[IntelMQ-dev] IEP04: The choice of the UUID-format

Sebastian Wagner wagner at cert.at
Mon Sep 6 18:59:36 CEST 2021


Dear allies,

The discussion around the IEP04 proposal, adding meta-information to
IntelMQ messages, has stalled over the last months - first because of
the time-intensive IntelMQ 3.0 release preparations and then because of
the vacation season.

Here is the current proposal:
https://github.com/certtools/ieps/tree/main/004#readme

Aaron, Sebastian Waldbauer and myself worked on it over the summer and
also identified two open issues to be discussed:
1. The exact format of the meta-information and how to name and
structure the fields. AIL made the first move and now uses a format
similar to the previously proposed Variant "A". The IEP04 document
contains the current proposal which is in line with the AIL format:
https://github.com/certtools/ieps/tree/main/004#user-content-variant-ail
If there are no other proposals, this will most probably the way to go.
2. The format of the UUID format which we want to uniquely identify
IntelMQ events. We don't necessarily need to use the UUIDv4 format which
represents pure randomness, but also other options which include the
time and are even /time-sortable/. Sebastian Waldbauer analysed a couple
of options and summarised his results in this document:

https://github.com/certtools/ieps/blob/main/004/UUID.md

Please let us know your opinion on the different UUID options.

cheers
Sebastian

-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 676 898 298 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20210906/7cd11efa/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20210906/7cd11efa/attachment.sig>


More information about the IntelMQ-dev mailing list