[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: concerns about 'artifact' object's payload_bin property size limit(<=10MB) of STIX 2.0
OASIS members, ‘artifact’ object defined in current draft version STIX 2.0 has strict size limit of 10MB. If the size of payload_bin of artifact object is greater than 10MB, we MUST provide URL instead of payload_bin. Is there a strong requirement for this? I think we don’t need to say size limit of this payload_bin property of artifact object. In case of providing URL(for example, http://…;..) instead of payload_bin for a large file, the provider(maybe, equipment such as sandbox, IDS/IPS, and so on) MUST run additional web server while listening inbound connection. I think many security vendors do not want this case. This is one of implementation issues. So, I urge it's better that we use SHOULD instead of MUST or no size limit. How do you think about this? — Cheolho Lee Senior Researcher, NSR South Korea
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]