Re: [EXT] Re: [cti-taxii] Meeting Recap

[Bret Jordan <Bret_Jordan@symantec.com>]

I spoke with John-Mark this past week during Borderless Cyber and he suggested that this would need to be done via the URL parameters so that the requests and responses could be cached.

Bret

---

From: cti-taxii@lists.oasis-open.org <cti-taxii@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Sent: Thursday, September 27, 2018 7:43:27 PM
To: John-Mark Gurney
Cc: cti-taxii@lists.oasis-open.org
Subject: [cti-taxii] Re: [EXT] Re: [cti-taxii] Meeting Recap

 

John-Mark,

If we did this via URL parameters, would this still be a problem?  Is it only a problem with x-headers?  If this is a problem with both options then do we not have this problem already? 

Bret

---

From: John-Mark Gurney <jmg@newcontext.com>
Sent: Thursday, September 27, 2018 4:18:05 PM
To: Bret Jordan
Cc: cti-taxii@lists.oasis-open.org
Subject: [EXT] Re: [cti-taxii] Meeting Recap

 

Bret Jordan wrote this message on Fri, Sep 21, 2018 at 21:45 +0000:
> 3) We need a way of filtering STIX content that will be returned inside the TAXII bundle. Originally we talked about doing this via a URL parameter, but Ron suggested that this would be best done as an X-header.  Either way we would allow a comma separated list of STIX versions or the keyword "all".

This is a bad idea if the end point is a GET (which it appears to be).
This means any caching proxy between (either server or client side)
the client and the server could get confused and cache the wrong content.

If this is used, then we need to make sure that the server sends the
proper `Cache-Control: no-cache, no-store, must-revalidate` header to
ensure that data from one query does not get confused with another one.
Normally authentication negates this, but this could be on a public
TAXII server, and so caching rules could apply.

--
John-Mark