OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] On current TAXII discussions

Hi Jason,

Hi Jason,

> This is a very important thing that everyone needs to be crystal clear on, because anything else is just mis-information. TAXII 2 RC-1 is not bound to STIX 2/ JSON in any way.

If that’s the case, I’m not sure how to understand this:

> 1.4.10​ STIX and Other Content
> TAXII is designed with STIX in mind and support for STIX 2.0 is mandatory to implement. Other content types are permitted, but specific requirements for STIX are present throughout the document.

https://docs.google.com/document/d/1eyhS3-fOlRkDB6N39Md6KZbvbCe3CjQlampiZPg-5u4/edit#


Sergey
EclecticIQ

> 
> From:        Bret Jordan <Bret_Jordan@symantec.com>
> To:        Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
> Date:        03/13/2017 02:10 PM
> Subject:        Re: [cti] On current TAXII discussions
> Sent by:        <cti@lists.oasis-open.org>
> 
> 
> 
> Alexandre,
> 
> How then do you paginate STIX objects if not by objects?  You can not really do it by bytes.  Breaking JSON objects up by bytes is a disaster waiting to happen.
> 
> Bret
> 
> 
> From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
> Sent: Monday, March 13, 2017 10:53:43 AM
> To: cti@lists.oasis-open.org
> Subject: Re: [cti] On current TAXII discussions
>  
> On 12/03/17 13:13, Joep Gommers wrote:
> 
> > Lastly, it’s worthwhile to point out that in the current spec we require TAXII servers/clients to understand STIX. 
> > STIX is non-trivial and manipulating it (considering its many features) in this way puts a disproportioned burden
> > on TAXII servers and their implementation. Although less complicated for IOC-only data, that’s not what TAXII
> > is all about. We would highly recommend making a much cleaner cut.
> 
> We (as MISP team) strongly support this point. TAXII specification should be clearly separated from the STIX parsing
> and especially the pagination over object is overkill in the current proposed specification.
> 
> 
> -- 
> Alexandre Dulaunoy
> CIRCL - Computer Incident Response Center Luxembourg
> 41, avenue de la gare L-1611 Luxembourg
> info@circl.lu - www.circl.lu
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that 
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> 
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]