OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] concerns about 'artifact' object's payload_bin property size limit(<=10MB) of STIX 2.0

Given recent discussions on this topic, it seems like the most sensible solution is to just remove the size limit on the data encoded in the payload_bin property of the Artifact Object. Upping the size limit would be arbitrary as before, and others have chimed in that they have had no issues parsing very large blobs of JSON. Therefore, unless there are objections, we will go ahead and remove this size limit for STIX 2.1.

 

Regards,

Ivan

 

From: <cti@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Tuesday, August 29, 2017 at 8:51 AM
To: Jerome Athias <jerome.athias@protonmail.com>
Cc: Cheolho Lee <chlee@nsr.re.kr>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] concerns about 'artifact' object's payload_bin property size limit(<=10MB) of STIX 2.0

 

I don't think this will help.

Even in the future 2049 nirvana where everyone in the world runs IPv6, companies will still have firewalls.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security

Without data, all you are is just another person with an opinion - Unknown




From:        Jerome Athias <jerome.athias@protonmail.com>
To:        Cheolho Lee <chlee@nsr.re.kr>, cti@lists.oasis-open.org
Date:        08/29/2017 11:48 AM
Subject:        Re: [cti] concerns about 'artifact' object's payload_bin property size limit(<=10MB) of STIX 2.0
Sent by:        <cti@lists.oasis-open.org>




Candide question there but is assuming an IPv6 address for each device could be of any help there?
Kindle just ignore if irrelevant  


On Tue, Aug 29, 2017 at 7:31 AM, Cheolho Lee <chlee@nsr.re.kr> wrote:
I think that many client-side security equipments are running behind NATs in organizations. So, it is impossible or very difficult for them to open a listening port for URL connections from outside. -- Maybe, if possible(with port-forwarding of NATs and so on), it will be a degration of security level of organizations. I agree with Trey's opinion in the earlier post. -- additional property for archived type and ordering for multiple archive files for a large file. Regards, Cheolho Lee.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]