OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] Proposal - Simplify UUID Requirements/Language


Simple and clean approach. I strongly support this. This is solving the current issue[1].

[1] https://github.com/oasis-tcs/cti-stix2/issues/133

On 14/02/2019 17:55, Patrick Maroney wrote:
> Iâm repeating a proposal Iâve made twice before in hopes it will be considered and accepted/rejected solely on its merits. We have not re-established voting rights, so I cannot make a motion.
> 
> Â
> 
> However, I believe it is a simple solution to the STIX Identifier discourse and its adoption would allow us to move on to more complex issues.
> 
> Â
> 
> *Proposal*
> 
> *Â*
> 
>   * Simplify the existing language in the 2.0 CSD
>   * Remove the arbitrary UUIDv4 restriction. Â
> 
> Â
> 
> *Type Name:*Âidentifier
> 
> Â
> 
> AnÂidentifierÂuniversally and uniquely identifies a SDO, SRO, Bundle, or Marking Definition. IdentifiersÂ*MUSTÂ*follow the formÂ/object-type/--/UUID/, whereÂ/object-type/Âis the exact value (all type
> names are lowercase strings, by definition) from theÂtypeÂproperty of the object being identified or referenced and where theÂ/UUID/Âis an RFC 4122-compliant UUID. The UUIDÂ*MUST*Âbe generated
> according to the algorithm(s) defined in RFC 4122, [RFC4122 <http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html#2zqjjj5wdk2h>].
> 
> Â
> 
> Please note the following assertions:
> 
> Â
> 
>   * The *only* requirement for using UUIDs as part of STIX Identifiers is uniqueness.
>   * Any RFC 4122 compliant ID form meets this requirement (Including UUIDv1).
>   * RFC 4122 addresses the requirements for how compliant UUIDs are generated.
> 
> Â
> 
> Â
> 
> *Patrick Maroney*
> 
> Merlin â Advisor to Kings
> 
> *DarkLight*
> 
> Email:ÂÂpatrick.maroney@darklight.ai <mailto:patrick.maroney@darklight.ai>
> 
> cid:image001.png@01D44B7D.C4426DB0
> 
> Â
> 
> Â
> 
> This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete
> it from your system without copying it and notify sender by reply e-mail so our records can be corrected.
> 
> Â
> 


-- 
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
16, bd d'Avranches L-1160 Luxembourg
info@circl.lu - www.circl.lu - (+352) 247 88444


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]