Network Working Group C. Bormann Internet-Draft Universität Bremen TZI Intended status: Informational 27 September 2020 Expires: 31 March 2021 impl-info: A link relation type for disclosing implementation information draft-bormann-t2trg-rel-impl-02 Abstract For debugging, it is often helpful to have information about the implementation of a peer. The present specification defines a link relation type, "impl-info", that can be used to convey such information via self-description, such as in the "/.well-known/core" resource. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 31 March 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Bormann Expires 31 March 2021 [Page 1] Internet-Draft The impl-info relation type September 2020 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 2 3. Security considerations . . . . . . . . . . . . . . . . . . . 2 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 3 4.1. Normative References . . . . . . . . . . . . . . . . . . 3 4.2. Informative References . . . . . . . . . . . . . . . . . 3 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 4 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction When debugging an interoperability problem, it is often helpful to have information about the implementation version of a peer. To enable the disclosure of such information, HTTP defines header fields such as Server and User-Agent [RFC7231]. In CoAP [RFC7252], it is rarely appropriate to send information of this kind in every request or response. Instead, the present specification defines a link relation type, "impl-info", that can be used to convey this information via the self-description capabilities of the "/.well-known/core" resource [RFC6690] and the CoRE resource directory [I-D.ietf-core-resource-directory]. 2. IANA Considerations This specification requests the registration of the link relation type "impl-info". The registration template as per [RFC8288] follows. * _Relation Name_: "impl-info" * _Description_: Refers to implementation information that may be helpful in diagnosing technical problems with the implementation of the context, such as lists of components and their implementation versions. * _Reference_: [THIS] 3. Security considerations The security considerations listed in Section 9.6 of [RFC7231] and the sections referenced there apply. Bormann Expires 31 March 2021 [Page 2] Internet-Draft The impl-info relation type September 2020 The security considerations listed in Section 11.3 of [RFC7252] apply. As adding another link to "/.well-known/core" does increase the size of a response to a GET request for that resource, the mitigation mentioned in that section to limit the amplification factor becomes even more important. Disclosing information about an implementation can make it easier for an attacker to select an attack, or to build automated tools that search for promising victims. Fingerprinting techniques can provide information to attackers that is usable in the same way, so adding information via self-description may or may not actually exacerbate this problem. 4. References 4.1. Normative References [RFC8288] Nottingham, M., "Web Linking", RFC 8288, DOI 10.17487/RFC8288, October 2017, . [THIS] Bormann, C., "impl-info: A link relation type for disclosing implementation information", Work in Progress, Internet-Draft, draft-bormann-t2trg-rel-impl-01, 27 March 2020, . 4.2. Informative References [I-D.ietf-core-resource-directory] Shelby, Z., Koster, M., Bormann, C., Stok, P., and C. Amsuess, "CoRE Resource Directory", Work in Progress, Internet-Draft, draft-ietf-core-resource-directory-25, 13 July 2020, . [RFC6690] Shelby, Z., "Constrained RESTful Environments (CoRE) Link Format", RFC 6690, DOI 10.17487/RFC6690, August 2012, . [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI 10.17487/RFC7231, June 2014, . Bormann Expires 31 March 2021 [Page 3] Internet-Draft The impl-info relation type September 2020 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, DOI 10.17487/RFC7252, June 2014, . Acknowledgements The need for implementation information in the CoRE resource directory has been identified by Peter van der Stok. Discussions with Peter and with Christian Amsüss led to the present proposal of employing self-description for this purpose. Author's Address Carsten Bormann Universität Bremen TZI Postfach 330440 D-28359 Bremen Germany Phone: +49-421-218-63921 Email: cabo@tzi.org Bormann Expires 31 March 2021 [Page 4]