OASIS Cyber Threat Intelligence (CTI) TC

 View Only
  • 1.  Re: [cti] versioning

    Posted 02-15-2016 18:06
    These are very good points Jason.  And I think, while we are not yet there, at some point we will be digitally signing these objects.  When we go down that path, only the original producer will be able to sign the document.  This means, that 3rd party revisions, will break the signature.   Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   On Feb 15, 2016, at 06:29, Jason Keirstead < Jason.Keirstead@ca.ibm.com > wrote: Question - who is allowed to revision an object? Can only the originator revision, or can anyone? I presume that many people assume that only the originator can revision an object - if that is so we should call this out explicitly. The current STIX versioning description ( http://stixproject.github.io/documentation/concepts/versioning/ ) implies that anyone can version an object so long as it is sufficiently unchanged . I think that will lead to a lot of confusion if anyone can revision an object. On the other hand, if we want to get to the world of widespread object re-use and non-duplication, then third parties have to be able to revision objects. But what if I want to be the authoritative source? Should there be an attribute like versioning_allowed ? I am just spitballing. - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown <graycol.gif> Patrick Maroney ---02/11/2016 11:10:17 PM---Although I suspect I'm banned from using the term Timestamp for at least a year ;-) ...Here's an int From: Patrick Maroney < Pmaroney@Specere.org > To: Jordan, Bret < bret.jordan@bluecoat.com >, cti@lists.oasis-open.org < cti@lists.oasis-open.org > Date: 02/11/2016 11:10 PM Subject: Re: [cti] versioning Sent by: < cti@lists.oasis-open.org > Although I suspect I'm banned from using the term Timestamp for at least a year ;-) ...Here's an interesting concept to consider: {from:1388534400000,to:9223372036854775807} http://iansrobinson.com/2014/05/13/time-based-versioned-graphs/ Note: Ian Robison uses uses epoch time in this example, so that may buy me some cover ;-) Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 <0C160672.gif> President Integrated Networking Technologies, Inc. PO Box 569 Marlton, NJ 08053 From: cti@lists.oasis-open.org < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com > Date: Thursday, February 11, 2016 at 7:48 PM To: cti@lists.oasis-open.org < cti@lists.oasis-open.org > Subject: [cti] versioning What would people think about a versioning concept where each TLO had a serial_number field that was of type integer. And every object that gets created by a producer will start with serial_number 1 . Then as they update the TLO, the producer will just incase the serial_number. I want to get the discussion started as I know some have very strong opinions on how it should work. But I also think, that with some good back and forth dialog, and some coming to middle ground we could solve this pretty quickly. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg. Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail