OASIS Cyber Threat Intelligence (CTI) TC

  • 1.  Re: [cti] TAXII 2.1 CS Motion

    Posted 01-08-2020 22:14




    I second this motion.
     
    Thanks,
    Justin Stewart
    CTI-TC Interop SC co-chair
     

    From: <cti@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@broadcom.com>
    Date: Wednesday, January 8, 2020 at 12:21 PM
    To: OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
    Subject: [cti] TAXII 2.1 CS Motion


     


    All,

     


    Over the past couple of years the CTI TC has done a lot of work on the TAXII 2.1 specification. During this time the TC has released 10 working drafts, 4 committee specification drafts, and 3 public reviews. The last public review for TAXII
    2.1 was completed in December with no new comments or issues.


     


    I am also pleased to report that all required sponsorship activities for TAXII 2.1 are complete. We now have at least 2 independent implementations of all new features and changes. Further all implementers have reported that the design
    works and it is implementable.


     


    At this time, I believe we are ready to move forward. As such:


     


    I move that the TC approves the CTI Chair(s) and TAXII Subcommittee Chair to request that the TC Administration hold a Special Majority Ballot to approve TAXII 2.1 Working Draft 10 / Committee Specification Draft 04 contained in

    https://www.oasis-open.org/committees/document.php?document_id=66205&wg_abbrev=cti as a Committee Specification.







     


    Thanks,


    Bret






    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050


    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."



















  • 2.  Re: [cti] TAXII 2.1 CS Motion

    Posted 01-08-2020 22:37
    We have made several accomplishments however moving forward with TAXII 2.1 a CS without additional support for TAXII Filtering which has been long requested capability throughout the community and can be accomplished  via a minor spec change would be a disservice to the TC and TAXII community. Looking forward to TAXII 2.1, -Marlon Marlon Taylor Strategy & Resources Cybersecurity and Infrastructure Security Agency Office: 703 235-3614 Cell: 202 603-8541 Email: marlon.taylor@cisa.dhs.gov From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Justin Stewart <jstewart@lookingglasscyber.com> Sent: Wednesday, January 8, 2020 5:14:11 PM To: Bret Jordan <bret.jordan@broadcom.com>; OASIS CTI TC Discussion List <cti@lists.oasis-open.org> Subject: Re: [cti] TAXII 2.1 CS Motion   I second this motion.   Thanks, Justin Stewart CTI-TC Interop SC co-chair   From: <cti@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@broadcom.com> Date: Wednesday, January 8, 2020 at 12:21 PM To: OASIS CTI TC Discussion List <cti@lists.oasis-open.org> Subject: [cti] TAXII 2.1 CS Motion   All,   Over the past couple of years the CTI TC has done a lot of work on the TAXII 2.1 specification. During this time the TC has released 10 working drafts, 4 committee specification drafts, and 3 public reviews. The last public review for TAXII 2.1 was completed in December with no new comments or issues.   I am also pleased to report that all required sponsorship activities for TAXII 2.1 are complete. We now have at least 2 independent implementations of all new features and changes. Further all implementers have reported that the design works and it is implementable.   At this time, I believe we are ready to move forward. As such:   I move that the TC approves the CTI Chair(s) and TAXII Subcommittee Chair to request that the TC Administration hold a Special Majority Ballot to approve TAXII 2.1 Working Draft 10 / Committee Specification Draft 04 contained in https://www.oasis-open.org/committees/document.php?document_id=66205&wg_abbrev=cti as a Committee Specification.   Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."


