Re: [cti-stix] Re: [EXT] [cti-stix] ability to use UUID5 in STIX2 identifier

[John-Mark Gurney <jmg@newcontext.com>]

Patrick Maroney wrote this message on Thu, Feb 14, 2019 at 02:42 +0000:
> While I canât attest to HOW the three IDs referenced have the same suffix UUID value, arenât they still unique given their prefixes are unique?
> 
>   "id": "relationship--4832076b-7a4c-4952-8853-6446de513176"
>   "id": "report--4832076b-7a4c-4952-8853-6446de513176"
>   "id": "campaign--4832076b-7a4c-4952-8853-6446de513176"
> 
> Note also that these are NOT UUIDv5.

Yes, per the specification as currently written, they are "valid".  But
I know some people assumed that the UU part of UUID would be correct,
and the above shows that they are not universally unique.  This means
if you used just the UUID as your primary key and do not include the
type, that you may have issues w/ stored the objects due to colliding
UUIDs.

Also, though the are "valid", they are clearly not properly generated
per the specification, which requires that a TRNG and PRNG be used,
and that obviously did not happen.

"The UUID MUST be generated according to the algorithm(s) defined in
RFC 4122, section 4.4 (Version 4 UUID) [RFC4122]."


> From: <cti-stix@lists.oasis-open.org> on behalf of John-Mark Gurney <jmg@newcontext.com>
> Organization: New Context
> Date: Wednesday, February 13, 2019 at 8:26 PM
> To: Sean Barnum <sean.barnum@FireEye.com>
> Cc: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
> Subject: Re: [cti-stix] Re: [EXT] [cti-stix] ability to use UUID5 in STIX2 identifier
> 
> We already have an issue w/ UUID's being repeated from the same org,
> but for different types of objects:
> https://github.com/pan-unit42/playbook_viewer/issues/7
> 
> Expanding this such that the same UUID's can be generated by different
> orgs, and the same type will break STIX significantly.

-- 
John-Mark