OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-taxii] Questioning the wisdom of using DNS SRV records for TAXII 2.0 Discovery


Do we really think it is realistic to build a data making implementation that is actually going to work for the vastly different solutions that the more advanced people need and still have it be implementable in generic code?  I can see some structured and well defined parts working well.  But completely free formed, do anything, data making that "secret groups" use today is like trying to boil the ocean in code.  


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Oct 31, 2015, at 03:16, Trey Darley <trey@SOLTRA.COM> wrote:

On 31.10.2015 05:46:42, Patrick Maroney wrote:

Actually it's just the opposite, the more advanced groups are much
more likely to share high value actionable intelligence (at least
tactical) once we have solid data marking/handling constructs. We
know the value of early detection/prevention and criticality of
broadly sharing ephemeral IOCs ASAP.


Hi, Pat -

I definitely agree with you on the importance of supporting more
sophisticated data marking/handling constructs and unlike the point I
was trying to make regarding TAXII in air-gapped networks, I think
this *is* probably an area where OASIS can have an impact.

Without going too much into detail, when I worked at
$large_international_org, there were many different national elements
represented. Not only did each national element have its own
data-marking scheme, but different branches *within* each national
element frequently had their own variation on the data-marking scheme.
Trying to keep all these data-marking schemes in alignment across
$large_international_org was a complete nightmare.

This *is* an important problem but in order for OASIS to address it in
the CTI standards, we'd need some hard requirements from the "more
advanced groups" you referred to so as to model the problem at the
proper degree of abstraction. Do you think these folks would be
willing to share their data-marking requirements with OASIS, either
via liaisons or perhaps some of the co-chairs?

--
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
--
"It is more complicated than you think." --RFC 1925

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]