I support this list 100% too.
Terry MacDonald
Senior STIX Subject Matter Expert
SOLTRA An FS-ISAC and DTCC Company
+61 (407) 203 206
terry@soltra.com From:
cti-stix@lists.oasis-open.org [mailto:
cti-stix@lists.oasis-open.org]
On Behalf Of Barnum, Sean D.
Sent: Wednesday, 2 December 2015 7:05 AM
To: Jordan, Bret <
bret.jordan@bluecoat.com>;
cti-stix@lists.oasis-open.org Subject: Re: [cti-stix] Timestamps - Proposal
I support this list 100%.
sean
From:
"
cti-stix@lists.oasis-open.org " <
cti-stix@lists.oasis-open.org > on behalf of "Jordan,
Bret" <
bret.jordan@bluecoat.com >
Date: Tuesday, December 1, 2015 at 2:31 PM
To: "
cti-stix@lists.oasis-open.org " <
cti-stix@lists.oasis-open.org >
Subject: [cti-stix] Timestamps - Proposal
All,
In an effort to resolve the endless timestamp debate and come to consensus, Mark, John Wunder, Jason, and I had a lively chat on Slack and have all agreed to give
and take to come to middle ground on the following. We would therefor like to propose the following as an official proposal for timestamps in STIX 2.0. Is everyone okay with this?
1) Timestamps MUST follow RFC 3339 with the following extra requirements
2) Timestamps MUST use the timezone offset
3) Timestamps MUST use the following format yyyy-mm-ddThh:mm:ss.mmmmmm+-hh:mm
4) There will be an optional precision field (timestamp-precision) with the following string values: year, month, day, hour, minute, second. If precision is omitted, the default value of precision is "microsecond"
5) When using the precision field, unknown values MUST be zeroed out
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."