[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] âSignatureâ of STIX Objects
Stephen, Thanks for the question. Yes, this is a known issue that the TC needs to address. One of the major problems is that IETF JOSE working group has yet to define a canonical representation of JSON data. This makes signing the STIX objects difficult, as there is not yet any RFC for doing what we need. We have talked about a few different options internal to our CTI TC for how this could be done, but the solution would be limited to STIX and TAXII, rather than an industry wide standard. To this end I have been bringing up this issue in the IETF JOSE WG mailing list, and trying to get a work item started during the Prague IETF meeting to address this. If you are interested in signed JSON content, either for STIX or something else, I would highly encourage you to join the discussion at jose@ietf.org. There seems to be a few people on the JOSE mailing list that, like me, want to see this work get done. However, as you may know, all standards work (even here in OASIS) is consensus based. Meaning, the more people that want something done, the more likely it will get done. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]