[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] Open question: Server and User-Agent headers
On 08.02.2017 11:23:27, Dave Cridland wrote: > > I'd be wary of saying "SHOULD but MAY be disabled"; it makes no > sense in RFC 2119 terms. SHOULD implies a MUST which can be broken > in rare cases; MAY is truly optional. In both cases this is for > interoperability; you want debugging information. The DISA STIGs are > not the only cases where implementation information is recommended > against, in any case - this seems to be very much a matter of taste. > > I would argue that TAXII ought to be silent on this matter - these > are HTTP headers, and imposing any additional requirement on them > seems a mis-step. > Taking your point, Dave, I concur that the TAXII specification should be silent on this question. (This appears to be yet another one of those cases where we're conflating normative requirements with implementation details.) Whereas this having this capability configurable in actual tools is incredibly handy, let's ensure that we address this via a recommendation in the implementer's guide. -- Cheers, Trey ++--------------------------------------------------------------------------++ Kingfisher Operations, sprl gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D ++--------------------------------------------------------------------------++ -- "No matter how hard you try, you can't make a baby in much less than 9 months. Trying to speed this up *might* make it slower, but it won't make it happen any quicker." --RFC 1925
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]