IMHO taxii client implementations will need to support certificate pinning to stop fake sites impersonating the real ones. I'm thinking of man in the middle style attacks to try and steal or alter threat intel. It would not be a good look if a threat intel platform had all of its info stolen because we didn't restrict interaction enough. Or if someone malicious started modifying it in transit so that large ISPs automatically started blocking valid customers ranges or websites....
Terry MacDonald | STIX, TAXII, CybOX Consultant
![]()
Cheers
Terry MacDonald | STIX, TAXII, CybOX Consultant
Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My opinions do not necessarily reflect those of Threatloop.com.
On 16 October 2015 at 09:06, Tony Rutkowski <tony@yaanatech.com> wrote:
Great graphic.
Has anyone considered the potential use of EVcerts
in conjunction with TAXII?
--tony
On 2015-10-15 1:28 PM, Jordan, Bret wrote:
All,
As we begin work on writing the specification for TAXII 2.0 I want to make sure we are diligent about capturing your ideas, questions, comments, and concerns. I also want to try and be very clear on where things might fall in the scope discussion. By doing this I believe we will remove confusion and allow us to focus on specific scoping concerns that people might have.
To this end I would like to propose that we document the decisions we have already made in this SC and how they relate to scope in a manner that looks something like the following graphic..... BTW, this is an early rough draft with only the most basic information..
Please let us know if you find this kind of visual easy to follow and understand, and most importantly if it will help you understand where things fall in relation to scoping.