[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [openc2-imple] RE: OC2 HTTP(no S) Spec
HII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: dave.lemire@g2-inc.com
Work: 301-575-5190 | Mobile: 240-938-9350
Another valid âsecureâ HTTP is where you have your systems behind an appliance ÂÂ(i.e., an F5 LTM/APM/ASM) that proxies/accelerates SSL and uses HTTP to completely isolated back-end infrastructure. This model greatly improves performance, development, Âtroubleshooting, and monitoring.
Â
Patrick Maroney
Principal âTechnology Security
AT&T Chief Security Office
Â
From: openc2-imple@lists.oasis-open.org <openc2-imple@lists.oasis-open.org> On Behalf Of duncan sfractal.com
Sent: Monday, February 17, 2020 5:18 PM
To: oasis.oc2.icsc <openc2-imple@lists.oasis-open.org>
Subject: [openc2-imple] OC2 HTTP(no S) SpecÂ
At the plugfest, I implemented the HTTP version of the HTTPS spec. I think there are valid uses of HTTP (without the S) for OpenC2. They just need to be caveated with the fact that HTTP doesnât provide security. Note most of the interworking issues at plugfest had nothing to do with OpenC2 and were just plain old HTTPS cert issues. Besides plugfest testing, I can provide valid usecases for HTTP (eg where SPA transport is sufficient for authentication and transmission privacy is not needed â note this may apply to large number of IoT usecases).
Â
I recommend the IC-SC consider creating another transport spec, an âappropriately caveatedâ HTTP spec.
Â
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more atÂhttp://vsre.info/
Â
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]