Re: [cti] On current TAXII discussions

["Jason Keirstead" <Jason.Keirstead@ca.ibm.com>]

Just because it is mandatory for a TAXII
server to support transporting STIX, does not mean that parsing of STIX
is required to support TAXII paging, or that TAXII can not support other
formats. 

TAXII RC-1 is designed from the very
beginning, and over the past year, to support any format and content, not
just STIX+JSON. The TAXII paging mechanism does not define what an "object"
is, and thus can support any content type, not just STIX+JSON. 

All of this is all made very clear throughout
the spec. 


-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security| www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown




From:      
 Sergey Polzunov <sergey@eclecticiq.com>
To:      
 Jason Keirstead/CanEast/IBM@IBMCA
Cc:      
 Bret Jordan <Bret_Jordan@symantec.com>,
Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>, "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org>
Date:      
 03/14/2017 04:04 AM
Subject:    
   Re: [cti] On
current TAXII discussions
Sent by:    
   <cti@lists.oasis-open.org>

---

Hi Jason,

Hi Jason,

> This is a very important thing that everyone needs to be crystal clear
on, because anything else is just mis-information. TAXII 2 RC-1 is not
bound to STIX 2/ JSON in any way.

If that’s the case, I’m not sure how to understand this:

> 1.4.10​ STIX and Other Content
> TAXII is designed with STIX in mind and support for STIX 2.0 is mandatory
to implement. Other content types are permitted, but specific requirements
for STIX are present throughout the document.

https://docs.google.com/document/d/1eyhS3-fOlRkDB6N39Md6KZbvbCe3CjQlampiZPg-5u4/edit#


Sergey
EclecticIQ

> 
> From:        Bret Jordan <Bret_Jordan@symantec.com>
> To:        Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>,
"cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
> Date:        03/13/2017 02:10 PM
> Subject:        Re: [cti] On current TAXII discussions
> Sent by:        <cti@lists.oasis-open.org>
> 
> 
> 
> Alexandre,
> 
> How then do you paginate STIX objects if not by objects?  You
can not really do it by bytes.  Breaking JSON objects up by bytes
is a disaster waiting to happen.
> 
> Bret
> 
> 
> From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on
behalf of Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
> Sent: Monday, March 13, 2017 10:53:43 AM
> To: cti@lists.oasis-open.org
> Subject: Re: [cti] On current TAXII discussions
>  
> On 12/03/17 13:13, Joep Gommers wrote:
> 
> > Lastly, it’s worthwhile to point out that in the current spec
we require TAXII servers/clients to understand STIX. 
> > STIX is non-trivial and manipulating it (considering its many
features) in this way puts a disproportioned burden
> > on TAXII servers and their implementation. Although less complicated
for IOC-only data, that’s not what TAXII
> > is all about. We would highly recommend making a much cleaner
cut.
> 
> We (as MISP team) strongly support this point. TAXII specification
should be clearly separated from the STIX parsing
> and especially the pagination over object is overkill in the current
proposed specification.
> 
> 
> -- 
> Alexandre Dulaunoy
> CIRCL - Computer Incident Response Center Luxembourg
> 41, avenue de la gare L-1611 Luxembourg
> info@circl.lu - www.circl.lu
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS
at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> 
> 
>