  • 3.  RE: [cti] TAXII 2.1 CS Motion

    Posted 01-09-2020 19:06
    Hi TC,   I object to this motion, based on the original goal to address several down-selection use-cases within TAXII 2.1 which have proposals ready  for TC evaluation that have not been resolved. The most recent proposal was provided in Dec 2019 and with “suggestion/edit” permissions regranted to TC members can be added for review with the TC documents.   As a member of this TC and member (in an addition to representative of other members) within the STIX/TAXII community, I truly appreciate and value all the work we have contributed to get to this point and anticipate supporting the remaining use-cases needed to increase the success of this TC and the ecosystems that will rely on what we provide.   Looking forward to TAXII 2.1,   -Marlon   From: Taylor, Marlon Sent: Wednesday, January 8, 2020 5:37 PM To: Justin Stewart <jstewart@lookingglasscyber.com>; Bret Jordan <bret.jordan@broadcom.com>; OASIS CTI TC Discussion List <cti@lists.oasis-open.org> Subject: Re: [cti] TAXII 2.1 CS Motion   We have made several accomplishments however moving forward with TAXII 2.1 a CS without additional support for TAXII Filtering which has been long requested capability throughout the community and can be accomplished  via a minor spec change would be a disservice to the TC and TAXII community.   Looking forward to TAXII 2.1,   -Marlon   Marlon Taylor Strategy & Resources Cybersecurity and Infrastructure Security Agency Office: 703 235-3614 Cell: 202 603-8541 Email: marlon.taylor@cisa.dhs.gov From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Justin Stewart <jstewart@lookingglasscyber.com> Sent: Wednesday, January 8, 2020 5:14:11 PM To: Bret Jordan <bret.jordan@broadcom.com>; OASIS CTI TC Discussion List <cti@lists.oasis-open.org> Subject: Re: [cti] TAXII 2.1 CS Motion   I second this motion.   Thanks, Justin Stewart CTI-TC Interop SC co-chair   From: <cti@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@broadcom.com> Date: Wednesday, January 8, 2020 at 12:21 PM To: OASIS CTI TC Discussion List <cti@lists.oasis-open.org> Subject: [cti] TAXII 2.1 CS Motion   All,   Over the past couple of years the CTI TC has done a lot of work on the TAXII 2.1 specification. During this time the TC has released 10 working drafts, 4 committee specification drafts, and 3 public reviews. The last public review for TAXII 2.1 was completed in December with no new comments or issues.   I am also pleased to report that all required sponsorship activities for TAXII 2.1 are complete. We now have at least 2 independent implementations of all new features and changes. Further all implementers have reported that the design works and it is implementable.   At this time, I believe we are ready to move forward. As such:   I move that the TC approves the CTI Chair(s) and TAXII Subcommittee Chair to request that the TC Administration hold a Special Majority Ballot to approve TAXII 2.1 Working Draft 10 / Committee Specification Draft 04 contained in https://www.oasis-open.org/committees/document.php?document_id=66205&wg_abbrev=cti as a Committee Specification.   Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."


