-
Type:
Bug
-
Status: New
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: TAXII Version 2.0 CSPRD01
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:
Technical
-
Proposal:
3.5 Filtering reads in part:
*****
A TAXII Client may request specific content from a TAXII Server by specifying a set of filters included in the request to the server. The match parameter specifies what to include in the response from the TAXII Server. If no match parameter is specified then the TAXII Client is requesting all content be returned for that Endpoint.
*****
That last sentence: "...then the TAXII Client is requesting all content be returned for that Endpoint."
Seems like a recipe for over-loading a TAXII Server. Is there some provision I have yet to encounter where a TAXII Server can regulate its response to an unbounded TAXII client request?
I don't draw much comfort from 8.2.2 HTTPS and Authentication Server Requirements,
*****
7. It MAY restrict access to clients by omitting specific objects, information, or optional fields from any TAXII response.
*****
In part because unless attention is drawn to the threat of unbounded requests, the ability to decline service of requests, ill-defined here, may not exist in all implementations.