cti-stix message

Subject: Re: [cti-stix] Re: Object ID format

From: Trey Darley <trey@soltra.com>
To: John Anderson <janderson@soltra.com>
Date: Mon, 25 Jan 2016 08:53:31 +0000

On 22.01.2016 15:43:18, John Anderson wrote:
> 
> URL-as-ID-over-HTTP doesn't solve those issues. I'm not sure how
> UUID-as-ID-via-TAXII solves them, either. Someone can always hack
> their own database and change the content in an Object.
> 

Hi, John -

This is where normative language in the spec comes into play. Of
course the TC can't prevent somebody mucking about in their database
to alter an object's content but as a TC we *can* say that compliant
implementations *MUST* not do so.

-- 
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
--
"No matter how hard you push and no matter what the priority, you
can't increase the speed of light." --RFC 1925

Attachment: signature.asc
Description: PGP signature

References:
- Object ID format
  - From: Terry MacDonald <terry@soltra.com>
- Re: Object ID format
  - From: John Anderson <janderson@soltra.com>
- Re: [cti-stix] Re: Object ID format
  - From: Trey Darley <trey@soltra.com>
- Re: [cti-stix] Re: Object ID format
  - From: John Anderson <janderson@soltra.com>
- Re: [cti-stix] Re: Object ID format
  - From: Trey Darley <trey@soltra.com>
- Re: [cti-stix] Re: Object ID format
  - From: John Anderson <janderson@soltra.com>