Re: [cti-stix] Re: Location in 2.0

[John-Mark Gurney <jmg@newcontext.com>]

Jason Keirstead wrote this message on Fri, Oct 14, 2016 at 14:27 -0300:
> I still question the utility of encoding the point-in-time results of an IP
> location lookup into any STIX document.
> 
> Lets not delude ourselves into thinking that the resolution of Geo IP
> location changes on a minute to minute basis so that it is critical that
> you record where it is "now" in case it changes by tomorrow, because it's
> just not true. The most accurate providers that exist only update their
> databases weekly, most only do it monthly - and the data they are using for
> that update, is already even further out of date, and even if it wasn't, it
> is still of highly questionable accuracy, especially in the ever-growing
> world of mobile, where it is just completely wrong 100% of the time.
> 
> And I am not even getting into VPNs, Proxies, Tor, etc.
> 
> So... what are we trying to accomplish here..

IMO, it's important to have the location at the time it was recorded.  Just
because it's in Sometown, USA today, doesn't mean that it was in Sometown, USA
2 months ago when it was recorded.

-- 
John-Mark