RFC 6546, "Transport of Real-time Inter-network Defense (RID) Messages over HTTP/TLS", April 2012

Errata ID: 3267
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: John Field
Date Reported: 2012-06-26
Verifier Name: Sean Turner
Date Verified: 2012-06-28

Section 3 says:

In paragraph 4 of section 3, fourth sentence:

   As RID messages MUST be
   sent using the POST method, the GET and HEAD methods have no
   particular meaning on a RID system; a RID system SHOULD answer
   'GET /' or 'HEAD /' with 204 No Content.

It should say:

Consistent with RFC 2616 section 10.4.6, a RID system MUST answer 
any HTTP request to Request-URI of '/' which uses an HTTP method 
other than 'POST' by producing an HTTP response with a status code 
of 405 Method Not Allowed.  The RID system HTTP response MUST also 
include an Allow header indicating that only the 'POST' method is 
supported.

Notes:

There has been a brief discussion of this errata on the MILE list, with the first message in the thread having been posted on June 5, 2012.

The corrected text that I have suggested above has been written as narrowly as possible, and remains consistent with the original functionality described in 6546.

Lacking support for 'GET' means that there is no way to verify if a RID endpoint is active, other than by doing a real request, i.e. a Report, or Query, etc. Thus, one might also consider supporting HEAD, e.g. for RID testing purposes, though that option has not been discussed yet. Note, however, that supporting HEAD potentially raises further issues since according to RFC 2616 the response headers to a HEAD request SHOULD be consistent with a GET, which is specifically not supported.

Report New Errata