Per a post to the TAXII Discussion List [1] by Bret Jordan:
In the TAXII Services Specification section 4.1.1 we do not really give any guidance for Message IDs, other than they should not be removed. I am thinking, based on past experience, and yet to be discovered attacks against TAXII that we should probably say that Message IDs should be 64 bit numbers and should be randomly generated. We may even go as far as to say they should be a UUID.
Would it make sense to have the @message_id and @in_response_to IDs look something like:
message_id="group1.com:status_message-12345678-abcd-efgh-ijkl-123456789012”
in_reponse_to=“example.com:discovery_request-abcdefgh-1234-5678-4321-abcdefghijkl"
traut
commented
9 years ago
Per a post to the TAXII Discussion List [1] by Bret Jordan:
[1] http://making-security-measurable.1364806.n2.nabble.com/TAXII-TAXII-Message-IDs-td7586482.html