The HTTPS Transfer Specification does not define an encoding value for the X-Correlation-ID that is used to convey the OpenC2 request_id.ÂÂ
The OpenC2 Language SpecificationÂ
1) defines request-id as a binary value with a specific maximum size of 128 bits (Section 3.1.2),Â
2) Specifies base64url encoding for binary values.
HTTP headers are strings.Â In the absence of other constraints, the HTTPS Specification should specify base64url encoding for the request-id value carried in the X-Correlation-ID.
My thanks to Dave Kemp for working through this issue with me.
David P. Lemire
Â OpenC2 Technical Committee Secretary
Â OpenC2 Implementation Considerations SC Co-chair
Â Contractor support to NSA
Office: 301-575-5190 / Mobile: 240-938-9350