OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

openc2 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: HTTPS Path Ambiguity - Resolved, not backward compatible

In today’s working meeting we approved a change to the HTTPS transfer specification that is not backward compatible. While the changes currently only appear in the working copy in GitHub, I anticipate trying to progress an updated HTTPS specification to a CSD for public review at the October TC meeting, so wanted to call people’s attention to the change.


In Issue #108 it was pointed out that the original HTTPS transfer specification is ambiguous regarding any path in the URI used for POSTing OpenC2 commands via HTTPS. The specification does not identify a path, but the examples (and most implementations, from my understanding) used the path “/openc2” (e.g., a command would be POSTed to


Pull request #114 approved today resolves the ambiguity by specifying a path. This change adopts an IETF mechanism documented in RFC 8615 for “well known” URIs, and specifies the path as “/.well-known/openc2” (e.g., the example above would become This change defines a consistent path for POSTing commands via HTTPS but will break existing code.


Work product editors should review any HTTPS examples in their specifications and update accordingly.  Anyone with code to accept OpenC2 messages via HTTPS should be prepared to update their code when this specification is formally published. I would also anticipate this new path would be used at any future plug-fest events for consistency with the evolving specification.



·         Issue 108:  https://github.com/oasis-tcs/openc2-impl-https/issues/108

·         PR 114:  https://github.com/oasis-tcs/openc2-impl-https/pull/114

·         RFC 8615:  https://datatracker.ietf.org/doc/html/rfc8615

·         Working copy of HTTPS Specification: https://github.com/oasis-tcs/openc2-impl-https/blob/working/open-impl-https.md




David Lemire

IA Systems Engineer

Technical Solutions


302 Sentinel Drive | Annapolis Junction, MD 20701

Work (301) 575-5190 | Mobile (240) 938-9350


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]