Re: [cti-taxii] TAXII Brainstorming

[Patrick Maroney <Pmaroney@Specere.org>]

All - Sorry for the spam, but want to be clear on my intent:  I'm not advocating any specific Messaging, Protocol Buffer, etc. approach over any other options.  

My recommendations regarding MQTT were specifically to share learning opportunities with  those interested in studying how other well organized OASIS TCs Operate (in terms of process, tools, frameworks).   I am however interested in how they (and other TCs) are addressing Security in their Standards.

Patrick Maroney

Office:  (856)983-0001

Cell::     (609)841-5104

Email:   pmaroney@specere.org

From: <cti-taxii@lists.oasis-open.org> on behalf of "Davidson II, Mark S" <mdavidson@mitre.org>
Date: Thursday, July 16, 2015 at 11:24 AM
To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Subject: RE: [cti-taxii] TAXII Brainstorming

Jason,

 

Thank you for making that point, and I agree wholeheartedly. The more open-minded we are, the better.

-Mark

 

From: cti-taxii@lists.oasis-open.org [mailto:cti-taxii@lists.oasis-open.org] On Behalf Of Jason Keirstead
Sent: Thursday, July 16, 2015 10:33 AM
To: Davidson II, Mark S <mdavidson@mitre.org>
Cc: Patrick Maroney <Pmaroney@Specere.org>; Jordan, Bret <bret.jordan@bluecoat.com>; Terry MacDonald <terry.macdonald@threatloop.com>; cti-taxii@lists.oasis-open.org
Subject: RE: [cti-taxii] TAXII Brainstorming

 

One thing I'd like to raise... (note, currently I am neither pro nor con of the idea of using an MQ for TAXII 2.0, as it is obviously way too early in the discussion for that) I'd just like to ask that, lets not throw the baby (an HTTP based protocol) out with the bath water just yet. There are various pros and cons for moving from HTTP to an MQ based solution, especially when considering the potential ramifications of large public internet-facing portals that wish to do threat sharing.

While one may run an MQ such as MQTT open on the Internet, I am not really sure if it was engineered with that use case in mind...

In any event, just food for thought. I thought I would raise it since thus far the whole brainstorming thread has been focused on MQs vs. brainstorming about improvements to HTTP.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


"Davidson II, Mark S" ---2015/07/16 09:37:23 AM---Pat, Do you know if there is an updated version of this paper? The first paragraph notes recently as

From: "Davidson II, Mark S" <mdavidson@mitre.org>
To: Patrick Maroney <Pmaroney@Specere.org>, "Jordan, Bret" <bret.jordan@bluecoat.com>, Terry MacDonald <terry.macdonald@threatloop.com>
Cc: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 2015/07/16 09:37 AM
Subject: RE: [cti-taxii] TAXII Brainstorming
Sent by: <cti-taxii@lists.oasis-open.org>

---