OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] Re: [cti] TAXII 2.1 WD06: Update and motion to make CSD03 and 2nd Public Review

Bret â The suggested changes I proposed would have been more easily adopted by the SCO work and would not have caused conflict even if the future SCO work would change.


However, the adopted changes in WD6 are explicitly in conflict with the current SCO work and therefore will just cause further discussion and debate on TAXII when that could be avoided.


I donât understand why we are pushing a version of TAXII 2.1 out when the impact of any new version of companies to implement is sufficiently impactful that they are likely to schedule updating to TAXII and STIX at the same time.


Certainly there is no STIXPreferred interoperability for STIX2.0 with TAXII2.1 and unlikely to be anytime soon or ever.


I question the rationale for continued spec work (and taking the TC time to review and public reviews) and push on TAXII 2.1 until we get an updated STIX2.1 spec done *enough* to warrant organizations considering both spec updates at the same time.




From: Bret Jordan <Bret_Jordan@symantec.com>
Date: Thursday, January 24, 2019 at 11:12 AM
To: Allan Thomson <athomson@lookingglasscyber.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [EXT] Re: [cti] TAXII 2.1 WD06: Update and motion to make CSD03 and 2nd Public Review


The suggestions that were not adopted (just to be clear), were the suggestions to address how to deal with the yet to be decided cyber observables not having any timestamp.  The editors felt that it would be best to address that issue, if and when, those cyber observable changes get finalized in STIX. Especially since it is not yet clear if Cyber Observables can exist in such a limited fashion, meaning without at least a created timestamp.


Given how long it may take to move STIX 2.1 through the process, it is believed that it would be best to not hold up TAXII for an undermined amount of time.


If we look at timeframes for STIX, just to keep things in perspective.  


1) Say we get agreement on Cyber Observables, Malware, and Infrastructure in the next 30 days (super aggressive)

1a) That puts us at or around the end of February


2) Then we have some editorial work to prep the documents to be done.  That will take 1 week+

3) Then we do a ballot to approve STIX 2.1 as a CSD.  That will take 2-weeks. 

3a) That puts us at or around the end of March


4) Then per the STIX process, we have 6 months to verify that the new cyber observables, malware, and infrastructure work

4a) That puts us at the end of September, assuming that nothing needs to be changed from the implementations 


5) Then we do another CSD ballot and 30-day public review period

5a) That put us into early November (assuming no changes come in via public review)


So you can see, that if we hold TAXII up for STIX, it could be a LONG time before people can make use of the fixes we have put in to TAXII 2.1.  Which I personally feel is a bad idea. And if STIX cyber observables go through in their current form, we would have plenty of time to release TAXII 2.2 to address any of those changes. Or we could just simply release a simple errata document that says how to treat cyber observables in TAXII 2.1




From: Allan Thomson <athomson@lookingglasscyber.com>
Sent: Thursday, January 24, 2019 11:51:18 AM
To: Bret Jordan; cti@lists.oasis-open.org
Subject: [EXT] Re: [cti] TAXII 2.1 WD06: Update and motion to make CSD03 and 2nd Public Review


Bret â As exchanged over slack several of the comment resolutions are not agreeable to me.


So I object to approving this draft going to public review as it does not reflect unanimous agreement on comment resolution by the TC.




From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Thursday, January 24, 2019 at 10:39 AM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] TAXII 2.1 WD06: Update and motion to make CSD03 and 2nd Public Review




The editors are pleased to announce the release of TAXII 2.1 Working Draft 06. This version has been uploaded to kavi, and the Google Doc version [1] has been locked down to prevent further edits or comments.  


At this time I would like to proceed with moving TAXII 2.1 forward, as such:


I move that the TC approve TAXII 2.1 Working Draft 06 and all associated artifacts packaged together in https://clicktime.symantec.com/3DBZ19rRpmzXnaJkBFR7Z5c7Vc?u=https%3A%2F%2Fwww.oasis-open.org%2Fcommittees%2Fdocument.php%3Fdocument_id%3D64588%26wg_abbrev%3Dcti as a Committee Specification Draft and designate the word version of the specification as authoritative.   


I also move that the TC approve submitting TAXII 2.1 Working Draft 06 contained in https://clicktime.symantec.com/3DBZ19rRpmzXnaJkBFR7Z5c7Vc?u=https%3A%2F%2Fwww.oasis-open.org%2Fcommittees%2Fdocument.php%3Fdocument_id%3D64588%26wg_abbrev%3Dcti for a second 15-day public review. The public review period will begin immediately after the CSD03 ballot has successfully passed and closed.



[1] https://docs.google.com/document/d/1EsiWY7TGqt9yH6QUXv4c-opXSr3wR0TDMt8Q0yJjpoo/edit#heading=h.4do73o99e2l7



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]