OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [cti-taxii] Use of well_known


Jason,

I chose the TXT record in my example because we can embed the full URL to the endpoint within it as a key/value pair, thereby making the need for a well known endpoint optional.

Cheers
Terry MacDonald
Cosive


On 12 Oct. 2016 12:41 pm, "Jason Keirstead" <Jason.Keirstead@ca.ibm.com> wrote:

To follow up on Terry's email though... I do not believe using .well-known for the HTTP endpoint location has anything to do with if we also allow DNS discovery. I believe we should still do the DNS discovery as proposed in the spec, regardless of what the URI ends up being. The .well-known RFC is about discovering resources available at a specific web server; it does nothing to help you discover the servers themselves, as the DNS discovery does.

It is worth noting Terry proposes a TXT record, while the spec proposes a SRV record, I am not sure as to the pros/cons of each approach, not being a DNS expert.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for "Back, Greg" ---10/11/2016 08:06:52 PM---I took the time to read through the RFC (only 8 pages; prett"Back, Greg" ---10/11/2016 08:06:52 PM---I took the time to read through the RFC (only 8 pages; pretty light by RFC standards). I tend to agr

From: "Back, Greg" <gback@mitre.org>
To: "Bret Jordan (CS)" <Bret_Jordan@symantec.com>, Terry MacDonald <terry.macdonald@cosive.com>, Dave Cridland <dave.cridland@surevine.com>
Cc: Jason Keirstead/CanEast/IBM@IBMCA, "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 10/11/2016 08:06 PM
Subject: RE: [cti-taxii] Use of well_known
Sent by: <cti-taxii@lists.oasis-open.org>





I took the time to read through the RFC (only 8 pages; pretty light by RFC standards). I tend to agree with Dave. The intent of "/.well-known/" seems to match our use case. With the exception of registering the name, I don't see what additional complexity it adds.

I imagine the vast majority of implementers are unlikely to care and will simply accept "use this string because the TAXII spec says so." It's possible some implementers who (like me, before digging into this) were ignorant of RFC 5785, and learn something new and understand why TAXII uses it. The implementers who see it and think "why didn't the TC just use /taxii ?" (just like the people, were we not to use /.well-known/taxii, who would think "why didn't the TC use /.well-known/taxii ?") aren't the people we should be trying to please; if someone's looking for things to criticize, I'm sure they'll find something. Using /.well-known/ does show at least some level of commitment to using other standards when they make sense; I think that's worth something.

Long story short: I'm about a +0 on using .well-known. I'd prefer it, in the absence of a strong reason not to, but it's not something I feel strongly about either way.  I'm about a 2 out of 10 on the scale here [1] (sorry for the language in the URL).

