CTI TAXII Subcommittee

All, Mark and I have done a lot of cleanup on the TAXII document today and would like to ask you to start reviewing it. There are a few interactions that we need to discuss and would like to talk through them on the Tuesday working call. Further, we would like to schedule an additional call for Thursday the 28th around 1:00 PM EDT.   The link to the TAXII Google Doc can be found here: https://docs.google.com/document/d/1eyhS3-fOlRkDB6N39Md6KZbvbCe3CjQlampiZPg-5u4/edit# Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail

Bret, I can't comment on the Google Doc, so instead you'll have to deal with scrappy notes, sorry! 7.2 - I really like DNS SRV as a mechanism for discovery, but it's not well supported on the web in general, so building a webapp based around SRV records is very hard. There are (or were, last I looked) no _javascript_ API calls one could use in the browsers for SRV lookup, for example. So while I'm not against this - it works very well for, for example, XMPP - it might limit the platforms a TAXII app could be developed upon. 7.3 - There's a "/.well-known/" URI space designed for this kind of discovery - we should use it. RFC 5785 contains the details (and IANA Registry form). 7.4.1 - I'm curious as to why many of these requirements exist. They might make things marginally more convenient, but I don't see why having, for example, percent-encoded characters would cause anything more than irritation. 7.7 - SIte-to-site will benefit from X.509 strong authentication (ie, TLS client certificates). 9.1 - What format is the contact field? URI? Email address? Dave. On 23 July 2016 at 04:24, Jordan, Bret < bret.jordan@bluecoat.com > wrote: All, Mark and I have done a lot of cleanup on the TAXII document today and would like to ask you to start reviewing it. There are a few interactions that we need to discuss and would like to talk through them on the Tuesday working call. Further, we would like to schedule an additional call for Thursday the 28th around 1:00 PM EDT.   The link to the TAXII Google Doc can be found here: https://docs.google.com/document/d/1eyhS3-fOlRkDB6N39Md6KZbvbCe3CjQlampiZPg-5u4/edit# Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."  -- Dave Cridland phone   +448454681066 email   dave.cridland@surevine.com skype   dave.cridland.surevine Participate Collaborate Innovate Surevine Limited, registered in England and Wales with number 06726289. Mailing Address : PO Box 1136, Guildford GU1 9ND If you think you have received this message in error, please notify us.

Thanks for the notes and great feedback.  I also just added you to the TAXII document. Bret From: Dave Cridland <dave.cridland@surevine.com> Sent: Monday, July 25, 2016 4:18:39 AM To: Jordan, Bret Cc: cti-taxii@lists.oasis-open.org Subject: Re: [cti-taxii] TAXII SC Meeting   Bret, I can't comment on the Google Doc, so instead you'll have to deal with scrappy notes, sorry! 7.2 - I really like DNS SRV as a mechanism for discovery, but it's not well supported on the web in general, so building a webapp based around SRV records is very hard. There are (or were, last I looked) no _javascript_ API calls one could use in the browsers for SRV lookup, for example. So while I'm not against this - it works very well for, for example, XMPP - it might limit the platforms a TAXII app could be developed upon. 7.3 - There's a "/.well-known/" URI space designed for this kind of discovery - we should use it. RFC 5785 contains the details (and IANA Registry form). 7.4.1 - I'm curious as to why many of these requirements exist. They might make things marginally more convenient, but I don't see why having, for example, percent-encoded characters would cause anything more than irritation. 7.7 - SIte-to-site will benefit from X.509 strong authentication (ie, TLS client certificates). 9.1 - What format is the contact field? URI? Email address? Dave. On 23 July 2016 at 04:24, Jordan, Bret < bret.jordan@bluecoat.com > wrote: All, Mark and I have done a lot of cleanup on the TAXII document today and would like to ask you to start reviewing it. There are a few interactions that we need to discuss and would like to talk through them on the Tuesday working call. Further, we would like to schedule an additional call for Thursday the 28th around 1:00 PM EDT.   The link to the TAXII Google Doc can be found here: https://docs.google.com/document/d/1eyhS3-fOlRkDB6N39Md6KZbvbCe3CjQlampiZPg-5u4/edit# Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."  -- Dave Cridland phone   +448454681066 email   dave.cridland@surevine.com skype   dave.cridland.surevine Participate Collaborate Innovate Surevine Limited, registered in England and Wales with number 06726289. Mailing Address : PO Box 1136, Guildford GU1 9ND If you think you have received this message in error, please notify us.