OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] RE: STIX Sightings

On 30.10.2015 15:38:42, Aharon Chernin wrote:
> I do tend to lean towards TAXII query, but if the community likes
> the STIX Request Pack approach better then we should depreciate the
> functionality from TAXII Query. I would like to avoid having two
> different ways to do the same thing.

I agree that as a general refactoring principle we should strive for
*one* way of doing things.

If we elect to go with the STIX Request/Response objects Terry
proposed for RFI, perhaps we should extend the concept to address all
the use cases targeted by the TAXII Query API strawman and forget
about REST-based TAXII Query.

Given that the TAXII SC are going with a REST-based approach for 2.0,
it seems a bit silly (from an implementation perspective) that I would
need to create a STIX Request object, pass that to a TAXII broker, and
wait around on one or more STIX Response objects to come back down the
TAXII messaging bus just to find out whether a particular IP address
has been seen before when a REST call would accomplish the same thing.

Grrr...I *hate* to suggest it, but maybe this is a corner case where
we actually *need* two different ways of doing the same thing?!

Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
"It is always something." --RFC 1925

Attachment: signature.asc
Description: PGP signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]