[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] CybOX 3.0: Address Object Refactoring
Agree on not having multiple addresses in the same IP Address object but rather multiple objects.
sean
On 10/29/15, 9:40 AM, "cti-cybox@lists.oasis-open.org on behalf of Kirillov, Ivan A." <cti-cybox@lists.oasis-open.org on behalf of ikirillov@mitre.org> wrote:
>Thanks for the clarification on CIDR <-> net mask translation, Bret.
>
>I’m also not worried about a new IP version coming out any time soon, so I think having a more explicitly defined IP Address Object makes sense, which is why we had Option 1 in our proposal. So it sounds like there’s now some preference towards a version of this option, given its relative compactness. However, I do share Mark’s concern that the semantics of having multiple IP addresses is something that needs to be defined at a higher level, likely in another Object (such as the System, which captures many properties relating to a host), and not in the IP Address Object itself. Otherwise, there’s the potential for ambiguity - if I share an IP Address Object that contains both an ipv4 address and an ipv6 address, what does this mean? Are these addresses assigned to the same system, or do they have no relationship at all? Therefore, I still believe that any such IP Address Object MUST represent a logical OR between these addresses for it to be semantically accurate:
>
>IP Address Object
>{
> "ipv4_address": “128.25.213.19/32"}
>}
>OR
>{
> "ipv6_address": "fe80::3e07:54ff:fe6c:6d13/128"}
>}
>
>
>IPv4 Address Object
>{
> "ipv4_address": “128.25.213.19/32",
>}
>
>
>IPv6 Address Object
>{
> "ipv6_address": "fe80::3e07:54ff:fe6c:6d13/128"
>}
>
>
>Regards,
>Ivan
>
>
>
>On 10/29/15, 9:26 AM, "Davidson II, Mark S" <mdavidson@mitre.org> wrote:
>
>>I like this form also.
>>
>>As to representing a host with multiple network interfaces, I wonder if that's a slightly different discussion. In that case, would you have multiple IP address objects with a relationship to e.g., a host object?
>>-Mark
>>
>>-----Original Message-----
>>From: cti-cybox@lists.oasis-open.org [mailto:cti-cybox@lists.oasis-open.org] On Behalf Of Trey Darley
>>Sent: Thursday, October 29, 2015 5:22 AM
>>To: Terry MacDonald <terry@soltra.com>
>>Cc: Jordan, Bret <bret.jordan@bluecoat.com>; Kirillov, Ivan A. <ikirillov@mitre.org>; cti-cybox@lists.oasis-open.org
>>Subject: Re: [cti-cybox] CybOX 3.0: Address Object Refactoring
>>
>>On 28.10.2015 22:27:02, Terry MacDonald wrote:
>>>
>>> I probably prefer this one:
>>>
>>> {
>>> "ipv4Address": "128.25.213.19",
>>> "ipv6Address": "fe80::3e07:54ff:fe6c:6d13"
>>> }
>>>
>>
>>+1
>>
>>--
>>Cheers,
>>Trey
>>--
>>Trey Darley
>>Senior Security Engineer
>>4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430
>>Soltra | An FS-ISAC & DTCC Company
>>www.soltra.com
>>--
>>"Good, Fast, Cheap: Pick any two (you can't have all three)." --RFC 1925
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]