[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] concerns about 'artifact' object's payload_bin property size limit(<=10MB) of STIX 2.0
On 24.08.2017 05:48:42, Cheolho Lee wrote: > > 'artifact' object defined in current draft version STIX 2.0 has > strict size limit of 10MB. If the size of payload_bin of artifact > object is greater than 10MB, we MUST provide URL instead of > payload_bin. > Hi, Cheolho - The reason for the 10MB limit is that we didn't want to have JSON parsers blowing up due to receiving larger payload_bin inputs than they can handle. The TC looked at the most common JSON parsing libraries (many of which have varying limits on the input size they accept) and established 10MB as a reasonable max size for payload_bin. > > In case of providing URL(for example, http://...) instead of > payload_bin for a large file, the provider(maybe, equipment such as > sandbox, IDS/IPS, and so on) MUST run additional web server while > listening inbound connection. > > I think many security vendors do not want this case. This is one of > implementation issues. > We assumed that most security vendors implementing STIX 2.0 would also be implementing TAXII 2.0 (a web service) and hence making artifact payloads available for authenticated download would be trivial. -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "The whole point of the doomsday machine is lost if you keep it a secret!" --Dr. Strangelove
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]