OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-taxii] Use of well_known


I thought we'd talked about using DNS as the discovery mechanism for the TAXII server (if the org wants it to be discovered).

In other words we could make a TAXII specific DNS TXT record (_taxii) that would contain to whatever information we want to, along the lines of a DMARC  record (
"v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:dmarcreports@example.com")

If we made a TAXII DNS TXT record it could be something like:

"v=TAXII2.0;pri=taxii.example.com:443/mytaxii;sec=prod-taxii2.example.com:8989/backup"

or what ever we need it to be.

What do you all think?

Cheers
Terry MacDonald
Cosive


On 12 Oct. 2016 02:41, "Dave Cridland" <dave.cridland@surevine.com> wrote:


On 11 October 2016 at 14:09, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:

To play devil's advocate - you are only guaranteed to not have a collision, if people are actually following the RFC and reserving the space. But since hardly anyone seems to implement this RFC, I would argue that the space is not actually being actively reserved, and thus you are just as likely to have a collision as with any other URI space.

This is only true if people are actively using .well-known without registering and also without even looking at the registry. This seems somewhat perverse. But even assuming your logic holds at all, what you're arguing is that using .well-known is, in the worst possible case, no worse than not using it.

In doing research for this, I also see really strange things being done with it that give me great pause. For example, look at how CalDAV recommends it's users configure ".well-known". This would make it actually impossible for a TAXII server to reside on the same host as a CalDAV server.

Yes, people advise setting up software in bad ways. This is, more or less, exactly what not to do.
 

https://wiki.davical.org/index.php/Well-known_URLs

#Activate RewriteEngine
RewriteEngine On
# Redirect /.well-known URLs
RewriteRule ^/\.well-known/(.*)$ /caldav.php/.well-known/$1 [NC,L]
# Optionally: redirect /principals/users/ as well
RewriteRule ^/principals/users/(.*)$ /caldav.php/$1 [NC,L]


-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Dave Cridland ---10/11/2016 09:54:48 AM---In fairness, the robots.txt file was in use nearly two decaDave Cridland ---10/11/2016 09:54:48 AM---In fairness, the robots.txt file was in use nearly two decades before .well-known came along, so exp

From: Dave Cridland <dave.cridland@surevine.com>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: "Bret Jordan (CS)" <Bret_Jordan@symantec.com>, "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 10/11/2016 09:54 AM
Subject: Re: [cti-taxii] Use of well_known





In fairness, the robots.txt file was in use nearly two decades before .well-known came along, so expecting that to move is unlikely. But every standards-track document since requiring a well-known URI has used the .well-known prefix, including those from the IETF and W3C as well as other documents from EFF, Google, etc.

The reasoning is that it avoids any potential collision. While I don't know of any reason we're likely to hit a collision with "taxii", I also don't think it's reasonable to assume that nobody else will ever use that prefix - and we certainly cannot enforce it in any way.

As to Bret's comment that it adds an additional layer of indirection, I don't follow this - it's simply a different string. I did suggest adding some text about following redirections, but that applies equally to a "/taxii" or "/.well-known/taxii" URI path.

On 11 October 2016 at 13:13, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:
    - The RFC has been around for 6 years and there are only 25 registered entries. If the standard was successful, one should expect hundreds of entries by now. Interestingly, one of the use cases given in the RFC itself (robots.txt placement) still to this day does not even use it.

    - Nearly the only use has been from other RFCs.. which points to no one outside the IETF community is bothering to register

    Therefore myself... I see .well_known as a failed standard, and would rather avoid it.


    -
    Jason Keirstead
    STSM, Product Architect, Security Intelligence, IBM Security Systems

    www.ibm.com/security | www.securityintelligence.com

    Without data, all you are is just another person with an opinion - Unknown


    Inactive hide details for "Bret Jordan (CS)" ---10/09/2016 07:14:06 PM---All, We previously had pretty good consensus around th"Bret Jordan (CS)" ---10/09/2016 07:14:06 PM---All, We previously had pretty good consensus around the entry point for the TAXII API being the foll

    From:
    "Bret Jordan (CS)" <Bret_Jordan@symantec.com>
    To:
    "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
    Date:
    10/09/2016 07:14 PM
    Subject:
    [cti-taxii] Use of well_known
    Sent by:
    <cti-taxii@lists.oasis-open.org>




    All,


    We previously had pretty good consensus around the entry point for the TAXII API being the following:


    https://something.somewhere.com/taxii

    It has been suggested that we might look in to using the ".well_known" structure. After doing some research it appears that in fact a very few number of sites do in fact use this, however, it appears that it is not widely used or adopted.


    I am curious to know what everyone thinks? Personally I am not a fan of using things like ".well_known" as it just adds an extra layer of abstraction and complication that I do not believe we need. If you would like this in TAXII, please speak up and let us know why. Otherwise we will pull the suggestion from the document.


    Thanks
    Bret









--

Dave Cridland

phone  +448454681066
email  dave.cridland@surevine.com
skype  dave.cridland.surevine

Participate | Collaborate | Innovate

Surevine Limited, registered in England and Wales with number 06726289. Mailing Address : PO Box 1136, Guildford GU1 9ND
If you think you have received this message in error, please notify us.





--

Dave Cridland

Surevine

Participate | Collaborate | Innovate

Surevine Limited, registered in England and Wales with number 06726289. Mailing Address : PO Box 1136, Guildford GU1 9ND
If you think you have received this message in error, please notify us.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]