OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-users] âSignatureâ of STIX Objects

As we have talked off-line, there are things I like about this proposal and things I do not.

Bret 

Sent from my Commodore 64 

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

On Dec 7, 2018, at 5:44 PM, John-Mark Gurney <jmg@newcontext.com> wrote:

Stephen Russett wrote this message on Fri, Nov 23, 2018 at 10:44 -0800:
Hey all

I am looking for some experiences working with âsigningâ objects (SDOs,
SROs, Data Marking Definitions, etc).  I am looking at using a custom
property, but wanted to get some feedback if others are doing this?

use case: As bundles are passed around in STIX, There are different
actors/identities that are consuming this information.  Has there been
thought on a common standard for signing bundles and each item within a
bundle (in the case where a bundleâs objects were provided by different
actors, but was bundled by someone else).

Sorry, I just saw this email.

I have already written a proposal on signing, and I wrote the first proposal
almost two years ago.

Signing data needs to be handled very carefully as if it is not handled
properly, you can end up w/ attackers being able to pretend that data was
signed when it was not...

The latest version of the proposal is at:
https://github.com/jmgnc/cti-sep-repository/blob/digitalsig/seps/draft/extensions/x-newcontext-signing-ext/x-newcontext-signing-ext.md

It does not support third party signatures yet, but this is relatively
easy to write up if needed...  After thinking about how versioning works,
and interactions w/ TAXII and other items, third party signatures need
to be their own SDO, otherwise it introduces complexities into the TAXII
server in how to aggregate signatures, where as having an independant
object makes it possible..  Though I realized that not being able to
add the reference hashes makes this idea more difficult, but not impossible..

Feel free to ask questions if you need more info...

--
John-Mark

This publicly archived list provides a forum for asking questions,
offering answers, and discussing topics of interest on STIX,
TAXII, and CybOX.  Users and developers of solutions that leverage
STIX, TAXII and CybOX are invited to participate.

In order to verify user consent to OASIS mailing list guidelines
and to minimize spam in the list archive, subscription is required
before posting.

Subscribe: cti-users-subscribe@lists.oasis-open.org
Unsubscribe: cti-users-unsubscribe@lists.oasis-open.org
Post: cti-users@lists.oasis-open.org
List help: cti-users-help@lists.oasis-open.org
List archive: http://lists.oasis-open.org/archives/cti-users/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
CTI Technical Committee: https://www.oasis-open.org/committees/cti/
Join OASIS: http://www.oasis-open.org/join/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]