  • 4.  Re: [cti] TAXII 2.1 CS Motion

    Posted 01-09-2020 21:11
    Marlon, Thank you for your comments. However, to level set, right now we have three competing ideas / proposals for adding this type of functionality to TAXII and no convergence in sight. In order to get a solution that works for all parties, my best guess is that it would be 5-6 months of work and testing. While I personally would have liked to see this get done 12 months ago, we did not then, nor do we now have consensus in the TC to add anything else to TAXII. What we do have is TC wide consensus to ship TAXII 2.1 as is. Keep in mind we have done 4 CSDs and 3 public reviews, and the TC as a whole is not saying that TAXII 2.1 needs anything else. This is also why I proposed that we work on a solution that we could release as a standalone specification after TAXII 2.1 ships. Maybe call it TAXII 2.1 Query or something like that. To do this we would need to find a solution that works for all parties so we can have TC wide consensus on the solution. If we went this route, then we can release TAXII 2.1 now, release the TAXII 2.1 Query specification whenever it gets done, and then fold that Query specification in to TAXII 2.2 whenever we start that work. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." On Thu, Jan 9, 2020 at 12:06 PM Taylor, Marlon < Marlon.Taylor@cisa.dhs.gov > wrote: Hi TC, I object to this motion, based on the original goal to address several down-selection use-cases within TAXII 2.1 which have proposals ready for TC evaluation that have not been resolved. The most recent proposal was provided in Dec 2019 and with suggestion/edit permissions regranted to TC members can be added for review with the TC documents. As a member of this TC and member (in an addition to representative of other members) within the STIX/TAXII community, I truly appreciate and value all the work we have contributed to get to this point and anticipate supporting the remaining use-cases needed to increase the success of this TC and the ecosystems that will rely on what we provide. Looking forward to TAXII 2.1, -Marlon From: Taylor, Marlon Sent: Wednesday, January 8, 2020 5:37 PM To: Justin Stewart < jstewart@lookingglasscyber.com >; Bret Jordan < bret.jordan@broadcom.com >; OASIS CTI TC Discussion List < cti@lists.oasis-open.org > Subject: Re: [cti] TAXII 2.1 CS Motion We have made several accomplishments however moving forward with TAXII 2.1 a CS without additional support for TAXII Filtering which has been long requested capability throughout the community and can be accomplished via a minor spec change would be a disservice to the TC and TAXII community. Looking forward to TAXII 2.1, -Marlon Marlon Taylor Strategy & Resources Cybersecurity and Infrastructure Security Agency Office: 703 235-3614 Cell: 202 603-8541 Email: marlon.taylor@cisa.dhs.gov From: cti@lists.oasis-open.org < cti@lists.oasis-open.org > on behalf of Justin Stewart < jstewart@lookingglasscyber.com > Sent: Wednesday, January 8, 2020 5:14:11 PM To: Bret Jordan < bret.jordan@broadcom.com >; OASIS CTI TC Discussion List < cti@lists.oasis-open.org > Subject: Re: [cti] TAXII 2.1 CS Motion I second this motion. Thanks, Justin Stewart CTI-TC Interop SC co-chair From: < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@broadcom.com > Date: Wednesday, January 8, 2020 at 12:21 PM To: OASIS CTI TC Discussion List < cti@lists.oasis-open.org > Subject: [cti] TAXII 2.1 CS Motion All, Over the past couple of years the CTI TC has done a lot of work on the TAXII 2.1 specification. During this time the TC has released 10 working drafts, 4 committee specification drafts, and 3 public reviews. The last public review for TAXII 2.1 was completed in December with no new comments or issues. I am also pleased to report that all required sponsorship activities for TAXII 2.1 are complete. We now have at least 2 independent implementations of all new features and changes. Further all implementers have reported that the design works and it is implementable. At this time, I believe we are ready to move forward. As such: I move that the TC approves the CTI Chair(s) and TAXII Subcommittee Chair to request that the TC Administration hold a Special Majority Ballot to approve TAXII 2.1 Working Draft 10 / Committee Specification Draft 04 contained in https://www.oasis-open.org/committees/document.php?document_id=66205&wg_abbrev=cti as a Committee Specification. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."


  • 5.  RE: [cti] TAXII 2.1 CS Motion

    Posted 01-10-2020 14:29




    Hi Bret,
     
    Yes, there have been several proposals submitted to address these concerns however the TC has not evaluated them. The has made great progress while in the others areas and now has the opportunity to refocus on this area. During previous
    meetings including Face-to-Face sessions, the TC agreed to include these use-cases within TAXII 2.1.
     
    While you may see no convergence in sight, TC members are actively at work (providing proposals, software implementations, etc.) to resolve this this concern within TAXII 2.1 so I wouldn t agree there is a TC wide-census to send TAXII 2.1
    as is. It would be an injustice to the TC and TAXII community to move toward as a CS knowing the current situation and not trying to evaluate and resolve them within the TC before going release.
     
    -Marlon
     
     
    From: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
    On Behalf Of Bret Jordan
    Sent: Thursday, January 9, 2020 4:11 PM
    To: Taylor, Marlon <Marlon.Taylor@cisa.dhs.gov>
    Cc: OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
    Subject: Re: [cti] TAXII 2.1 CS Motion
     

    Marlon, 

     


    Thank you for your comments.  However, to level set, right now we have three competing ideas / proposals for adding this type of functionality to TAXII and no convergence in sight. In order to get a solution that works for all parties,
    my best guess is that it would be 5-6 months of work and testing. 


     


    While I personally would have liked to see this get done 12 months ago, we did not then, nor do we now have consensus in the TC to add anything else to TAXII. What we do have is TC wide consensus to ship TAXII 2.1 as is. Keep in mind we
    have done 4 CSDs and 3 public reviews, and the TC as a whole is not saying that TAXII 2.1 needs anything else.


