Closed n1ckl0sk0rtge closed 1 year ago
antonpibm
commented
1 year ago That's very much needed!
I think wep should be added
Depending on the scope of the term protocol - cryptographic authentication protocols might also be relevant: kerberos, mqv, mschap, pkcs, pki etc
bhess
commented
1 year ago A comprehensive enum/list of crypto-related protocols would be very long, each one potentially need its own sub-property (like tlsCipherSuites). The above suggestion further adds the protocol sub-versions to the enum (e.g. tls1.0, tls1.1, ...). @n1ckl0sk0rtge would it be sensible to aim for a more compact representation that doesn't affect the schema as much?
n1ckl0sk0rtge
commented
1 year ago Agree! @bhess what about the following schema?
"protocolProperties": {
"type": "object",
"title": "protocol properties",
"description": "Properties for crypto assets of asset type 'protocol'",
"additionalProperties": false,
"properties": {
"type": {
"type": "string",
"title": "type",
"description": "The concrete protocol type",
"enum": [
"tls",
"ssh",
"ipsec",
"ike",
"sstp",
"wpa",
"other",
"unknown"
]
},
"name": {
"type": "string",
"title": "protocol name",
"description": "The common name of the protocol",
"examples": ["TLSv1.3"]
},
"version": {
"type": "string",
"title": "protocol version",
"description": "The version of the protocol",
"examples": ["1.0", "1.2", "1.99"]
}
"tlsCipherSuites": {}, # will be `ciphersuites` #5
"ikev2TransformTypes": {} # removed by #5
}
}
In the current CBOM version the concrete protocol name can only be defined by setting the component name to the protocol name. Since there can be variants in naming a protocol, an additional property should be added to the
protocolPropertiesto define a standardized name for common protocol types.Propose to extend the json schema with the following entity: