OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Proposal - Single Binding

@Terry +1


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Jul 31, 2015, at 05:23, Terry MacDonald <terry.macdonald@threatloop.com> wrote:

The problem with just using compression of the existing XML over http(s) is that we only get marginal reduction in size, and therefore marginal reduction in bandwidth consumption across the network. 

We need to look at ways of reducing the amount of data transferred by reviewing all levels of the TAXII/STIX/CybOX stack. Everything needs to be investigated and improved:
  • Choosing a message format that is as small as possible
  • Only sending changes to objects rather than the full objects
  • Only sending the bits of the objects the consumer wants
  • Compressing 
  • Reducing the number of client-server negotiation steps before data flows
  • Reduce the amount of discovery required
  • Reuse connections (multiplexing)
  • Make better use of nearer sources of data rather than sources further away (locality/latency)
  • and anything else we can think of....
They should all be discussed, investigated and adopted/discounted to make the next versions of TAXII/STIX/CybOX efficient and effective enough to last for an extended duration. This will in turn make it more beneficial for vendors to invest resources in supporting a nice stable protocol, and consumers get a lovely dollop of compatibility and integration.

Cheers

Terry MacDonald | STIX, TAXII, CybOX Consultant




Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

On 31 July 2015 at 04:28, Dr. Eric Burger <eric.burger@georgetown.edu> wrote:
I think STIX messages are bounded. As in not streaming. Meaning we can use compression at the transport level if the number of bits gets to be too much.

Sent from my mobile device. Thanks be to LEMONADE: http://www.standardstrack.com/ietf/lemonade
S2ERC: http://s2erc.georgetown.edu/
GCSC: http://gcsc.georgetown.edu/
Me: http://www.cs.georgetown.edu/~ eburger


Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]