[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Missing MTI - what to do?
A lot of these issues will be done in an implementation. Most of these are not really specification level items. Use case #1: I send a STIX package to a TAXII Collection server. If that TAXII server does not know or understand the extensions you have included in your document, then more then likely they will be lost. You can test for this by submitting something, and then asking for it back. Use case #2: You send a STIX package to a TAXII Collection or a TAXII Channel and you have some Level 2 data markings in the document. You probably do not want them going to people that can not understand them. So there may be a human built policy on the TAXII server to not send these packages or that content to people that can not use them. This would be an implementation level issue. DLP, proxies, layer7 firewalls, NAT devices, content filters, SSL viability devices, and a ton of other things sit in line today and modify content that flows over the wire based on organizational policy. Regardless of wether we like it or not, this will happen. What we want to figure out in the specification is how to guarantee a certain behavior under certain conditions or how to identify and know what is going to happen. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]