Greg

[1]
http://blog.capwatkins.com/the-sliding-scale-of-giving-a-fuck

> -----Original Message-----
> From: cti-taxii@lists.oasis-open.org [
mailto:cti-taxii@lists.oasis-open.org] On
> Behalf Of Bret Jordan (CS)
> Sent: Tuesday, October 11, 2016 3:12 PM
> To: Terry MacDonald <terry.macdonald@cosive.com>; Dave Cridland
> <dave.cridland@surevine.com>
> Cc: Jason Keirstead <Jason.Keirstead@ca.ibm.com>; cti-taxii@lists.oasis-
> open.org
> Subject: Re: [cti-taxii] Use of well_known
>
> I just do not think we need well_known at this stage.  But I committed to
> read the RFC and give it an honest look.  But it seems like we just do not
> need that level of complexity at this stage.
>
>
>
>
> Bret
>
> ________________________________
>
> From: Terry MacDonald <terry.macdonald@cosive.com>
> Sent: Tuesday, October 11, 2016 1:14:26 PM
> To: Dave Cridland
> Cc: Jason Keirstead; Bret Jordan (CS); cti-taxii@lists.oasis-open.org
> Subject: Re: [cti-taxii] Use of well_known
>
>
> I thought we'd talked about using DNS as the discovery mechanism for the
> TAXII server (if the org wants it to be discovered).
>
> In other words we could make a TAXII specific DNS TXT record (_taxii) that
> would contain to whatever information we want to, along the lines of a
> DMARC  record (
> "v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:dmarcreports@exa
> mple.com <
mailto:dmarcreports@example.com> ")
>
> If we made a TAXII DNS TXT record it could be something like:
>
> "v=TAXII2.0;pri=taxii.example.com:443/mytaxii;sec=prod-
> taxii2.example.com:8989/backup
> <
http://taxii.example.com:443/mytaxii;sec=prod-
> taxii2.example.com:8989/backup> "
>
> or what ever we need it to be.
>
> What do you all think?
>
> Cheers
> Terry MacDonald
> Cosive
>
>
> On 12 Oct. 2016 02:41, "Dave Cridland" <dave.cridland@surevine.com
> <
mailto:dave.cridland@surevine.com> > wrote:
>
>
>
>
> On 11 October 2016 at 14:09, Jason Keirstead
> <Jason.Keirstead@ca.ibm.com <
mailto:Jason.Keirstead@ca.ibm.com> >
> wrote:
>
>
> To play devil's advocate - you are only guaranteed to not
> have a collision, if people are actually following the RFC and reserving the
> space. But since hardly anyone seems to implement this RFC, I would argue
> that the space is not actually being actively reserved, and thus you are just as
> likely to have a collision as with any other URI space.
>
>
>
> This is only true if people are actively using .well-known without
> registering and also without even looking at the registry. This seems
> somewhat perverse. But even assuming your logic holds at all, what you're
> arguing is that using .well-known is, in the worst possible case, no worse than
> not using it.
>
>
> In doing research for this, I also see really strange things
> being done with it that give me great pause. For example, look at how
> CalDAV recommends it's users configure ".well-known". This would make it
> actually impossible for a TAXII server to reside on the same host as a CalDAV
> server.
>
>
>
> Yes, people advise setting up software in bad ways. This is, more or
> less, exactly what not to do.
>
>
>
https://wiki.davical.org/index.php/Well-known_URLs
> <
https://wiki.davical.org/index.php/Well-known_URLs>
>
> #Activate RewriteEngine
> RewriteEngine On
> # Redirect /.well-known URLs
> RewriteRule ^/\.well-known/(.*)$ /caldav.php/.well-
> known/$1 [NC,L]
> # Optionally: redirect /principals/users/ as well
> RewriteRule ^/principals/users/(.*)$ /caldav.php/$1 [NC,L]
>
> -
> Jason Keirstead
> STSM, Product Architect, Security Intelligence, IBM Security
> Systems
>
www.ibm.com/security <http://www.ibm.com/security>  |
>
www.securityintelligence.com <http://www.securityintelligence.com>
>
> Without data, all you are is just another person with an
> opinion - Unknown
>
>
> Dave Cridland ---10/11/2016 09:54:48 AM---In fairness, the
> robots.txt file was in use nearly two decades before .well-known came
> along, so exp
>
> From: Dave Cridland <dave.cridland@surevine.com
> <
mailto:dave.cridland@surevine.com> >
> To: Jason Keirstead/CanEast/IBM@IBMCA
> Cc: "Bret Jordan (CS)" <Bret_Jordan@symantec.com
> <
mailto:Bret_Jordan@symantec.com> >, "cti-taxii@lists.oasis-open.org
> <
mailto:cti-taxii@lists.oasis-open.org> " <cti-taxii@lists.oasis-open.org
> <
mailto:cti-taxii@lists.oasis-open.org> >
> Date: 10/11/2016 09:54 AM
