CTI TAXII Subcommittee

 View Only
  • 1.  Backwards compatibility with TAXII 1.1 in discovery

    Posted 10-09-2016 22:00
    Should TAXII 2.0 provide support for advertising TAXII 1.1.1 services via the new TAXII 2.0 Discovery API?  If it should, then we need to try and figure out what that would look like and how that would work.   Personally I question the value of this for an MVP release of TAXII 2.0.  I also question the need of a TAXII 2.0 implementer to advertise services that are running under TAXII 1.1.1...   I am curious to know your thoughts.   Bret


  • 2.  Re: [cti-taxii] Backwards compatibility with TAXII 1.1 in discovery

    Posted 10-10-2016 10:52
    Does anyone use TAXII 1.x? If the answer is No, you have your answer. If the answer is Yes, but only for experimental use, then you have an indication of an answer. If the answer is Yes, then we have to ask if our reputation of ripping out everything you think works right when you start using it will be yet again reinforced, to the point that sensible people will stop hitting their head against the wall and use RID instead. On Oct 9, 2016, at 5:59 PM, Bret Jordan (CS) < Bret_Jordan@symantec.com > wrote: Should TAXII 2.0 provide support for advertising TAXII 1.1.1 services via the new TAXII 2.0 Discovery API?  If it should, then we need to try and figure out what that would look like and how that would work.   Personally I question the value of this for an MVP release of TAXII 2.0.  I also question the need of a TAXII 2.0 implementer to advertise services that are running under TAXII 1.1.1...   I am curious to know your thoughts.   Bret Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail


  • 3.  Re: [cti-taxii] Backwards compatibility with TAXII 1.1 in discovery

    Posted 10-10-2016 11:48
    I think we just support TAXII 2.0. There are already software packages people can use to interact using TAXII 1.x. If someone needs to use TAXII 1.x then it's easiest for everyone if we make that system independent of the TAXII 2.0/STIX 2.0 eco system. The fact is that if someone is interacting with a TAXII 2.0 server, then they will support STIX 2.0, and won't want to access less descriptive STIX 1.x content over a TAXII 1.x connection. There only time someone will need to access TAXII 1.x content is when they don't support TAXII 2/STIX 2, which means they won't need the ability to be redirected to TAXII 1.x during discovery. It's functionality that's not required. It's just simpler to keep TAXII 1.x and TAXII 2.0 fully independent. Cheers Terry MacDonald Cosive On 10 Oct. 2016 23:51, "Eric Burger" < Eric.Burger@georgetown.edu > wrote: Does anyone use TAXII 1.x? If the answer is No, you have your answer. If the answer is Yes, but only for experimental use, then you have an indication of an answer. If the answer is Yes, then we have to ask if our reputation of ripping out everything you think works right when you start using it will be yet again reinforced, to the point that sensible people will stop hitting their head against the wall and use RID instead. On Oct 9, 2016, at 5:59 PM, Bret Jordan (CS) < Bret_Jordan@symantec.com > wrote: Should TAXII 2.0 provide support for advertising TAXII 1.1.1 services via the new TAXII 2.0 Discovery API?  If it should, then we need to try and figure out what that would look like and how that would work.   Personally I question the value of this for an MVP release of TAXII 2.0.  I also question the need of a TAXII 2.0 implementer to advertise services that are running under TAXII 1.1.1...   I am curious to know your thoughts.   Bret


  • 4.  Re: [cti-taxii] Backwards compatibility with TAXII 1.1 in discovery

    Posted 10-10-2016 11:58




    I tend to agree with Terry on keeping them separate
     
     
    Paul Patrick
     
     

    From:
    <cti-taxii@lists.oasis-open.org> on behalf of Terry MacDonald <terry.macdonald@cosive.com>
    Date: Monday, October 10, 2016 at 7:48 AM
    To: Eric Burger <Eric.Burger@georgetown.edu>
    Cc: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
    Subject: Re: [cti-taxii] Backwards compatibility with TAXII 1.1 in discovery


     

    I think we just support TAXII 2.0. There are already software packages people can use to interact using TAXII 1.x. If someone needs to use TAXII 1.x then it's easiest for everyone if we make that system independent of the TAXII 2.0/STIX
    2.0 eco system.
    The fact is that if someone is interacting with a TAXII 2.0 server, then they will support STIX 2.0, and won't want to access less descriptive STIX 1.x content over a TAXII 1.x connection.

    There only time someone will need to access TAXII 1.x content is when they don't support TAXII 2/STIX 2, which means they won't need the ability to be redirected to TAXII 1.x during discovery. It's functionality that's not required.
    It's just simpler to keep TAXII 1.x and TAXII 2.0 fully independent.
    Cheers
    Terry MacDonald
    Cosive

     

    On 10 Oct. 2016 23:51, "Eric Burger" < Eric.Burger@georgetown.edu > wrote:


    Does anyone use TAXII 1.x? If the answer is No, you have your answer. If the answer is Yes, but only for experimental use, then you have an indication of an answer. If the answer is Yes, then we have to ask if our
    reputation of ripping out everything you think works right when you start using it will be yet again reinforced, to the point that sensible people will stop hitting their head against the wall and use RID instead.


