OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] On current TAXII discussions

Just because it is mandatory for a TAXII server to support transporting STIX, does not mean that parsing of STIX is required to support TAXII paging, or that TAXII can not support other formats.

TAXII RC-1 is designed from the very beginning, and over the past year, to support any format and content, not just STIX+JSON. The TAXII paging mechanism does not define what an "object" is, and thus can support any content type, not just STIX+JSON.

All of this is all made very clear throughout the spec.

Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security| www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

From:        Sergey Polzunov <sergey@eclecticiq.com>
To:        Jason Keirstead/CanEast/IBM@IBMCA
Cc:        Bret Jordan <Bret_Jordan@symantec.com>, Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date:        03/14/2017 04:04 AM
Subject:        Re: [cti] On current TAXII discussions
Sent by:        <cti@lists.oasis-open.org>

Hi Jason,

Hi Jason,

> This is a very important thing that everyone needs to be crystal clear on, because anything else is just mis-information. TAXII 2 RC-1 is not bound to STIX 2/ JSON in any way.

If that’s the case, I’m not sure how to understand this:

> 1.4.10​ STIX and Other Content
> TAXII is designed with STIX in mind and support for STIX 2.0 is mandatory to implement. Other content types are permitted, but specific requirements for STIX are present throughout the document.



> From:        Bret Jordan <Bret_Jordan@symantec.com>
> To:        Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
> Date:        03/13/2017 02:10 PM
> Subject:        Re: [cti] On current TAXII discussions
> Sent by:        <cti@lists.oasis-open.org>
> Alexandre,
> How then do you paginate STIX objects if not by objects?  You can not really do it by bytes.  Breaking JSON objects up by bytes is a disaster waiting to happen.
> Bret
> From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
> Sent: Monday, March 13, 2017 10:53:43 AM
> To: cti@lists.oasis-open.org
> Subject: Re: [cti] On current TAXII discussions
> On 12/03/17 13:13, Joep Gommers wrote:
> > Lastly, it’s worthwhile to point out that in the current spec we require TAXII servers/clients to understand STIX.
> > STIX is non-trivial and manipulating it (considering its many features) in this way puts a disproportioned burden
> > on TAXII servers and their implementation. Although less complicated for IOC-only data, that’s not what TAXII
> > is all about. We would highly recommend making a much cleaner cut.
> We (as MISP team) strongly support this point. TAXII specification should be clearly separated from the STIX parsing
> and especially the pagination over object is overkill in the current proposed specification.
> --
> Alexandre Dulaunoy
> CIRCL - Computer Incident Response Center Luxembourg
> 41, avenue de la gare L-1611 Luxembourg
> info@circl.lu -
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]