RFC Errata
Found 2 records.
Status: Verified (2)
RFC 6546, "Transport of Real-time Inter-network Defense (RID) Messages over HTTP/TLS", April 2012
Source of RFC: mile (sec)
Errata ID: 3267
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: John Field
Date Reported: 2012-06-26
Verifier Name: Sean Turner
Date Verified: 2012-06-28
Section 3 says:
In paragraph 4 of section 3, fourth sentence: As RID messages MUST be sent using the POST method, the GET and HEAD methods have no particular meaning on a RID system; a RID system SHOULD answer 'GET /' or 'HEAD /' with 204 No Content.
It should say:
Consistent with RFC 2616 section 10.4.6, a RID system MUST answer any HTTP request to Request-URI of '/' which uses an HTTP method other than 'POST' by producing an HTTP response with a status code of 405 Method Not Allowed. The RID system HTTP response MUST also include an Allow header indicating that only the 'POST' method is supported.
Notes:
There has been a brief discussion of this errata on the MILE list, with the first message in the thread having been posted on June 5, 2012.
The corrected text that I have suggested above has been written as narrowly as possible, and remains consistent with the original functionality described in 6546.
Lacking support for 'GET' means that there is no way to verify if a RID endpoint is active, other than by doing a real request, i.e. a Report, or Query, etc. Thus, one might also consider supporting HEAD, e.g. for RID testing purposes, though that option has not been discussed yet. Note, however, that supporting HEAD potentially raises further issues since according to RFC 2616 the response headers to a HEAD request SHOULD be consistent with a GET, which is specifically not supported.
Errata ID: 3455
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: John Field
Date Reported: 2013-01-14
Verifier Name: Sean Turner
Date Verified: 2013-03-16
Section 3 says:
If a RID system receives an improper RID message in an HTTP Request, it MUST return an appropriate 4xx Client Error result code to the requesting RID system.
It should say:
If a RID system receives an improper HTTP Request, it MUST return an appropriate 4xx Client Error result code to the requesting RID system.
Notes:
There has been some discussion of this issue on the MILE mailing list. Another possible option for the corrected text is to say nothing at all. That is, by changing the specification to focus on an improper HTTP request, rather than an improper RID message, the corrected text is simply a restatement of existing HTTP behavior. (Either way, this still does constitute a technical change since we would no longer be requiring the 400 status code when the error is with the *RID* content). On this technical point, we had consensus on the MILE mailing list: we SHOULD NOT require an HTTP 4xx status code when there is an error with the RID content itself (as opposed to the HTTP layer). HTTP 4xx status is reserved for errors occurring in the HTTP protocol layer. Errors in the RID content will be reported via the RID Acknowledgement message type, with appropriate choices for the RequestStatus element, and Justification attribute.