     



    On Oct 9, 2016, at 5:59 PM, Bret Jordan (CS) < Bret_Jordan@symantec.com > wrote:

     



    Should TAXII 2.0 provide support for advertising TAXII 1.1.1 services via the new TAXII 2.0 Discovery API?  If it should, then we need to try and figure out what that would look
    like and how that would work.  


     


    Personally I question the value of this for an MVP release of TAXII 2.0.  I also question the need of a TAXII 2.0 implementer to advertise services that are running under TAXII
    1.1.1...  


     


    I am curious to know your thoughts.  


     


    Bret





     






    This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited.
    If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.





  • 5.  Re: [cti-taxii] Backwards compatibility with TAXII 1.1 in discovery

    Posted 10-10-2016 11:52




    Yes, it’s used and its non-experimental.  I can think of both commercial and government entities that are making use of it today.
     
     
    Paul Patrick
     

    From:
    <cti-taxii@lists.oasis-open.org>, Eric Burger <ewb25@georgetown.edu> on behalf of Eric Burger <Eric.Burger@georgetown.edu>
    Date: Monday, October 10, 2016 at 6:51 AM
    To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
    Subject: Re: [cti-taxii] Backwards compatibility with TAXII 1.1 in discovery


     

    Does anyone use TAXII 1.x? If the answer is No, you have your answer. If the answer is Yes, but only for experimental use, then you have an indication of an answer. If the answer is Yes, then we have to ask if our
    reputation of ripping out everything you think works right when you start using it will be yet again reinforced, to the point that sensible people will stop hitting their head against the wall and use RID instead.

     



    On Oct 9, 2016, at 5:59 PM, Bret Jordan (CS) < Bret_Jordan@symantec.com > wrote:

     



    Should TAXII 2.0 provide support for advertising TAXII 1.1.1 services via the new TAXII 2.0 Discovery API?  If it should, then we need to try and figure out what that would look
    like and how that would work.  


     


    Personally I question the value of this for an MVP release of TAXII 2.0.  I also question the need of a TAXII 2.0 implementer to advertise services that are running under TAXII
    1.1.1...  


     


    I am curious to know your thoughts.  


     


    Bret





     


    This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited.
    If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.





  • 6.  RE: [cti-taxii] Backwards compatibility with TAXII 1.1 in discovery

    Posted 10-11-2016 16:41
    First, there are lots of TAXII 1.x servers in operational use today in the private sector, including the major ISAOs/ISACs, here at DHS, and around the globe.   As far as the evolution of STIX from 1.x to 2.0, the community and the marketplace, having embraced the concepts behind STIX 1.x asked loud and clear for substantial changes/improvements.  We, the OASIS CTI TC, have listened to those voices and are in the process of delivering a foundational release – STIX 2.0 – that will serve as a stable platform for the foreseeable future.  Numerous commercial entities are hard at work shaping these new CTI standards because they intend to develop and ship products that implement them.   Nothing to apologize for…     From: cti-taxii@lists.oasis-open.org [mailto:cti-taxii@lists.oasis-open.org] On Behalf Of Paul Patrick Sent: Monday, October 10, 2016 7:52 AM To: Eric Burger; cti-taxii@lists.oasis-open.org Subject: Re: [cti-taxii] Backwards compatibility with TAXII 1.1 in discovery   Yes, it’s used and its non-experimental.  I can think of both commercial and government entities that are making use of it today.     Paul Patrick   From: < cti-taxii@lists.oasis-open.org >, Eric Burger < ewb25@georgetown.edu > on behalf of Eric Burger < Eric.Burger@georgetown.edu > Date: Monday, October 10, 2016 at 6:51 AM To: " cti-taxii@lists.oasis-open.org " < cti-taxii@lists.oasis-open.org > Subject: Re: [cti-taxii] Backwards compatibility with TAXII 1.1 in discovery   Does anyone use TAXII 1.x? If the answer is No, you have your answer. If the answer is Yes, but only for experimental use, then you have an indication of an answer. If the answer is Yes, then we have to ask if our reputation of ripping out everything you think works right when you start using it will be yet again reinforced, to the point that sensible people will stop hitting their head against the wall and use RID instead.   On Oct 9, 2016, at 5:59 PM, Bret Jordan (CS) < Bret_Jordan@symantec.com > wrote:   Should TAXII 2.0 provide support for advertising TAXII 1.1.1 services via the new TAXII 2.0 Discovery API?  If it should, then we need to try and figure out what that would look like and how that would work.     Personally I question the value of this for an MVP release of TAXII 2.0.  I also question the need of a TAXII 2.0 implementer to advertise services that are running under TAXII 1.1.1...     I am curious to know your thoughts.     Bret   This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. Attachment: smime.p7s Description: S/MIME cryptographic signature