[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Object Markings - Ballot Take 2
Not from my perspective. I think it should cause a version change and we should make that clear in the normative text. Allan From:
Dave Cridland <dave.cridland@surevine.com> In most environments, any change to a security label is an exceptional event, so changing the version is a certainty there. In addition, if the version doesn't change, it's further increasing the chances of a TOCTOU where the marking data
is used for access control. So in my world, it's a definite yes - but I'm curious as to whether there's a particular driver for doing the opposite? Dave. On 12 July 2016 at 14:46, Allan Thomson <athomson@lookingglasscyber.com> wrote:
-- Dave Cridland Participate | Collaborate | Innovate Surevine Limited, registered in England and Wales with number 06726289. Mailing Address : PO Box 1136, Guildford GU1 9ND If you think you have received this message in error, please notify us. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]