Closed romanojd closed 8 years ago
jmbrule
commented
8 years ago There will be no argument wrt the necessity of message integrity, however there is little value in adding this to the openC2 syntax. ALL of the layers within the OSI stack have integrity mechanisms available, thus openC2 implementors can simpley reference one or more pre-exiting RFC's. Adding this complexity is contrary to openC2 design principles (lightweight, leverage pre-existing standards etc)
rsharo
commented
8 years ago Recommend identifying criteria for transport within the language spec, while explicitly leaving implementation out of the spec.
We should explicitly state that the OpenC2 contains no provisions for anti-tamper and that external provisions are required if comms are to be secure/reliable.
jmbrule
commented
8 years ago I would ike to close this action. Please provide additonal comments by COB 5/23/2016. I will take an action to produce a construct
romanojd
PROBLEM
When used as a command, an actuator must be able to detect possible changes to OpenC2 messages.
POTENTIAL SOLUTION
In many cases, OpenC2 commands can be wrapped in a container that will, among other things, address message integrity. In some cases, it will not be practical to use an external message integrity mechanism. In those instances, we should define an optional extension of the OpenC2 language to address the need to assure the integrity of commands.