OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-taxii] TAXII 2.0 transport specification

Hi Eric and list,

I'd personally be concerned with following an NSA recommended standard. I think it would *potentially* impact whether the rest of the international community adopt the standard. I would prefer that we follow some recommendations from international experts that have inputs from multiple different nationalities and teams, so that we are not overly reliant on any one country.


Terry MacDonald | STIX, TAXII, CybOX Consultant

Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My opinions do not necessarily reflect those of Threatloop.com.

On 15 January 2016 at 00:01, Eric Burger <Eric.Burger@georgetown.edu> wrote:
Here are some updates and discussion points to the transport specification language. Sorry I cannot be there in Florida!

Passing the text to some folks who really know security, one thing they asked was why we did not just chose to use Suite B (RFC 6460). What I proposed is almost Suite B, so there would not be much of a significant change to what we’ve got proposed now. 

My concern with Suite B is there is a lot of FUD that the Cyber Act is really just an excuse for USG fishing. Mandating a NSA security suite may have bad optics. What do you think?

On Jan 7, 2016, at 10:59 PM, Mark Davidson <mdavidson@soltra.com> wrote:

I had meant for this to go to the CTI list, and I got bit by autocomplete.

From: <cti-taxii@lists.oasis-open.org> on behalf of Mark Davidson <mdavidson@soltra.com>
Date: Thursday, January 7, 2016 at 11:28 PM
To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Subject: [cti-taxii] TAXII Materials Submission - TAXII Pre-Draft spec


Please find attached the TAXII 2.0 pre-draft specification. As noted on the TAXII SC list and within the document itself, this document is intended to be a discussion platform and help drive consensus. The quality of the document is a bit uneven – we’d like to kindly request that readers attempt to get the “big picture” first and comment on specific wordings/phrasings second. Notably, if you think “Channels and Collections” are the wrong way to go, that would be a great thing to raise at the F2F.

Thank you and we look forward to seeing you at the F2F!
Mark and Bret

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]