[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [EXT] [cti-comment] cti-taxii: Inconsistent examples for Range header in TAXII v2.0 Committee Specification 01
The TAXII v2.0 Committee Specification 01, Section 3.4.1 (Object and Collection Ranges) describes the use of the “items” range unit as conforming to HTTP RFC7233:
The items range unit is defined for expressing subranges of a resource [HTTP 7233].
According to Section 3.1 of the RFC, the range unit should be specified with an equals (=) between the range unit specifier (“items”) and the value set (i.e., “0-999”). However, all examples in the pagination section of the TAXII2 specification use a space between the specifier and value set, as shown below:
GET Request
-----------------
GET .../collections/my-collection/objects/?added_after=2016-02-01T00:00:01.000Z HTTP/1.1
Range: items 0-49
Accept: application/vnd.oasis.stix+json; version=2.0
This appears to have led to inconsistent implementations of TAXII 2.0 servers. For example, the TAXII 2.0 server managed by Anomali (https://clicktime.symantec.com/a/1/x4vnohtfKhx6Y5rEOjla3jH1KVohM_yIOWsVvIOSaUQ=?d=OeIFh44A_P-ge4aB3BVgXUyvYIRxmi-TCjaaPI8f6VV5hupVS8Y1RYSxjtQFqASQRy2fE10gCpwvcbHx2luV7oX2oIYrMqH2UtamhGUoPlpxXV2j0n0-u7VQsOjETfpzG1HFyHkGenxdI0mK5xs9fWORn5XTRHddI11-NV1UiVBzfgWN2PmbcITAUX1cDkWHH1x7MvEe6G9tWd0c-Qo_nLdQZaMtT8L8bSCp8IEiFaTBY9JbrlyfY6hGaexUWz0nYxMCMZG4nw_1n0X_SVakI4X2JlttoBt7fr1KsEBUjW939ej2GJXQsVvipVNxLY5435-GIPE1JFCVI0T4VLyDpiNpwIODybCBwgA98kxCcexYaUNrrn8-ixEMZ0ldFDbdqVtBFobUiRL4LOMEJSLyD_l9ojQeToQnvgZw1IScXbGW9Dt2z9foSUIFy5FXSaR1k5hAhyXu-1v09iUp7Kiy5G1-uJcFo9L58-QZvGymcTCtaWs5FP9TTiqk3tfyriUD6oET_qSOx1NQ-PlW&u=https%3A%2F%2Flimo.anomali.com%2Fapi%2Fv1%2Ftaxii2%2Ffeeds%2Fcollections) only accepts a Range header that has a space between the specifier (i.e., “Range: items 0-999”, which does not conform to the RFC but does match the examples in the TAXII 2.0 specification), whereas the MITRE ATT&CK TAXII 2.0 server (https://clicktime.symantec.com/a/1/5-iXHQ1AF_nTsGXNFhblQEIZHi7YjD4Ff_dJuN8Jnzc=?d=OeIFh44A_P-ge4aB3BVgXUyvYIRxmi-TCjaaPI8f6VV5hupVS8Y1RYSxjtQFqASQRy2fE10gCpwvcbHx2luV7oX2oIYrMqH2UtamhGUoPlpxXV2j0n0-u7VQsOjETfpzG1HFyHkGenxdI0mK5xs9fWORn5XTRHddI11-NV1UiVBzfgWN2PmbcITAUX1cDkWHH1x7MvEe6G9tWd0c-Qo_nLdQZaMtT8L8bSCp8IEiFaTBY9JbrlyfY6hGaexUWz0nYxMCMZG4nw_1n0X_SVakI4X2JlttoBt7fr1KsEBUjW939ej2GJXQsVvipVNxLY5435-GIPE1JFCVI0T4VLyDpiNpwIODybCBwgA98kxCcexYaUNrrn8-ixEMZ0ldFDbdqVtBFobUiRL4LOMEJSLyD_l9ojQeToQnvgZw1IScXbGW9Dt2z9foSUIFy5FXSaR1k5hAhyXu-1v09iUp7Kiy5G1-uJcFo9L58-QZvGymcTCtaWs5FP9TTiqk3tfyriUD6oET_qSOx1NQ-PlW&u=https%3A%2F%2Fcti-taxii.mitre.org%2Fstix%2Fcollections) only accepts a Range header that conforms to the RFC (i.e., “Range: items=0-999”).
Is it possible to update the examples in the TAXII 2.0 specification (and future specification versions) so that they conform to the RFC? This would eliminate the confusion and potential for additional inconsistent implementations going forward.
<image001.jpg>
Michael Daleiden
Lead System Architect
office: (407) 732-7507
mobile: (407) 923-7452email: michael.daleiden@redlambda.com
www.redlambda.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]