RFC 6546, "Transport of Real-time Inter-network Defense (RID) Messages over HTTP/TLS", April 2012Source of RFC: mile (sec)
See Also: RFC 6546w/ inline errata
Errata ID: 3267
Publication Format(s) : TEXT
Reported By: John Field
Date Reported: 2012-06-26
Verifier Name: Sean Turner
Date Verified: 2012-06-28
Section 3 says:
In paragraph 4 of section 3, fourth sentence: As RID messages MUST be sent using the POST method, the GET and HEAD methods have no particular meaning on a RID system; a RID system SHOULD answer 'GET /' or 'HEAD /' with 204 No Content.
It should say:
Consistent with RFC 2616 section 10.4.6, a RID system MUST answer any HTTP request to Request-URI of '/' which uses an HTTP method other than 'POST' by producing an HTTP response with a status code of 405 Method Not Allowed. The RID system HTTP response MUST also include an Allow header indicating that only the 'POST' method is supported.
There has been a brief discussion of this errata on the MILE list, with the first message in the thread having been posted on June 5, 2012.
The corrected text that I have suggested above has been written as narrowly as possible, and remains consistent with the original functionality described in 6546.
Lacking support for 'GET' means that there is no way to verify if a RID endpoint is active, other than by doing a real request, i.e. a Report, or Query, etc. Thus, one might also consider supporting HEAD, e.g. for RID testing purposes, though that option has not been discussed yet. Note, however, that supporting HEAD potentially raises further issues since according to RFC 2616 the response headers to a HEAD request SHOULD be consistent with a GET, which is specifically not supported.