OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] CybOX 3.0: Address Object Refactoring

Support for capturing the netmask out side of just using CIDR notation is a very very small corner case.  CIDR assumes normal networking and contiguous blocks of IP addresses.  What CIDR can not do that a netmask can do is non-contiguous IP addresses.  But no real network would do that and only an admin that hates his job and wants to punish people after he leaves would ever do that.  

Further, it is super simple to convert between CIDR and a netmask, so I would suggest that we only use CIDR. 


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Oct 27, 2015, at 12:05, Terry MacDonald <terry@soltra.com> wrote:

Hi Ivan and Trey,
Great idea to do this. We do need some clean-up to remove the duplication so I’m very glad to see this!
  • Does this make sense or not?
Yes. I very much does.
  • Which of the options around IP Address specification (option 1 or option 2) do you prefer?
Option 2. It seems more logical to extend each object from the base one.
  • Do you agree with using CIDR notation as the only supported syntax for IP addresses?
Yes. I like that there is ‘only one way to do it’.
  • Do you think we need other Objects for capturing ATM address and net masks?
Not ATM, but I do think that Netmasks could possibly make it easier if describing something like Cisco kit setup. There may also be some weird scenario when a new piece of malware changes the netmask, and it could be useful to have a mechanism to describe it.
Cheers
 
Terry MacDonald
Senior STIX Subject Matter Expert
SOLTRA | An FS-ISAC and DTCC Company
+61 (407) 203 206 | terry@soltra.com
 
 
From: cti-cybox@lists.oasis-open.org [mailto:cti-cybox@lists.oasis-open.org] On Behalf Of Kirillov, Ivan A.
Sent: Wednesday, 28 October 2015 3:36 AM
To: cti-cybox@lists.oasis-open.org
Subject: [cti-cybox] CybOX 3.0: Address Object Refactoring
 
All,
 
Trey and I have been busy thinking about some ideas around refactoring related to CybOX 3.0. The first idea we’d like to propose to you is around the refactoring of the Address Object into more atomic entities (as discussed in some of the GitHub issues): https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Address-Object-Refactoring
 
Let us know your thoughts! In particular we’d love to know:
 
  • Does this make sense or not?
  • Which of the options around IP Address specification (option 1 or option 2) do you prefer?
  • Do you agree with using CIDR notation as the only supported syntax for IP addresses?
  • Do you think we need other Objects for capturing ATM address and net masks?
Regards,
Ivan and Trey

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]