[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [EXT] Re: [cti] TAXII 2.1 WD06: Update and motion to make CSD03 and 2nd Public Review
The suggestions that were not adopted (just to be clear), were the suggestions to address how to deal with the yet to be decided cyber observables not having any timestamp. The editors felt that it would be best to address that issue, if and when, those cyber observable changes get finalized in STIX. Especially since it is not yet clear if Cyber Observables can exist in such a limited fashion, meaning without at least a created timestamp.
Given how long it may take to move STIX 2.1 through the process, it is believed that it would be best to not hold up TAXII for an undermined amount of time.
If we look at timeframes for STIX, just to keep things in perspective.
1) Say we get agreement on Cyber Observables, Malware, and Infrastructure in the next 30 days (super aggressive)
1a) That puts us at or around the end of February
2) Then we have some editorial work to prep the documents to be done. That will take 1 week+
3) Then we do a ballot to approve STIX 2.1 as a CSD. That will take 2-weeks.
3a) That puts us at or around the end of March
4) Then per the STIX process, we have 6 months to verify that the new cyber observables, malware, and infrastructure work
4a) That puts us at the end of September, assuming that nothing needs to be changed from the implementations
5) Then we do another CSD ballot and 30-day public review period
5a) That put us into early November (assuming no changes come in via public review)
So you can see, that if we hold TAXII up for STIX, it could be a LONG time before people can make use of the fixes we have put in to TAXII 2.1. Which I personally feel is a bad idea. And if STIX cyber observables go through in their current form, we would have plenty of time to release TAXII 2.2 to address any of those changes. Or we could just simply release a simple errata document that says how to treat cyber observables in TAXII 2.1
From: Allan Thomson <email@example.com>
Sent: Thursday, January 24, 2019 11:51:18 AM
To: Bret Jordan; firstname.lastname@example.org
Subject: [EXT] Re: [cti] TAXII 2.1 WD06: Update and motion to make CSD03 and 2nd Public Review
Bret – As exchanged over slack several of the comment resolutions are not agreeable to me.
So I object to approving this draft going to public review as it does not reflect unanimous agreement on comment resolution by the TC.
The editors are pleased to announce the release of TAXII 2.1 Working Draft 06. This version has been uploaded to kavi, and the Google Doc version  has been locked down to prevent further edits or comments.
At this time I would like to proceed with moving TAXII 2.1 forward, as such:
I move that the TC approve TAXII 2.1 Working Draft 06 and all associated artifacts packaged together in https://clicktime.symantec.com/3DBZ19rRpmzXnaJkBFR7Z5c7Vc?u=https%3A%2F%2Fwww.oasis-open.org%2Fcommittees%2Fdocument.php%3Fdocument_id%3D64588%26wg_abbrev%3Dcti as a Committee Specification Draft and designate the word version of the specification as authoritative.
I also move that the TC approve submitting TAXII 2.1 Working Draft 06 contained in https://clicktime.symantec.com/3DBZ19rRpmzXnaJkBFR7Z5c7Vc?u=https%3A%2F%2Fwww.oasis-open.org%2Fcommittees%2Fdocument.php%3Fdocument_id%3D64588%26wg_abbrev%3Dcti for a second 15-day public review. The public review period will begin immediately after the CSD03 ballot has successfully passed and closed.