[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] âSignatureâ of STIX Objects
Stephen Russett wrote this message on Fri, Nov 23, 2018 at 10:44 -0800: > Hey all > > I am looking for some experiences working with âsigningâ objects (SDOs, > SROs, Data Marking Definitions, etc). I am looking at using a custom > property, but wanted to get some feedback if others are doing this? > > use case: As bundles are passed around in STIX, There are different > actors/identities that are consuming this information. Has there been > thought on a common standard for signing bundles and each item within a > bundle (in the case where a bundleâs objects were provided by different > actors, but was bundled by someone else). Sorry, I just saw this email. I have already written a proposal on signing, and I wrote the first proposal almost two years ago. Signing data needs to be handled very carefully as if it is not handled properly, you can end up w/ attackers being able to pretend that data was signed when it was not... The latest version of the proposal is at: https://github.com/jmgnc/cti-sep-repository/blob/digitalsig/seps/draft/extensions/x-newcontext-signing-ext/x-newcontext-signing-ext.md It does not support third party signatures yet, but this is relatively easy to write up if needed... After thinking about how versioning works, and interactions w/ TAXII and other items, third party signatures need to be their own SDO, otherwise it introduces complexities into the TAXII server in how to aggregate signatures, where as having an independant object makes it possible.. Though I realized that not being able to add the reference hashes makes this idea more difficult, but not impossible.. Feel free to ask questions if you need more info... -- John-Mark
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]