     


    This is also why I proposed that we work on a solution that we could release as a standalone specification after TAXII 2.1 ships.  Maybe call it TAXII 2.1 Query or something like that. To do this we would need to find a solution that works
    for all parties so we can have TC wide consensus on the solution. If we went this route, then we can release TAXII 2.1 now, release the TAXII 2.1 Query specification whenever it gets done, and then fold that Query specification in to TAXII 2.2 whenever we
    start that work. 






     


    Thanks,


    Bret






    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050


    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."











     


     


    On Thu, Jan 9, 2020 at 12:06 PM Taylor, Marlon < Marlon.Taylor@cisa.dhs.gov > wrote:




    Hi TC,
     
    I object to this motion, based on the original goal to address several down-selection use-cases within TAXII 2.1 which have proposals ready  for TC evaluation that have not been
    resolved. The most recent proposal was provided in Dec 2019 and with suggestion/edit permissions regranted to TC members can be added for review with the TC documents.
     
    As a member of this TC and member (in an addition to representative of other members) within the STIX/TAXII community, I truly appreciate and value all the work we have contributed
    to get to this point and anticipate supporting the remaining use-cases needed to increase the success of this TC and the ecosystems that will rely on what we provide.
     
    Looking forward to TAXII 2.1,
     
    -Marlon
     


    From: Taylor, Marlon

    Sent: Wednesday, January 8, 2020 5:37 PM
    To: Justin Stewart < jstewart@lookingglasscyber.com >; Bret Jordan < bret.jordan@broadcom.com >; OASIS CTI TC Discussion List
    < cti@lists.oasis-open.org >
    Subject: Re: [cti] TAXII 2.1 CS Motion


     



    We have made several accomplishments however moving forward with TAXII 2.1 a CS without additional support for TAXII Filtering which has been long requested capability throughout
    the community and can be accomplished  via a minor spec change would be a disservice to the TC and TAXII community.


     


    Looking forward to TAXII 2.1,


     


    -Marlon



     



    Marlon Taylor


    Strategy & Resources


    Cybersecurity and Infrastructure Security Agency



    Office: 703 235-3614 Cell: 202 603-8541 Email:
    marlon.taylor@cisa.dhs.gov







    From:
    cti@lists.oasis-open.org < cti@lists.oasis-open.org > on behalf of Justin Stewart < jstewart@lookingglasscyber.com >
    Sent: Wednesday, January 8, 2020 5:14:11 PM
    To: Bret Jordan < bret.jordan@broadcom.com >; OASIS CTI TC Discussion List < cti@lists.oasis-open.org >
    Subject: Re: [cti] TAXII 2.1 CS Motion

     




    I second this motion.
     
    Thanks,
    Justin Stewart
    CTI-TC Interop SC co-chair
     

    From:
    < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@broadcom.com >
    Date: Wednesday, January 8, 2020 at 12:21 PM
    To: OASIS CTI TC Discussion List < cti@lists.oasis-open.org >
    Subject: [cti] TAXII 2.1 CS Motion


     


    All,

     


    Over the past couple of years the CTI TC has done a lot of work on the TAXII 2.1 specification. During this time the TC has released 10 working drafts, 4 committee specification drafts, and 3 public reviews. The
    last public review for TAXII 2.1 was completed in December with no new comments or issues.


     


    I am also pleased to report that all required sponsorship activities for TAXII 2.1 are complete. We now have at least 2 independent implementations of all new features and changes. Further all implementers have
    reported that the design works and it is implementable.


     


    At this time, I believe we are ready to move forward. As such:


     


    I move that the TC approves the CTI Chair(s) and TAXII Subcommittee Chair to request that the TC Administration hold a Special Majority Ballot to approve TAXII 2.1 Working Draft 10 / Committee Specification Draft
    04 contained in
    https://www.oasis-open.org/committees/document.php?document_id=66205&wg_abbrev=cti as a Committee Specification.







     


    Thanks,


    Bret






    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050


    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."