[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Identifier: [cti-stix] Formalizing Consensus - Identifier, Timestamp, Timestamp Precision, and Custom Properties
Folks,
I don’t mean to cause a stir or re-open topics, but on today’s call during the discussion about identifiers there appeared to be some confusion about how Patrick had proposed having deterministic identifiers. If I heard the comments correctly, there seemed
to be the opinion that you had to hash the entire object, which would include the revision information, in order to generate the identifier. But as I read Pat’s proposal, that isn’t what he proposed if you look back below at his email.
In Pat’s proposal, he proposed using a tuple of organization namespace (aka domain name), type of object, and one or more value(s) as input to the uuid5 algorithm. The organization namespace and type of object was used to significantly the possibility
of collisions that could occur with the key value(s) (e.g., IP address value) when the tuple contents were hashed using the SHA1 per the uuid5 algorithm. Because the entire object, including revision information, isn’t used to determine the hash there isn’t
the issue of breaking relationships.
From an implementors point of view, I've been doing a very similar approach for a while without any issues. It avoids the need to maintain a list of identifiers that we’ve used before and thus simplifies the effort to support. In addition, the generated
identifiers are valid UUIDs with the same number of bytes, etc. Per RFC 4122, there is no way, beyond making sure that the timestamp portion of the UUID is in the future, to validate if a UUID is valid much less enforce that the UUID had been generated using
the uuid4 algorithm or not. So attempting to enforce that the uuid portion of identifiers are generated by the uuid4 algorithm is pointless.
So I submit that if someone wants to use the uuid3 or uuid5 algorithm, they should not be prohibited to do so but our text should clearly state that it is RECOMMENDED that the uuid4 algorithm be used.
I’m happy to tweak the text in the document accordingly, but wanted to raise what I believe was confusion on this topic to the group before doing any text changes.
Paul Patrick
From: <cti-stix@lists.oasis-open.org> on behalf of "Jordan, Bret" <bret.jordan@bluecoat.com>
Date: Monday, May 2, 2016 at 6:01 PM To: Patrick Maroney <Pmaroney@Specere.org> Cc: "Wunder, John A." <jwunder@mitre.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> Subject: Re: [cti-stix] Identifier: [cti-stix] Formalizing Consensus - Identifier, Timestamp, Timestamp Precision, and Custom Properties Resent-From: <Paul.Patrick@FireEye.com>
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]