| Internet-Draft | The impl-info relation type | September 2020 |
| Bormann | Expires 31 March 2021 | [Page] |
For debugging, it is often helpful to have information about the
implementation of a peer. The present specification defines a link
relation type, impl-info, that can be used to convey such information
via self-description, such as in the /.well-known/core resource.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 31 March 2021.¶
Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
When debugging an interoperability problem, it is often helpful to have information about the implementation version of a peer. To enable the disclosure of such information, HTTP defines header fields such as Server and User-Agent [RFC7231].¶
In CoAP [RFC7252], it is rarely appropriate to send information of
this kind in every request or response. Instead, the present
specification defines a link relation type, impl-info, that can be
used to convey this information via the self-description capabilities
of the /.well-known/core resource [RFC6690] and the CoRE
resource directory [I-D.ietf-core-resource-directory].¶
This specification requests the registration of the link relation type
impl-info.¶
The security considerations listed in Section 9.6 of [RFC7231] and the sections referenced there apply.¶
The security considerations listed in Section 11.3 of [RFC7252] apply.
As adding another link to /.well-known/core does increase the size
of a response to a GET request for that resource, the mitigation
mentioned in that section to limit the amplification factor
becomes even more important.¶
Disclosing information about an implementation can make it easier for an attacker to select an attack, or to build automated tools that search for promising victims. Fingerprinting techniques can provide information to attackers that is usable in the same way, so adding information via self-description may or may not actually exacerbate this problem.¶
The need for implementation information in the CoRE resource directory has been identified by Peter van der Stok. Discussions with Peter and with Christian Amsüss led to the present proposal of employing self-description for this purpose.¶