RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 7970, "The Incident Object Description Exchange Format Version 2", November 2016

Source of RFC: mile (sec)

Errata ID: 6170
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: François Poirotte
Date Reported: 2020-05-11

Section 3.29.3.1 says:

   The attributes of the BulkObservable class are:

   type
      Optional.  ENUM.  The type of the observable listed in the child
      ObservableList class.  These values are maintained in the
      "BulkObservable-type" IANA registry per Section 10.2.

      1.   asn.  Autonomous System Number (per the Address@category
           attribute).

      2.   atm.  Asynchronous Transfer Mode (ATM) address (per the
           Address@category attribute).

      3.   e-mail.  Email address (per the Address@category attribute).

      4.   ipv4-addr.  IPv4 host address in dotted-decimal notation,
           e.g., 192.0.2.1 (per the Address@category attribute).

      5.   ipv4-net.  IPv4 network address in dotted-decimal notation,
           slash, significant bits, e.g., 192.0.2.0/24 (per the
           Address@category attribute).

      6.   ipv4-net-mask.  IPv4 network address in dotted-decimal
           notation, slash, network mask in dotted-decimal notation,
           i.e., 192.0.2.0/255.255.255.0 (per the Address@category
           attribute).

      7.   ipv6-addr.  IPv6 host address, e.g., 2001:DB8::3 (per the
           Address@category attribute).

      8.   ipv6-net.  IPv6 network address, slash, significant bits,
           e.g., 2001:DB8::/32 (per the Address@category attribute).

      9.   ipv6-net-mask.  IPv6 network address, slash, network mask
           (per the Address@category attribute).

      10.  mac.  Media Access Control (MAC) address, i.e., a:b:c:d:e:f
           (per the Address@category attribute).

      11.  site-uri.  A URL or URI for a resource (per the
           Address@category attribute).

      12.  domain-name.  A fully qualified domain name or part of a name
           (e.g., fqdn.example.com, example.com).

      13.  domain-to-ipv4.  A mapping of FQDN to IPv4 address specified
           as a comma-separated list (e.g., "fqdn.example.com,
           192.0.2.1").

      14.  domain-to-ipv6.  A mapping of FQDN to IPv6 address specified
           as a comma-separated list (e.g., "fqdn.example.com,
           2001:DB8::3").

      15.  domain-to-ipv4-timestamp.  Same as domain-to-ipv4 but with a
           timestamp (in the DATETIME format) of the resolution (e.g.,
           "fqdn.example.com, 192.0.2.1, 2015-06-11T00:38:31-06:00").

      16.  domain-to-ipv6-timestamp.  Same as domain-to-ipv6 but with a
           timestamp (in the DATETIME format) of the resolution (e.g.,
           "fqdn.example.com, 2001:DB8::3, 2015-06-11T00:38:31-06:00").

      17.  ipv4-port.  An IPv4 address, port, and protocol tuple (e.g.,
           192.0.2.1, 80, TCP).  The protocol name corresponds to the
           "Keyword" column in the "Assigned Internet Protocol Numbers"
           registry [IANA.Protocols].

      18.  ipv6-port.  An IPv6 address, port, and protocol tuple (e.g.,
           2001:DB8::3, 80, TCP).  The protocol name corresponds to the
           "Keyword" column in the "Assigned Internet Protocol Numbers"
           registry [IANA.Protocols].

      19.  windows-reg-key.  A Microsoft Windows registry key.

      20.  file-hash.  A file hash.  The format of this hash is
           described in the Hash class that MUST be present in a sibling
           BulkObservableFormat class.

It should say:

   The attributes of the BulkObservable class are:

   type
      Optional.  ENUM.  The type of the observable listed in the child
      ObservableList class.  These values are maintained in the
      "BulkObservable-type" IANA registry per Section 10.2.

      1.   asn.  Autonomous System Number (per the Address@category
           attribute).

      2.   atm.  Asynchronous Transfer Mode (ATM) address (per the
           Address@category attribute).

      3.   e-mail.  Email address (per the Address@category attribute).

      4.   ipv4-addr.  IPv4 host address in dotted-decimal notation,
           e.g., 192.0.2.1 (per the Address@category attribute).

      5.   ipv4-net.  IPv4 network address in dotted-decimal notation,
           slash, significant bits, e.g., 192.0.2.0/24 (per the
           Address@category attribute).

      6.   ipv4-net-mask.  IPv4 network address in dotted-decimal
           notation, slash, network mask in dotted-decimal notation,
           i.e., 192.0.2.0/255.255.255.0 (per the Address@category
           attribute).

      7.   ipv6-addr.  IPv6 host address, e.g., 2001:DB8::3 (per the
           Address@category attribute).

      8.   ipv6-net.  IPv6 network address, slash, significant bits,
           e.g., 2001:DB8::/32 (per the Address@category attribute).

      9.   ipv6-net-mask.  IPv6 network address, slash, network mask
           (per the Address@category attribute).

      10.  mac.  Media Access Control (MAC) address, i.e., a:b:c:d:e:f
           (per the Address@category attribute).

      11.  site-uri.  A URL or URI for a resource (per the
           Address@category attribute).

      12.  domain-name.  A fully qualified domain name or part of a name
           (e.g., fqdn.example.com, example.com).

      13.  domain-to-ipv4.  A mapping of FQDN to IPv4 address specified
           as a comma-separated list (e.g., "fqdn.example.com,
           192.0.2.1").

      14.  domain-to-ipv6.  A mapping of FQDN to IPv6 address specified
           as a comma-separated list (e.g., "fqdn.example.com,
           2001:DB8::3").

      15.  domain-to-ipv4-timestamp.  Same as domain-to-ipv4 but with a
           timestamp (in the DATETIME format) of the resolution (e.g.,
           "fqdn.example.com, 192.0.2.1, 2015-06-11T00:38:31-06:00").

      16.  domain-to-ipv6-timestamp.  Same as domain-to-ipv6 but with a
           timestamp (in the DATETIME format) of the resolution (e.g.,
           "fqdn.example.com, 2001:DB8::3, 2015-06-11T00:38:31-06:00").

      17.  ipv4-port.  An IPv4 address, port, and protocol tuple (e.g.,
           192.0.2.1, 80, TCP).  The protocol name corresponds to the
           "Keyword" column in the "Assigned Internet Protocol Numbers"
           registry [IANA.Protocols].

      18.  ipv6-port.  An IPv6 address, port, and protocol tuple (e.g.,
           2001:DB8::3, 80, TCP).  The protocol name corresponds to the
           "Keyword" column in the "Assigned Internet Protocol Numbers"
           registry [IANA.Protocols].

      19.  windows-reg-key.  A Microsoft Windows registry key.

      20.  file-hash.  A file hash.  The format of this hash is
           described in the Hash class that MUST be present in the child
           BulkObservableFormat class.

Notes:

The description for the "file-hash" type implies that the BulkObservableFormat class (3.29.3.1.1) is a sibling of the BulkObservable class (section 3.29.3.1).

This is simply not the case:
* BulkObservable only appears as an aggregate class of Observable (3.29.3)
* BulkObservableFormat is not one of Observable's aggregate classes

Since the BulkObservable class actually has an aggregate class named BulkObservableFormat, the intent was probably to just use that child class to define the hash's format.

Report New Errata