[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: Object ID format
On 22.01.2016 15:43:18, John Anderson wrote: > > URL-as-ID-over-HTTP doesn't solve those issues. I'm not sure how > UUID-as-ID-via-TAXII solves them, either. Someone can always hack > their own database and change the content in an Object. > Hi, John - This is where normative language in the spec comes into play. Of course the TC can't prevent somebody mucking about in their database to alter an object's content but as a TC we *can* say that compliant implementations *MUST* not do so. -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "No matter how hard you push and no matter what the priority, you can't increase the speed of light." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]