OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: STIX 2.0 specification - comment about 4.2 Custom Top Level Objects

Hi All,

We did a quick review of 4.2 Custom Top Level Objects and especially with the idea
to implement a MISP custom TLO. We saw some small inconsistencies in the section.

In 4.2.1 in the required common property is "revision" but the example in 4.2.2 there
is no property "revision" but a "version" property. In this scope, what is the exact
meaning of the version? is this the format version of the custom TLO? If this is "version"
like defined in 6.1 TLO common properties, the example is fine but "revision" should
be "replaced"in 4.2.1.

In 4.2.1 type field SHOULD start with an "x_" to avoid any collision with future version
of STIX but it could be better to have a MUST if there is no registered name for custom
object and ensuring a public repository (IANA-like) for the custom object name. I'm not sure
if there is a structure within OASIS to keep track of assignment within a specific standard.

Are all TLO common properties applicable to custom TLO? If yes, it might be useful to
state it in the document.

I hope this helps.

Thank you very much.

Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
info@circl.lu - www.circl.lu

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]