Dustin, yes, the syntax looks good but how you can apply it to intelmq DHO or you're saying to use it in 'malware.hash.other' key?

From my point of view we should go for:

- malware.hash.md5'

- 'malware.hash.sha1'

- 'malware.hash.sha256'

- 'malware.hash.other' -> using URN syntax

Make sense?

On Thu, Jan 5, 2017 at 9:30 AM, Dustin Demuth <dustin.demuth@intevation.de> wrote:

Hi,

Am Montag 02 Januar 2017 14:43:56 schrieb Pavel Kácha:

> my few cents - in Idea we adopted URN syntax (as hash is basically
> content based resource identifier, so the hash name can denote the
> namespace). Which happens to be the same, just with the colon separator:
>
> sha256:79e18f...
>

IMHO this syntax is a good idea. Thank you Pavel.

Tomás: Do you need more input?

Ideas so far:

* An additional field for sha256
* A convention to store the hash in ".other" like "sha256:79e18..."

BR

Dustin

--
dustin.demuth@intevation.de https://intevation.de/ OpenPGP key: B40D2EFF
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

_______________________________________________
Intelmq-dev mailing list
Intelmq-dev@lists.cert.at
http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev

Tomás Lima , »-« SYNchroACK »-«