cti-comment message

Subject: Update STIX Cyber Observable Objects for URL and domain-name to reference relevant RFCs

From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
To: cti-comment@lists.oasis-open.org
Date: Thu, 20 Apr 2017 11:35:23 -0300

Currently there are no restrictions on the "value" properties of the "url" and "domain-name" Cyber Observable Objects. I believe these objects should reference the relevant RFCs.

Below are my suggested changes:

Added to section 1.2, "Normative References":

[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, <http://www.rfc-editor.org/info/rfc1034>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <http://www.rfc-editor.org/info/rfc3986>.

[RFC5890] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework", RFC 5890, DOI 10.17487/RFC5890, August 2010, <http://www.rfc-editor.org/info/rfc5890>.

2.4 Domain Name Object
Type Name: domain-name

The Domain Name represents the properties of a network domain name.
2.4.1 Properties
Common Properties
type, description, extensions
Domain Name Object Specific Properties
value, resolves_to_refs
Property Name Type Description
type(required) string The value of this property MUST be domain-name.
value(required) string Specifies the value of the domain name. The value of this property MUST conform to RFC 1034, and each domain and sub-domain contained within the domain name MUST conform to RFC 5890

2.15.1 Properties
Common Properties
type, description, extensions
URL Object Specific Properties
value
Property Name Type Description
type(required) string The value of this property MUST be url.
value(required) string Specifies the value of the URL.The value of this property MUST conform to RFC 3986, more specifically section 1.1.3 with reference to the definition for "Uniform Resource Locator"

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security

Without data, all you are is just another person with an opinion - Unknown

Follow-Ups:
- Re: [cti-comment] Update STIX Cyber Observable Objects for URL and domain-name to reference relevant RFCs
  - From: Trey Darley <trey@kingfisherops.com>

Common Properties
type, description, extensions
Domain Name Object Specific Properties
value, resolves_to_refs
Property Name	Type	Description
type(required)	string	The value of this property MUST be domain-name.
value(required)	string	Specifies the value of the domain name. The value of this property MUST conform to RFC 1034, and each domain and sub-domain contained within the domain name MUST conform to RFC 5890

Common Properties
type, description, extensions
URL Object Specific Properties
value
Property Name	Type	Description
type(required)	string	The value of this property MUST be url.
value(required)	string	Specifies the value of the URL.The value of this property MUST conform to RFC 3986, more specifically section 1.1.3 with reference to the definition for "Uniform Resource Locator"