diff --git a/misp-taxonomy-format/Makefile b/misp-taxonomy-format/Makefile
new file mode 100644
index 0000000..210eb88
--- /dev/null
+++ b/misp-taxonomy-format/Makefile
@@ -0,0 +1,9 @@
+MMARK:=/home/adulau/git/mmark/mmark/mmark -xml2 -page
+
+docs = $(wildcard *.md)
+
+all: $(docs)
+ $(MMARK) $< > $<.xml
+ xml2rfc --text $<.xml
+ xml2rfc --html $<.xml
+
diff --git a/misp-taxonomy-format/raw.md b/misp-taxonomy-format/raw.md
new file mode 100644
index 0000000..99d45a6
--- /dev/null
+++ b/misp-taxonomy-format/raw.md
@@ -0,0 +1,91 @@
+% Title = "MISP taxonomy format"
+% abbrev = "MISP taxonomy format"
+% category = "info"
+% docName = "draft-dulaunoy-misp-taxonomy-format"
+% ipr= "trust200902"
+% area = "Security"
+%
+% date = 2016-10-13T00:00:00Z
+%
+% [[author]]
+% initials="A."
+% surname="Dulaunoy"
+% fullname="Alexandre Dulaunoy"
+% abbrev="CIRCL"
+% organization = "Computer Incident Response Center Luxembourg"
+% [author.address]
+% email = "alexandre.dulaunoy@circl.lu"
+% phone = "+352 247 88444"
+% [author.address.postal]
+% street = "41, avenue de la gare"
+% city = "Luxembourg"
+% code = "L-1611"
+% country = "Luxembourg"
+% [[author]]
+% initials="A."
+% surname="Iklody"
+% fullname="Andras Iklody"
+% abbrev="CIRCL"
+% organization = "Computer Incident Response Center Luxembourg"
+% [author.address]
+% email = "andras.iklody@circl.lu"
+% phone = "+352 247 88444"
+% [author.address.postal]
+% street = "41, avenue de la gare"
+% city = "Luxembourg"
+% code = "L-1611"
+% country = "Luxembourg"
+
+.# Abstract
+
+This document describes the MISP taxonomy format which describes a simple JSON format to
+represent machine tags (also called triple tags). A public directory of common vocabularies
+MISP taxonomies is available and relies on the MISP taxonomy format.
+
+{mainmatter}
+
+# Introduction
+
+Sharing threat information became a fundamental requirements in the Internet, security and intelligence community at large. Threat
+information can include indicators of compromise, malicious file indicators, financial fraud indicators
+or even detailed information about a threat actor. While sharing such indicators or information, classification plays an important role
+to ensure adequate distribution, understanding, validation or action of the shared information. MISP taxonomies is a public repository
+of public and known vocabularies that can be used in threat information sharing.
+
+## Conventions and Terminology
+
+The key words "**MUST**", "**MUST NOT**", "**REQUIRED**", "**SHALL**", "**SHALL NOT**",
+"**SHOULD**", "**SHOULD NOT**", "**RECOMMENDED**", "**MAY**", and "**OPTIONAL**" in this
+document are to be interpreted as described in RFC 2119 [@!RFC2119].
+
+# Format
+
+## Overview
+
+The MISP taxonomy format is in the JSON [@!RFC4627] format.
+
+# Acknowledgements
+
+The authors wish to thank all the MISP community to support the creation
+of open standards in threat intelligence sharing.
+
+
+
+ MISP Project - Malware Information Sharing Platform and Threat Sharing
+
+
+
+
+
+
+
+ MISP Taxonomies - shared and common vocabularies of tags
+
+
+
+
+
+
+{backmatter}
+
+