OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-taxii] TAXII Brainstorming


MQTT is indeed active - in the midst of preparing to submit MQTT OASIS Standard to ISO for consideration as an international standard I believe. AMQP is less active at the moment think I think they are monitoring implementations. 

I'm happy to make introductions to the chairs of those TCs if you'd like. 

/chet

On Thu, Jul 16, 2015 at 8:46 AM, Patrick Maroney <Pmaroney@specere.org> wrote:
The Oasis MQTT TC appears to be pretty active (I've recently joined as an Observer, this was quick an easy).  I just received this yesterday and wasn't paying attention to the dates, apologies if stale.

Joining the TC as an observer will give you access to everything.  I'm currently studying the  MQTT TC use of JIRA to manage processes, how they are handling Security dimensions of their Standards efforts, etc.  I recommend same to the interested student.

Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104
pmaroney@specere.org
From: cti-taxii@lists.oasis-open.org <cti-taxii@lists.oasis-open.org> on behalf of Davidson II, Mark S <mdavidson@mitre.org>
Sent: Thursday, July 16, 2015 8:37:11 AM
To: Patrick Maroney; Jordan, Bret; Terry MacDonald
Cc: cti-taxii@lists.oasis-open.org
Subject: RE: [cti-taxii] TAXII Brainstorming
 

Pat,

 

Do you know if there is an updated version of this paper? The first paragraph notes recently as Q4 2011, and both AMQP and MQTT have progressed since then. AMQP 1.0 was released in late 2012 [1], and represented a significant change from AMQP 0.91.  MQTT 3.1.1 was released in October 2014 [2], though I currently have little knowledge about how much MQTT may or may not have changed since the paper was written.

 

Thank you.

-Mark

 

[1] http://www.amqp.org/node/102

[2] http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html

 

From: cti-taxii@lists.oasis-open.org [mailto:cti-taxii@lists.oasis-open.org] On Behalf Of Patrick Maroney
Sent: Wednesday, July 15, 2015 7:50 PM
To: Jordan, Bret <bret.jordan@bluecoat.com>; Terry MacDonald <terry.macdonald@threatloop.com>
Cc: cti-taxii@lists.oasis-open.org
Subject: Re: [cti-taxii] TAXII Brainstorming

 

Perhaps my earlier comment on "bonus points" was a bit too obtuse (both represent OASIS Standards):  in any case those interested in message protocols may find the following paper of interest:

https://lists.oasis-open.org/archives/amqp/201202/msg00086/StormMQ_WhitePaper_-_A_Comparison_of_AMQP_and_MQTT.pdf

You may also find joining and Observing the MQTT TC discourse of interest.

Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104
pmaroney@specere.org


From: cti-taxii@lists.oasis-open.org <cti-taxii@lists.oasis-open.org> on behalf of Jordan, Bret <bret.jordan@bluecoat.com>
Sent: Tuesday, July 14, 2015 9:34:32 PM
To: Terry MacDonald
Cc: cti-taxii@lists.oasis-open.org
Subject: Re: [cti-taxii] TAXII Brainstorming

 

Yes our number one goal is to figure out what the future of TAXII should be so we can start looking at what needs to be done.  However, seeing how the list has been quite, I thought I would try and stoke some discussions.  

 

Mark and I do not want to taint the early discussions with our ideas, we would like to hear from all of you first.  

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

On Jul 14, 2015, at 19:29, Terry MacDonald <terry.macdonald@threatloop.com> wrote:

 

My thoughts on 0MQ: Yep its an option, and definitely one that should be added to the mix. 

 

Once we have a better understanding of the key goals as sourced and agreed from the group as a whole then we will be able to identify potential ways those goals can be achieved. I do think we need to step back a little and determine the underlying principles we want TAXII v2.0 to focus on. From there the potential architectures we can evaluate will become self-evident.

 

Step 1 IMHO should be identifying what doesn't work with TAXII 1.1. That should at least point us in the right direction.


Cheers


Terry MacDonald | STIX, TAXII, CybOX Consultant

 

 

 

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

 

On 15 July 2015 at 11:12, Jordan, Bret <bret.jordan@bluecoat.com> wrote:

The point of my question still stands....  :)  I would like to know your thoughts about 0MQ.   

 

We have a lot of big questions to talk about and address in the coming weeks and months.  But for now, Mark and I would like to hear your wish list and feedback on what you would like out of TAXII...   I would also like to see some thought put in to a TAXII Server Architecture that may include pieces out side of the TAXII specification.  

 

Another question, what is missing from TAXII 1.1 that needs to be added to the next version?  Some ideas from the lists could be things like:

1) Authentication 

2) Profile negotiation

etc etc.. 

 

Basically, I am trying to stoke the fire of thought and discussion. From my stand point we have taken the last 6 months off from TAXII development, if not longer, now it is time to get back to work.  

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

On Jul 14, 2015, at 18:48, Terry MacDonald <terry.macdonald@threatloop.com> wrote:

 

Hi Bret,

 

This is so far down the track in the future as we have to have some discussion around the key points we wish to focus on for TAXII v2.0, but at the same time, something worth at least putting some research time into. I am very loathe to distribute this to the list as we are nowhere near the point that we can discuss solutions as we don't have a definite list of them identified by the CTI TAXII SC yet, but at the same time I think it is a useful discourse to have in preparation for those future official conversations.

 

From what I can tell from my limited knowledge, we will need a flexible serialization layer (e.g. Thrift, Cap'n Proto, Protobuf2, SBE, FlatBuffers, etc), and then a distribution mechanism underneath that to make sure the content is delivered (e.g. RabbitMQ, ZeroMQ, ActiveMQ, Kafka, EagleMQ, etc) . 0MQ (ZeroMQ) fits into that later part of the equation. It would deal with getting the data from point A to point B as fast as possible. 

 

I think once we define the key goals for the project, identify some target metrics then we can begin to experiment with some test data encoded and distributed in various ways. My belief is that we can only definitively identify the best transport mechanisms by actual experimentation - running example realistic test data through combinations of serialization/distribution mechanisms we would like to test so that we can discover the best solution experimentally e.g. 

 

Test_STIX_v2.0_Data -> Test_TAXII_v2.0_Data -> Capn'Proto_Serialization -> ZeroMQ and measure the amount of compression, connection bytes, encoding time, encoding CPU load, memory use and similar.

 

Only then will we be able to confirm which solution will be best for us to use. Even the author of protbuf2 and capnproto mentions here when comparing different serialization libraries "The fact of the matter is that the relative performance of these libraries depends deeply on the use case. To know which one will be fastest for your project, you really need to benchmark them in your project, end-to-end. No contrived benchmark will give you the answer."

 

This is going to be fun!


Cheers


Terry MacDonald | STIX, TAXII, CybOX Consultant

 

 

 

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

 

On 15 July 2015 at 09:59, Jordan, Bret <bret.jordan@bluecoat.com> wrote:

Team,

 

I would like you all to look at 0MQ (http://zeromq.org) and give some feedback.

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

 

 

 

 




--

/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]