Re: [alto] I-D Action: draft-ietf-alto-oam-yang-03.txt
"maqiufang (A)" <maqiufang1@huawei.com> Fri, 17 February 2023 09:34 UTC
Return-Path: <maqiufang1@huawei.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ACA4C14CE55 for <alto@ietfa.amsl.com>; Fri, 17 Feb 2023 01:34:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DDidmp0Ke-DK for <alto@ietfa.amsl.com>; Fri, 17 Feb 2023 01:34:46 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60B84C14CE4C for <alto@ietf.org>; Fri, 17 Feb 2023 01:34:45 -0800 (PST)
Received: from lhrpeml500006.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4PJ63l4Slfz687Ml for <alto@ietf.org>; Fri, 17 Feb 2023 17:30:11 +0800 (CST)
Received: from kwepemm600018.china.huawei.com (7.193.23.140) by lhrpeml500006.china.huawei.com (7.191.161.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.17; Fri, 17 Feb 2023 09:34:41 +0000
Received: from kwepemm600017.china.huawei.com (7.193.23.234) by kwepemm600018.china.huawei.com (7.193.23.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.17; Fri, 17 Feb 2023 17:34:39 +0800
Received: from kwepemm600017.china.huawei.com ([7.193.23.234]) by kwepemm600017.china.huawei.com ([7.193.23.234]) with mapi id 15.01.2507.017; Fri, 17 Feb 2023 17:34:39 +0800
From: "maqiufang (A)" <maqiufang1@huawei.com>
To: Jensen Zhang <jingxuan.n.zhang@gmail.com>, "alto@ietf.org" <alto@ietf.org>
Thread-Topic: [alto] I-D Action: draft-ietf-alto-oam-yang-03.txt
Thread-Index: AQHZPcQV539TrDhItkeP9sFShes5Ma7RRjQAgAGL3+A=
Date: Fri, 17 Feb 2023 09:34:39 +0000
Message-ID: <75274fa23fd24e4a82bd7e9468829be9@huawei.com>
References: <167608397832.44190.4197134472584262306@ietfa.amsl.com> <CAAbpuyrp6PkQdxqPcKq7Pjd5vwbjGLB6e5PX8VkcLKGLAN8bYA@mail.gmail.com>
In-Reply-To: <CAAbpuyrp6PkQdxqPcKq7Pjd5vwbjGLB6e5PX8VkcLKGLAN8bYA@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.100.87]
Content-Type: multipart/alternative; boundary="_000_75274fa23fd24e4a82bd7e9468829be9huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/98ZQMFgrTrLnx7MsLakPFINv0U0>
Subject: Re: [alto] I-D Action: draft-ietf-alto-oam-yang-03.txt
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2023 09:34:50 -0000
Hi, Jensen, all
I have reviewed the new version today, and following are some of my further comments:
Regarding sec.5.4.3, I am not sure if the authentication choice is needed.
A grouping named alto-server-listen-stack-grouping is defined in the document and uses http-server-parameters and tls-server-parameters grouping definition, I think the authentication is already specified inside the grouping (with conformance to sec.8.3.5 in RFC7285.
If the connection is based on the http, following are some related client authentication configuration (expended by http-server-parameters grouping):
| | | +--rw client-authentication! {client-auth-supported}?
| | | +--rw users {local-users-supported}?
| | | +--rw user* [user-id]
| | | +--rw user-id string
| | | +--rw (auth-type)
| | | +--:(basic)
| | | +--rw basic {basic-auth}?
| | | +--rw user-id? string
| | | +--rw password? ianach:crypt-hash
If the connection is based on the https, following are some related authentication configuration (expended by tls-server-parameters grouping):
| | +--rw client-authentication! {client-auth-supported}?
| | | +--rw ca-certs! {client-auth-x509-cert}?
| | | | +--rw (local-or-truststore)
| | | | +--:(local) {local-definitions-supported}?
| | | | | +--rw local-definition
| | | | | +--rw certificate* [name]
| | | | | +--rw name string
| | | | | +--rw cert-data trust-anchor-cert-cms
| | | | | +---n certificate-expiration {certificate-expiration-notification}?
