[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: OC2 HTTP(no S) Spec
|
Another valid âsecureâ HTTP is where you have your systems behind an appliance (i.e., an F5 LTM/APM/ASM) that proxies/accelerates SSL and uses HTTP to completely isolated back-end infrastructure. This model
greatly improves performance, development, troubleshooting, and monitoring. Patrick Maroney Principal âTechnology Security AT&T Chief Security Office From: openc2-imple@lists.oasis-open.org <openc2-imple@lists.oasis-open.org>
On Behalf Of duncan sfractal.com At the plugfest, I implemented the HTTP version of the HTTPS spec. I think there are valid uses of HTTP (without the S) for OpenC2. They just need to be caveated with the fact that HTTP doesnât provide security.
Note most of the interworking issues at plugfest had nothing to do with OpenC2 and were just plain old HTTPS cert issues. Besides plugfest testing, I can provide valid usecases for HTTP (eg where SPA transport is sufficient for authentication and transmission
privacy is not needed â note this may apply to large number of IoT usecases). I recommend the IC-SC consider creating another transport spec, an âappropriately caveatedâ HTTP spec. Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]