[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: Object ID format
On 21.01.2016 15:51:01, John Anderson wrote: > > I agree with this thought: "Threat intel is less than worthless if > your adversary knows what you know." I'm not suggesting we put all > our Resources in the clear with no Authorization/Authentication. > That would indeed be stupid. > Hey, John - Apologies, obviously I misread you. Your line about "And maybe even let Google index some of them!" threw me off. > > So, about "Wholesale webification of CTI is no panacea."...yes and > no. Sure, the Web is no panacea. BUT...It would be unbelievably > freeing to have a URL for every Object. Then, if you want to know > more, just browse to it! (Assuming the publisher's server is > accessible to you.) > I'm totally fine with URLs as object IDs, provided they use UUIDs and the object<->URL mapping is immutable. Cf. the write-up I did on precisely this point as part of the TAXII Query prototype, along with the knock-on implications for object versioning [1]. I'm *not* sold on the idea that we can do away with TAXII entirely by being exceedingly clever with HTTP headers and Apache configs. Perhaps I'm again misinterpreting your position (and if so, please correct me, John!) [0]: https://taxiiproject.github.io/taxii2/notional-query-api/#immutability-of-objects-under-a-url-based-object-id-scheme [1]: https://taxiiproject.github.io/taxii2/notional-query-api/#implications-for-object-versioning -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]