[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-users] Questions about TAXII 2.1 Envelopes vs. STIX Bundles
This the type of constructive feedback/involvement Iâm talking about! (I actually asked the same question last week and yesterday) Thanks Adam, -Marlon From: cti-users@lists.oasis-open.org <cti-users@lists.oasis-open.org>
On Behalf Of Adam Pearce CAUTION:
This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions
or concerns. All, It appears that TAXII 2.1 Envelopes were introduced in such a way that allows their fields to be backwards compatible with STIX Bundles, so that there is compatibility between TAXII 2.0 and TAXII 2.1 clients. However, there is some ambiguity surrounding the explicitness of the TAXII 2.1 specification. It mentions that
And
If STIX Bundles are TAXII envelopes, then there is no ambiguity. However, there is a slight semantic argument to be made around "is" or "is not". My interpretation would be that Bundles are Envelopes, but Envelopes are not Bundles. Envelopes do not include the required 'type' and 'id' fields
to be interpreted as Bundles. However, an Envelope has only 3 (optional) properties, one of which is 'objects'. So a Bundle could be interpreted as an Envelope. This is further supported by the 'Must Ignore' property of I-JSON for "unrecognized fields" (https://tools.ietf.org/html/rfc7493,
Sec. 4.2). Is this interpretation correct? Furthermore, is allowing a Bundle for the 'Add Objects' API in TAXII 2.1 acceptable? Best regards, Adam Pearce |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]