> Subject: Re: [cti-taxii] Use of well_known
>
>
> ________________________________
>
>
>
>
> In fairness, the robots.txt file was in use nearly two decades
> before .well-known came along, so expecting that to move is unlikely. But
> every standards-track document since requiring a well-known URI has used
> the .well-known prefix, including those from the IETF and W3C as well as
> other documents from EFF, Google, etc.
>
> The reasoning is that it avoids any potential collision. While I
> don't know of any reason we're likely to hit a collision with "taxii", I also don't
> think it's reasonable to assume that nobody else will ever use that prefix -
> and we certainly cannot enforce it in any way.
>
> As to Bret's comment that it adds an additional layer of
> indirection, I don't follow this - it's simply a different string. I did suggest
> adding some text about following redirections, but that applies equally to a
> "/taxii" or "/.well-known/taxii" URI path.
>
> On 11 October 2016 at 13:13, Jason Keirstead
> <Jason.Keirstead@ca.ibm.com <
mailto:Jason.Keirstead@ca.ibm.com> >
> wrote:
>
> - The RFC has been around for 6 years and there are
> only 25 registered entries. If the standard was successful, one should expect
> hundreds of entries by now. Interestingly, one of the use cases given in the
> RFC itself (robots.txt placement) still to this day does not even use it.
>
> - Nearly the only use has been from other RFCs..
> which points to no one outside the IETF community is bothering to register
>
> Therefore myself... I see .well_known as a failed
> standard, and would rather avoid it.
>
>
> -
> Jason Keirstead
> STSM, Product Architect, Security Intelligence, IBM
> Security Systems
>
www.ibm.com/security
> <
http://www.ibm.com/security>  | www.securityintelligence.com
> <
http://www.securityintelligence.com/>
>
> Without data, all you are is just another person with
> an opinion - Unknown
>
>
> "Bret Jordan (CS)" ---10/09/2016 07:14:06 PM---All,
> We previously had pretty good consensus around the entry point for the
> TAXII API being the foll
>
> From: "Bret Jordan (CS)"
> <Bret_Jordan@symantec.com <
mailto:Bret_Jordan@symantec.com> >
> To: "cti-taxii@lists.oasis-open.org <
mailto:cti-
> taxii@lists.oasis-open.org> " <cti-taxii@lists.oasis-open.org <
mailto:cti-
> taxii@lists.oasis-open.org> >
> Date: 10/09/2016 07:14 PM
> Subject: [cti-taxii] Use of well_known
> Sent by: <cti-taxii@lists.oasis-open.org <
mailto:cti-
> taxii@lists.oasis-open.org> >
>
> ________________________________
>
>
>
>
> All,
>
> We previously had pretty good consensus around the
> entry point for the TAXII API being the following:
>
>
https://something.somewhere.com/taxii
> <
https://something.somewhere.com/taxii>
>
> It has been suggested that we might look in to using
> the ".well_known" structure. After doing some research it appears that in
> fact a very few number of sites do in fact use this, however, it appears that it
> is not widely used or adopted.
>
> I am curious to know what everyone thinks?
> Personally I am not a fan of using things like ".well_known" as it just adds an
> extra layer of abstraction and complication that I do not believe we need. If
> you would like this in TAXII, please speak up and let us know why. Otherwise
> we will pull the suggestion from the document.
>
> Thanks
> Bret
>
>
>
>
>
>
>
>
>
>
> --
>
> Dave Cridland
>
>
>
> phone  +448454681066 <tel:%2B448454681066>
> email  dave.cridland@surevine.com
> <
mailto:dave.cridland@surevine.com>
> skype  dave.cridland.surevine
>
>
>
> Participate | Collaborate | Innovate
>
> Surevine Limited, registered in England and Wales with
> number 06726289. Mailing Address : PO Box 1136, Guildford GU1 9ND
> If you think you have received this message in error, please
> notify us.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
> Dave Cridland
>
> phone  +448454681066 <tel:%2B448454681066>
> email  dave.cridland@surevine.com
> <
mailto:dave.cridland@surevine.com>
> skype  dave.cridland.surevine
>
>  <
https://www.surevine.com/assets/img/header-logo.png>
>
> Participate | Collaborate | Innovate
>
> Surevine Limited, registered in England and Wales with number
> 06726289. Mailing Address : PO Box 1136, Guildford GU1 9ND
> If you think you have received this message in error, please notify us.


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]