OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] File/Artifact Encryption & Archive Properties

> An encrypted zip file is different than just encrypting (and compressing) the file contents. Doing this would lose the mime_type of the file being compressed in the archive (if this is important).

That’s true, but since we’re discussing the Artifact Object in this case, I don’t think we care about the contents as much as the container (the actual “artifact”). If you need to characterize the contents of an archive, you can still using the existing File Object w/ archive-file-extension for this purpose.

Also, I’m in agreement with Sean and others that it probably makes the most sense to just add a new entry of “unspecified” to the encryption-algo-ov, since this would cover all of our associated use cases.

Regards,
Ivan

On 10/4/17, 9:24 AM, "Back, Greg" <gback@mitre.org> wrote:

    An encrypted zip file is different than just encrypting (and compressing) the file contents. Doing this would lose the mime_type of the file being compressed in the archive (if this is important).
    
    (We went around on this quite a bit in CybOX 2.0)
    
    Greg
    
    On 2017-10-04, 14:45 UTC, "Trey Darley" <cti-cybox@lists.oasis-open.org on behalf of trey@newcontext.com> wrote:
    
        On 28.09.2017 17:17:01, John-Mark Gurney wrote:
        > Jason Keirstead wrote this message on Mon, Sep 25, 2017 at 10:43 -0300:
        > > ... But that is the problem I am pointing out.
        > > 
        > > Having a blob of bytes and knowing it is encrypted with AES-256 is
        > > not sufficient to open it. I have to know that it is encrypted
        > > using Zip encryption with AES-256, or 7zip encryption with
        > > AES-256, as these are different things.
        > 
        
        Hey, y'all -
        
        If you put `mime_type: "x-7z-compressed"` and `encryption_algorithm:
        "AES-256"` on the example Artifact being discussed, what's the
        problem?
        
        -- 
        Cheers,
        Trey
        ++--------------------------------------------------------------------------++
        Director of Standards Development, New Context
        gpg fingerprint: 3918 9D7E 50F5 088F 823F  018A 831A 270A 6C4F C338
        ++--------------------------------------------------------------------------++
        --
        "Gentlemen, you can't fight in here! This is the War Room!"
        --President Merkin Muffley

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]