Jason,
Thank you for making that point, and I agree wholeheartedly. The more open-minded we are, the better.
-Mark
From: cti-taxii@lists.oasis-open.org [mailto:cti-taxii@lists.oasis-open.org]
On Behalf Of Jason Keirstead
Sent: Thursday, July 16, 2015 10:33 AM
To: Davidson II, Mark S <mdavidson@mitre.org>
Cc: Patrick Maroney <Pmaroney@Specere.org>; Jordan, Bret <bret.jordan@bluecoat.com>; Terry MacDonald <terry.macdonald@threatloop.com>; cti-taxii@lists.oasis-open.org
Subject: RE: [cti-taxii] TAXII Brainstorming
One thing I'd like to raise... (note, currently I am neither pro nor con of the idea of using an MQ for TAXII 2.0, as it is obviously way too early in the discussion for that) I'd just like to ask that, lets not throw the baby (an
HTTP based protocol) out with the bath water just yet. There are various pros and cons for moving from HTTP to an MQ based solution, especially when considering the potential ramifications of large public internet-facing portals that wish to do threat sharing.
While one may run an MQ such as MQTT open on the Internet, I am not really sure if it was engineered with that use case in mind...
In any event, just food for thought. I thought I would raise it since thus far the whole brainstorming thread has been focused on MQs vs. brainstorming about improvements to HTTP.
-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security |
www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
"Davidson
II, Mark S" ---2015/07/16 09:37:23 AM---Pat, Do you know if there is an updated version of this paper? The first paragraph notes recently as
From: "Davidson II, Mark S" <mdavidson@mitre.org>
To: Patrick Maroney <Pmaroney@Specere.org>, "Jordan, Bret" <bret.jordan@bluecoat.com>,
Terry MacDonald <terry.macdonald@threatloop.com>
Cc: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 2015/07/16 09:37 AM
Subject: RE: [cti-taxii] TAXII Brainstorming
Sent by: <cti-taxii@lists.oasis-open.org>