On 8 February 2017 at 08:44, Trey Darley <trey@kingfisherops.com> wrote:
On 08.02.2017 02:28:45, Bret Jordan wrote:
>
> The MIME types say that it is STIX content or TAXII content. What
> people are asking for is the ability broadcast the type and version
> of the server / client.
>
Speaking from past experience debugging STIX/TAXII 1.x
interoperability issues, the problem is immeasurably easier when you
can clearly determine from your logs which implementations are
correlated with the issue(s).
As John Wunder pointed out during yesterday's working call, in some
instances (e.g., DISA STIG requirements) you need the ability to
disable this behavior. But in most cases it's helpful to have this
information at hand. QED, TAXII servers and clients SHOULD support
identifying their type and version via the headers but the behavior
MAY be disabled when necessary.
I'd be wary of saying "SHOULD but MAY be disabled"; it makes no sense in RFC 2119 terms. SHOULD implies a MUST which can be broken in rare cases; MAY is truly optional. In both cases this is for interoperability; you want debugging information. The DISA STIGs are not the only cases where implementation information is recommended against, in any case - this seems to be very much a matter of taste.
I would argue that TAXII ought to be silent on this matter - these are HTTP headers, and imposing any additional requirement on them seems a mis-step.
Dave.
-- Dave Cridland
Participate | Collaborate | Innovate
Surevine Limited, registered in England and Wales with number 06726289. Mailing Address : PO Box 1136, Guildford GU1 9ND
If you think you have received this message in error, please notify us.