OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] Common Vocabs

On 15.09.2016 14:08:59, Jordan, Bret wrote:
> 
> One concern I have is with the values in these lists. In the Hashing
> Algorithm we have most all of the values as all upper-case while one
> of them is lower-case. I would suggest we make all values in the
> vocab be the same case, and I would suggest that we make them all
> lower-case.
> 
> In the Encryption vocab, we have some values that are all upper-case
> and some that have mixed case. This is going to be a recipe for
> problems. We should make them all the same. I would once again
> suggest we make all of the values lower-case.
> 

Bret -

Ivan and I are tremendous e.e. cummings fans! (in fact, wed probably
write the entire spec in lowercase without minimal punctuation if we
could get away with it!)

That said, as editors we took the decision to align with the canonical
names of things. If an open vocabulary is based off an IANA registry,
then we use the values as defined in that registry in all our
examples.

The canonical name of the SHA-256 encryption algorithm is "SHA-256".
The canonical name of ssdeep is "ssdeep". Downcasing "SHA-256" to
"sha-256" to aid an implementer who refuses to read the spec isn't
going to stop them from making it "sha256" nor will it prevent them
from turning "ssdeep" into "ss-deep".

In life (as opposed to the realm of pure mathematics) there is rarely
One Correct Answer™; generally one is confronted by a spectrum of
possibilities ranging from "abysmal" to "probably good enough".

As editors, Ivan and I are making the assumption that people trying to
implement the specification will bother to actually *read* it. Time
will tell how regrettable that assumption was. ^_^

-- 
Cheers,
Trey
++--------------------------------------------------------------------------++
Kingfisher Operations, sprl
gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4  5B9B B30D DD6E 62C8 6C1D
++--------------------------------------------------------------------------++
--
"There are only two hard things in Computer Science: cache
invalidation and naming things." --Phil Karlton

Attachment: signature.asc
Description: Digital signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]