[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [EXT] Re: [cti] TAXII 2.1 WD06: Update and motion to make CSD03 and 2nd Public Review
Bret â The suggested changes I proposed would have been more easily adopted by the SCO work and would not have caused conflict even if the future SCO work would change. However, the adopted changes in WD6 are explicitly in conflict with the current SCO work and therefore will just cause further discussion and debate on TAXII when that could be avoided. I donât understand why we are pushing a version of TAXII 2.1 out when the impact of any new version of companies to implement is sufficiently impactful that they are likely to schedule updating to TAXII and STIX at the same time. Certainly there is no STIXPreferred interoperability for STIX2.0 with TAXII2.1 and unlikely to be anytime soon or ever. I question the rationale for continued spec work (and taking the TC time to review and public reviews) and push on TAXII 2.1 until we get an updated STIX2.1 spec done *enough* to warrant organizations considering both spec updates
at the same time. Allan From: Bret Jordan <Bret_Jordan@symantec.com> The suggestions that were not adopted (just to be clear), were the suggestions to address how to deal with the yet to be decided cyber observables not having any timestamp. The editors felt that it would be best
to address that issue, if and when, those cyber observable changes get finalized in STIX. Especially since it is not yet clear if Cyber Observables can exist in such a limited fashion, meaning without at least a created timestamp. Given how long it may take to move STIX 2.1 through the process, it is believed that it would be best to not hold up TAXII for an undermined amount of time. If we look at timeframes for STIX, just to keep things in perspective. 1) Say we get agreement on Cyber Observables, Malware, and Infrastructure in the next 30 days (super aggressive) 1a) That puts us at or around the end of February 2) Then we have some editorial work to prep the documents to be done. That will take 1 week+ 3) Then we do a ballot to approve STIX 2.1 as a CSD. That will take 2-weeks. 3a) That puts us at or around the end of March 4) Then per the STIX process, we have 6 months to verify that the new cyber observables, malware, and infrastructure work 4a) That puts us at the end of September, assuming that nothing needs to be changed from the implementations 5) Then we do another CSD ballot and 30-day public review period 5a) That put us into early November (assuming no changes come in via public review) So you can see, that if we hold TAXII up for STIX, it could be a LONG time before people can make use of the fixes we have put in to TAXII 2.1. Which I personally feel is a bad idea. And if STIX cyber observables
go through in their current form, we would have plenty of time to release TAXII 2.2 to address any of those changes. Or we could just simply release a simple errata document that says how to treat cyber observables in TAXII 2.1 Bret From: Allan Thomson <athomson@lookingglasscyber.com> Bret â As exchanged over slack several of the comment resolutions are not agreeable to me. So I object to approving this draft going to public review as it does not reflect unanimous agreement on comment resolution by the TC. Allan From:
"cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com> All, The editors are pleased to announce the release of TAXII 2.1 Working Draft 06. This version has been uploaded to kavi, and the Google Doc version [1] has been locked down to prevent further edits or comments. At this time I would like to proceed with moving TAXII 2.1 forward, as such: I move that the TC approve TAXII 2.1 Working Draft 06 and all associated artifacts packaged together in https://clicktime.symantec.com/3DBZ19rRpmzXnaJkBFR7Z5c7Vc?u=https%3A%2F%2Fwww.oasis-open.org%2Fcommittees%2Fdocument.php%3Fdocument_id%3D64588%26wg_abbrev%3Dcti
as a Committee Specification Draft and designate the word version of the specification as authoritative. I also move that the TC approve submitting TAXII 2.1 Working Draft 06 contained in https://clicktime.symantec.com/3DBZ19rRpmzXnaJkBFR7Z5c7Vc?u=https%3A%2F%2Fwww.oasis-open.org%2Fcommittees%2Fdocument.php%3Fdocument_id%3D64588%26wg_abbrev%3Dcti
for a second 15-day public review. The public review period will begin immediately after the CSD03 ballot has successfully passed and closed. Bret |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]