OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [cti] CybOX Datatype Refactoring/Deprecation


“De-fanged” content is a safety mechanism at the presentation layer, any other “layer” (in-transit, at-rest, etc.) should represent the true data value. Encrypt the transport layer if there are concerns with “live ammo” across a network.

 

 

From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Patrick Maroney
Sent: Wednesday, February 24, 2016 8:57 PM
To: Foley, Alexander - GIS; Terry MacDonald; Allan Thomson
Cc: Jordan, Bret; Jason Keirstead; Paul Patrick; Wunder, John A.; cti@lists.oasis-open.org
Subject: Re: [cti] CybOX Datatype Refactoring/Deprecation

 

re: OK so I must admit I’m getting confused.  Pat, below you’re describing “truth on the wire”, which I think means that content is fanged on the wire.  

 

Apologies if I'm adding confusion.  

 

(1) "De-Fanged" content by our current definition should NOT be allowed.   

 

For example, "http://badguys.com" should be the true value, not  hxxp://badguys.com", "http[:]//badguys.com", "http://badguys[.]com", "http://badguys<dot>]com" or any of the evidently infinite number of variants. 

 

So YES, I'm arguing for the "Truth" (aka "Fanged" value)

 

 

(2) However, in terms of issues caused by processing, detection, and interception  of "Live Ammo", my underlying argument does seem to be drifting toward a hybrid:  "Encoded Truth on the Wire".  Since we are clearly stating that "Human Readability" of the MTI on the wire is not important, then encoding the "Truth" should not impact anything and solves the issues with the detection/interception  of "Live Ammo" on the wire

 

 I'm not prepared to make this argument yet, but here's some examples using Base64:

 

 

"Truth"

 

 

<SNIP>

        {

            "id": "object--2",

            "type": "IPAddress",

            "IPv4": "127.0.0.1"

        },

        {

            "id": "object--3",

            "type": "IPAddress",

            "IPv4": "192.168.1.34"

        }

    <SNIP>

 

 

"Encoded Truth on the Wire" :

 

Option 1: (Base64 Encode Values)

 

<SNIP>

        {

            "id": "object--2",

            "type": "IPAddress",

            "IPv4": "MTI3LjAuMC4x"

        },

        {

            "id": "object--3",

            "type": "IPAddress",

            "IPv4": "MTkyLjE2OC4xLjM0"

        }

  <SNIP>

 

Option 2: (Base64 Encode Entire Block)

 

<SNIP>

IHsNCiAgICAgICAgICAgICJpZCI6ICJvYmplY3QtLTIiLA0KICAgICAgICAgICAgInR5cGUiOiAiSVBBZGRyZXNzIiwNCiAgICAgICAgICAgICJJUHY0IjogIjEyNy4wLjAuMSINCiAgICAgICAgfSwNCiAgICAgICAgew0KICAgICAgICAgICAgImlkIjogIm9iamVjdC0tMyIsDQogICAgICAgICAgICAidHlwZSI6ICJJUEFkZHJlc3MiLA0KICAgICAgICAgICAgIklQdjQiOiAiMTkyLjE2OC4xLjM0Ig0KICAgICAgICB9

<SNIP>

 

Patrick Maroney

Office:  (856)983-0001

Cell:      (609)841-5104

 

 

President

Integrated Networking Technologies, Inc.

PO Box 569

Marlton, NJ 08053

 

 

This e-mail may contain confidential or privileged information. If you think you have received this e-mail in error, please advise the sender by reply e-mail and then delete this e-mail immediately. Thank you. Aetna


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]