OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] vocabulary items in cybox network extensions

That is fine and I agree.  I just wanted to make sure the terms were from some where first.  My guess, as I stated in my first email, is they came from glibc, which looks to be correct. 


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Aug 31, 2016, at 09:59, Kemp, David P <dpkemp@nsa.gov> wrote:

Touche.   In the patched version, receivers would accept vocabulary items only in the exact form defined by the authoritative source.

Cybox should still reference or copy authoritative vocabularies verbatim rather than copy-modify-pasting from them.

Regards,
Dave


-----Original Message-----
From: Trey Darley [mailto:trey@kingfisherops.com]
Sent: Wednesday, August 31, 2016 11:49 AM
To: Kemp, David P <dpkemp@nsa.gov>
Cc: OASIS CTI TC CybOX SC list <cti-cybox@lists.oasis-open.org>
Subject: Re: [cti-cybox] vocabulary items in cybox network extensions

On 31.08.2016 15:37:31, Kemp, David P wrote:

The IETF approach is to be strict in what is sent and liberal in what
is received.


Postel's Principle considered harmful...

Patched version
===============

* Be definite about what you accept.

* Treat valid or expected inputs as formal languages, accept them with
 a matching computational power, and generate their recognizer from
 their grammar.

* Treat input-handling computational power as a privilege, and reduce
 it whenever possible.

--
Cheers,
Trey
++--------------------------------------------------------------------------++
Kingfisher Operations, sprl
gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4  5B9B B30D DD6E 62C8 6C1D
++--------------------------------------------------------------------------++
--
"In any dispute the intensity of feeling is inversely proportional to the value of the issues at stake." --Sayre's law

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]