OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-taxii] RE: Authentication


On 08.10.2015 11:52:10, Davidson II, Mark S wrote:
>
> Under this idea, TAXII would be "HTTPS everywhere".
>

Assuming that TAXII 2.0 is REST-based, defining JWT as the MTI
authentication mechanism is obvious.

As for the notion of TAXII being "HTTPS everywhere", I'll just point
out that key management is the hardest part of crypto. If I'm running
an ISA{C,O}, obviously I'm going to opt for the strongest EV cert
money can buy.

But what about all the endpoint devices out there? Vendors (including
Soltra, to be fair) use self-signed certs all over the place. Seems
like there be dragons here...

-- 
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com

Attachment: signature.asc
Description: PGP signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]