cti-comment message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: HTTP headers
- From: Ray Lischner <ray.lischner@uscontractinginc.com>
- To: cti-comment@lists.oasis-open.org
- Date: Fri, 22 Oct 2021 15:38:00 -0400
Section 6.12.2 HTTP Request Extension states that the request_header
property has type dictionary, and type dictionary (section 2.3) requires
keys to be from the restricted character set of ASCII alphanumeric,
hyphen, or underscore. This poses a problem for HTTP headers that have
names outside of this character set. Although the standard headers
conform to the restricted character set, custom headers may not.
Preserving original the header names of malware traffics is critical for
reporting and detecting the malware. (For one example, see
https://community.rsa.com/t5/netwitness-discussions/plugx-apt-malware/td-p/460307,
and the header name "ASH-1.0".)
What is the recommended practice for preserving the header names while
conforming to the standard?
--
Ray Lischner
U.S. Contracting
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]