OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] CybOX 3.0: Address Object Refactoring

Thanks for posting this, Ivan. +20 for refactoring Addresses!

Two thoughts:

1. IPv4 and IPv6 are mutually-exclusive data formats. Why can't we just have one generic "ip_address" object that accepts data in both formats? The client will have to validate the data anyway, so let the client figure out whether it has an IPv4 or IPv6 address.

2. Let's get rid of the netmasks entirely and just have one generic CIDR object (for both IPv4 and IPv6). If someone has a netmask they want to share, make them convert it into CIDR first. The logical transformation between netmask and CIDR is lossless, so there's no worries there.  It's an easy conversion, and there's already code for it: https://python-iptools.readthedocs.org/en/release-0.5.0/#iptools.netmask2prefix

JSA

________________________________________
From: cti-cybox@lists.oasis-open.org <cti-cybox@lists.oasis-open.org> on behalf of Jerome Athias <athiasjerome@gmail.com>
Sent: Tuesday, October 27, 2015 12:47 PM
To: Kirillov, Ivan A.
Cc: cti-cybox@lists.oasis-open.org
Subject: Re: [cti-cybox] CybOX 3.0: Address Object Refactoring

Does this make sense or not?
> Yes
Which of the options around IP Address specification (option 1 or
option 2) do you prefer?
> Option 2 (Note that simple regexs would avoid the 'Version issue' anyway)
Do you agree with using CIDR notation as the only supported syntax for
IP addresses?
> Ok for me
Do you think we need other Objects for capturing ATM address and net masks?
> I would say no


2015-10-27 19:35 GMT+03:00 Kirillov, Ivan A. <ikirillov@mitre.org>:
> All,
>
> Trey and I have been busy thinking about some ideas around refactoring
> related to CybOX 3.0. The first idea we’d like to propose to you is around
> the refactoring of the Address Object into more atomic entities (as
> discussed in some of the GitHub issues):
> https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Address-Object-Refactoring
>
> Let us know your thoughts! In particular we’d love to know:
>
> Does this make sense or not?
> Which of the options around IP Address specification (option 1 or option 2)
> do you prefer?
> Do you agree with using CIDR notation as the only supported syntax for IP
> addresses?
> Do you think we need other Objects for capturing ATM address and net masks?
>
> Regards,
> Ivan and Trey

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]