[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] RE: Authentication
On 08.10.2015 11:52:10, Davidson II, Mark S wrote: > > Under this idea, TAXII would be "HTTPS everywhere". > Assuming that TAXII 2.0 is REST-based, defining JWT as the MTI authentication mechanism is obvious. As for the notion of TAXII being "HTTPS everywhere", I'll just point out that key management is the hardest part of crypto. If I'm running an ISA{C,O}, obviously I'm going to opt for the strongest EV cert money can buy. But what about all the endpoint devices out there? Vendors (including Soltra, to be fair) use self-signed certs all over the place. Seems like there be dragons here... -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]