impl-info: A link relation type for disclosing implementation information


For debugging, it is often helpful to have information about the implementation of a peer. The present specification defines a link relation type, impl-info, that can be used to convey such information via self-description, such as in the /.well-known/core resource.

When debugging an interoperability problem, it is often helpful to have information about the implementation version of a peer. To enable the disclosure of such information, HTTP defines header fields such as Server and User-Agent [RFC7231].

In CoAP [RFC7252], it is rarely appropriate to send information of this kind in every request or response. Instead, the present specification defines a link relation type, impl-info, that can be used to convey this information via the self-description capabilities of the /.well-known/core resource [RFC6690] and the CoRE resource directory [I-D.ietf-core-resource-directory].

This specification requests the registration of the link relation type impl-info.

The registration template as per [RFC8288] follows.

The security considerations listed in Section 9.6 of [RFC7231] and the sections referenced there apply.

The security considerations listed in Section 11.3 of [RFC7252] apply. As adding another link to /.well-known/core does increase the size of a response to a GET request for that resource, the mitigation mentioned in that section to limit the amplification factor becomes even more important.

Disclosing information about an implementation can make it easier for an attacker to select an attack, or to build automated tools that search for promising victims. Fingerprinting techniques can provide information to attackers that is usable in the same way, so adding information via self-description may or may not actually exacerbate this problem.

The need for implementation information in the CoRE resource directory has been identified by Peter van der Stok. Discussions with Peter and with Christian Amsüss led to the present proposal of employing self-description for this purpose.