| | | | | +-- expiration-date yang:date-and-time
| | | | +--:(truststore) {central-truststore-supported,certificates}?
| | | | +--rw truststore-reference? ts:certificate-bag-ref
| | | +--rw ee-certs! {client-auth-x509-cert}?
| | | | +--rw (local-or-truststore)
| | | | +--:(local) {local-definitions-supported}?
| | | | | +--rw local-definition
| | | | | +--rw certificate* [name]
| | | | | +--rw name string
| | | | | +--rw cert-data trust-anchor-cert-cms
| | | | | +---n certificate-expiration {certificate-expiration-notification}?
| | | | | +-- expiration-date yang:date-and-time
| | | | +--:(truststore) {central-truststore-supported,certificates}?
| | | | +--rw truststore-reference? ts:certificate-bag-ref
| | | +--rw raw-public-keys! {client-auth-raw-public-key}?
| | | | +--rw (local-or-truststore)
| | | | +--:(local) {local-definitions-supported}?
| | | | | +--rw local-definition
| | | | | +--rw public-key* [name]
| | | | | +--rw name string
| | | | | +--rw public-key-format identityref
| | | | | +--rw public-key binary
| | | | +--:(truststore) {central-truststore-supported,public-keys}?
| | | | +--rw truststore-reference? ts:public-key-bag-ref
| | | +--rw tls12-psks? empty {client-auth-tls12-psk}?
| | | +--rw tls13-epsks? empty {client-auth-tls13-epsk}?
So what are we expecting to define this authentication choice?
If there is only one client-id leaf needed inside client list, then why not directly define the client as leaf-list? Or would we like future extension to the client list definition?
BTW. There seems to exist some revision inconsistence warnings:
libyang warn: File name "ietf-alto-stats@2022-07-11.yang" does not match module revision "2023-02-10".
libyang warn: File name "ietf-alto@2022-10-24.yang" does not match module revision "2023-02-10".
Best Regards,
Qiufang
From: alto [mailto:alto-bounces@ietf.org] On Behalf Of Jensen Zhang
Sent: Friday, February 17, 2023 12:30 AM
To: alto@ietf.org
Subject: Re: [alto] I-D Action: draft-ietf-alto-oam-yang-03.txt
Hi ALTOers,
The revision -03 of draft-ietf-alto-oam-yang has been uploaded. In this new revision, the authors fixed all the YANG syntax issues and made the following changes based on the discussions in WG:
- Added the basic data model for ALTO client operation and management
- Added resource-level access control (see discussions [1])
- Revised data model for reactive mode data source configuration (see [2])
- Improved and added more examples in the appendix about extending the data model for real implementation
- Added security considerations
[1] https://mailarchive.ietf.org/arch/msg/alto/NX_Y_nvJrNDj6FIVreRbzzo3XNg/
[2] https://mailarchive.ietf.org/arch/msg/alto/U2LIc1e8zP4Y6yVLnVo7WSzkJmc/
Any comments and feedback are welcomed.
Best regards,
Jensen
On Sat, Feb 11, 2023 at 10:53 AM <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Application-Layer Traffic Optimization WG of the IETF.
Title : A Yang Data Model for OAM and Management of ALTO Protocol
Authors : Jingxuan Jensen Zhang
Dhruv Dhody
Kai Gao
Roland Schott
Filename : draft-ietf-alto-oam-yang-03.txt
Pages : 65
Date : 2023-02-10
Abstract:
This document defines a YANG data model for Operations,
Administration, and Maintenance (OAM) & Management of Application-
Layer Traffic Optimization (ALTO) Protocol. The operator can use the
data model to create and update ALTO information resources, manage
the access control, configure server-to-server communication and
server discovery, and collect statistical data.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-alto-oam-yang/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-alto-oam-yang-03.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-alto-oam-yang-03
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
_______________________________________________
alto mailing list
alto@ietf.org<mailto:alto@ietf.org>
https://www.ietf.org/mailman/listinfo/alto
- [alto] I-D Action: draft-ietf-alto-oam-yang-03.txt internet-drafts
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Jensen Zhang
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… maqiufang (A)
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Jensen Zhang
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Jensen Zhang
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… maqiufang (A)
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Sabine Randriamasy (Nokia)
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Jensen Zhang