[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] "Data Marking" syntaxes
Okay I have kept quite on this topic for a few days, just watching and listening... Now maybe I am overly simplifying things a bit. But it seems to be that there are really only a few things people honestly care about, at least all of the examples so far only point to these things: 1) Can you share this data I am sending to you 2) If you can share it, who else can you share it with 3) If you share it do you need to anonymize it It seems like if we use TLP, we need some sort of magic decoder ring to keep track of what WHITE is, what GREEN is what AMBER is etc... So why not just say: { "share": "public || restricted", "group": "group members if share==restricted", "anonymize": "true || false" } Does this cover the very advanced stuff some group need. No. But with it being JSON, the can just add their own text fields for extra context. Since a human will need to read them anyway. But, does something like this get us 60% or 70%, or 80% there? Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]