OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Question

I opened this issue in the TAXII Github issue tracker, but it has philosophical / ethical implication for STIX.  STIX nor TAXII really addresses this yet..

Ref: https://github.com/oasis-tcs/cti-taxii2/issues/14

-- copy from issue tracker --

Say my server supports STIX 2.0 and STIX 2.1 content. I get some data that is in STIX 2.1 format. Then someone comes along and asks for content in STIX 2.0 format. What do I do with the fields, properties, objects, relationship types, vocab terms, etc that are not valid in STIX 2.0?

What happens in a STIX Bundle or Report that has content that is in both STIX 2.0 and STIX 2.1. Meaning, what happens if it has indicators and notes and opinions. Do you send the indicator and not the note and options? Do you prune the notes and opinions from the report or bundle ? What do you do with confidence fields?  Do you delete the confidence field?  Does that mean you need to rev the modified timestamp or create a new ID?  What happens with digital signatures for this content ?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]