MMARK:=/home/adulau/git/mmark/mmark/mmark -xml2 -page
+
+docs = $(wildcard *.md)
+
+all: $(docs)
+		$(MMARK) $< > $<.xml
+		xml2rfc --text $<.xml
+		xml2rfc --html $<.xml
+

misp-taxonomy-format/raw.md

@@ -0,0 +1,91 @@
+% Title = "MISP taxonomy format"
+% abbrev = "MISP taxonomy format"
+% category = "info"
+% docName = "draft-dulaunoy-misp-taxonomy-format"
+% ipr= "trust200902"
+% area = "Security"
+%
+% date = 2016-10-13T00:00:00Z
+%
+% [[author]]
+% initials="A."
+% surname="Dulaunoy"
+% fullname="Alexandre Dulaunoy"
+% abbrev="CIRCL"
+% organization = "Computer Incident Response Center Luxembourg"
+%  [author.address]
+%  email = "alexandre.dulaunoy@circl.lu"
+%  phone = "+352 247 88444"
+%   [author.address.postal]
+%   street = "41, avenue de la gare"
+%   city = "Luxembourg"
+%   code = "L-1611"
+%   country = "Luxembourg"
+% [[author]]
+% initials="A."
+% surname="Iklody"
+% fullname="Andras Iklody"
+% abbrev="CIRCL"
+% organization = "Computer Incident Response Center Luxembourg"
+%  [author.address]
+%  email = "andras.iklody@circl.lu"
+%  phone = "+352 247 88444"
+%   [author.address.postal]
+%   street = "41, avenue de la gare"
+%   city = "Luxembourg"
+%   code = "L-1611"
+%   country = "Luxembourg"
+
+.# Abstract
+
+This document describes the MISP taxonomy format which describes a simple JSON format to
+represent machine tags (also called triple tags). A public directory of common vocabularies
+MISP taxonomies is available and relies on the MISP taxonomy format.
+
+{mainmatter}
+
+# Introduction
+
+Sharing threat information became a fundamental requirements in the Internet, security and intelligence community at large. Threat
+information can include indicators of compromise, malicious file indicators, financial fraud indicators
+or even detailed information about a threat actor. While sharing such indicators or information, classification plays an important role
+to ensure adequate distribution, understanding, validation or action of the shared information. MISP taxonomies is a public repository
+of public and known vocabularies that can be used in threat information sharing.
+
+##  Conventions and Terminology
+
+The key words "**MUST**", "**MUST NOT**", "**REQUIRED**", "**SHALL**", "**SHALL NOT**",
+"**SHOULD**", "**SHOULD NOT**", "**RECOMMENDED**", "**MAY**", and "**OPTIONAL**" in this
+document are to be interpreted as described in RFC 2119 [@!RFC2119].
+
+# Format
+
+## Overview
+
+The MISP taxonomy format is in the JSON [@!RFC4627] format.
+
+# Acknowledgements
+
+The authors wish to thank all the MISP community to support the creation
+of open standards in threat intelligence sharing.
+
+<reference anchor='MISP-P' target='https://github.com/MISP'>
+  <front>
+   <title>MISP Project - Malware Information Sharing Platform and Threat Sharing</title>
+   <author initials='' surname='MISP' fullname='MISP Community'></author>
+   <date></date>
+  </front>
+</reference>
+
+<reference anchor='MISP-T' target='https://github.com/MISP/misp-taxonomies'>
+  <front>
+   <title>MISP Taxonomies - shared and common vocabularies of tags</title>
+   <author initials='' surname='MISP' fullname='MISP Community'></author>
+   <date></date>
+  </front>
+</reference>
+
+
+{backmatter}
+
+