Re: [alto] I-D Action: draft-ietf-alto-oam-yang-03.txt
Jensen Zhang <jingxuan.n.zhang@gmail.com> Tue, 21 February 2023 14:00 UTC
Return-Path: <jingxuan.n.zhang@gmail.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB749C14F727 for <alto@ietfa.amsl.com>; Tue, 21 Feb 2023 06:00:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NxRqR_H-Ghvc for <alto@ietfa.amsl.com>; Tue, 21 Feb 2023 06:00:10 -0800 (PST)
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30BFDC14CE2F for <alto@ietf.org>; Tue, 21 Feb 2023 06:00:10 -0800 (PST)
Received: by mail-wr1-x431.google.com with SMTP id p8so4665303wrt.12 for <alto@ietf.org>; Tue, 21 Feb 2023 06:00:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JZ7sWTH9nEwx5l0ZmARGPWFmCC5tFBBtKtE0HomSAwY=; b=PZHEKYORgsENrAkxWdp1d+0el/3I/sjn1MXN41LXk93xS1natGujtwixwdGjkrX8l0 KYCIW1Jo/k8fwcCkj0TUebNhh/pS+0V1HLIH7DEKvwBdZJ1JU8P32MRFdUaPpGFSrsyb KE3i6VfpWzWczjSmG1tOnBphTDOFzoz/6cKMC1lJVb3z9G+tm8PG623Tuq3Ra4EGxlOP RKJAaonywBVse51+aDGUc5wHbc2JcmrFuXl6p9GSJACExIVjdXdzP70xGNuXQ1SIdf1+ SXsoH5ByCcHtTYHdPdZyoMMNGqtz7Mj7Y6YoHQjPFW7tNFKPn/Db2vFmX4jTnAlAXFTg VdwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JZ7sWTH9nEwx5l0ZmARGPWFmCC5tFBBtKtE0HomSAwY=; b=geDXZ7Etdf6vF6URGQkNkPpAp4kJ0ZUXihbwIhlSIv8hXvZ4oYIGvr4Se/G0tFn5oY xmfAOpycjew9k4pTc1S/WZdFTSCkPfbc9BVyoNwti+P5Qe07q0oqyX2Ynf5AJfor63Ra ivk7HXQ3WRBu7jmBafxzbLQIH4cRD5TCF7ETeEUawPohYDICnu2+xUwp3roPAhs1treF twdpPCOY1jgpWaOL+QRRoJWPSuZFhub7m6axr1Gx9cGvetV6UPonYgNqInIpHABqaIEx /Vcudw1cOa5yFVvFZs/3RLNxB3GaN3I4n+V6ANr3X4LygrftRCyCkbWSpfaPMkNn4Jgr 2r4w==
X-Gm-Message-State: AO0yUKWnot/AIqCjhh8CmNpNG/FW4Q4j2JKXVFoMg+CtXLa6aqDeTRl3 fSI4boncQ6bGTMZuyzUcPqEYesxcgWPFyqYCb54=
X-Google-Smtp-Source: AK7set+y1N4OTrRXdc223J1Dv/+A4Q+EwgzfTyW/6x5OsNuovxux0BsTMm9khbR+qT0DdcGGd2bSnh6L7tWmqmuzUj4=
X-Received: by 2002:adf:e651:0:b0:2c6:321b:c476 with SMTP id b17-20020adfe651000000b002c6321bc476mr280623wrn.630.1676988008170; Tue, 21 Feb 2023 06:00:08 -0800 (PST)
MIME-Version: 1.0
References: <167608397832.44190.4197134472584262306@ietfa.amsl.com> <CAAbpuyrp6PkQdxqPcKq7Pjd5vwbjGLB6e5PX8VkcLKGLAN8bYA@mail.gmail.com> <75274fa23fd24e4a82bd7e9468829be9@huawei.com>
In-Reply-To: <75274fa23fd24e4a82bd7e9468829be9@huawei.com>
From: Jensen Zhang <jingxuan.n.zhang@gmail.com>
Date: Tue, 21 Feb 2023 21:59:46 +0800
Message-ID: <CAAbpuypZRn2uvu7c7_BrcYZ4TUdAyLrg9Kf9dwQ_creiCRG6mg@mail.gmail.com>
To: "maqiufang (A)" <maqiufang1@huawei.com>
Cc: "alto@ietf.org" <alto@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008508d405f5363283"
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/MO0jMaucFR4aK_hOMlJAMxKt4NE>
Subject: Re: [alto] I-D Action: draft-ietf-alto-oam-yang-03.txt
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2023 14:00:14 -0000
Hi Qiufang, On Fri, Feb 17, 2023 at 5:34 PM maqiufang (A) <maqiufang1@huawei.com> wrote: > Hi, Jensen, all > > > > I have reviewed the new version today, and following are some of my > further comments: > > Regarding sec.5.4.3, I am not sure if the authentication choice is needed. > > A grouping named alto-server-listen-stack-grouping is defined in the > document and uses http-server-parameters and tls-server-parameters grouping > definition, I think the authentication is already specified inside the > grouping (with conformance to sec.8.3.5 in RFC7285. > > If the connection is based on the http, following are some related client > authentication configuration (expended by http-server-parameters grouping): > > | | | +--rw client-authentication! > {client-auth-supported}? > > | | | +--rw users {local-users-supported}? > > | | | +--rw user* [user-id] > > | | | +--rw user-id string > > | | | +--rw (auth-type) > > | | | +--:(basic) > > | | | +--rw basic {basic-auth}? > > | | | +--rw user-id? string > > | | | +--rw password? > ianach:crypt-hash > > If the connection is based on the https, following are some related > authentication configuration (expended by tls-server-parameters grouping): > > | | +--rw client-authentication! > {client-auth-supported}? > > | | | +--rw ca-certs! {client-auth-x509-cert}? > > | | | | +--rw (local-or-truststore) > > | | | | +--:(local) > {local-definitions-supported}? > > | | | | | +--rw local-definition > > | | | | | +--rw certificate* [name] > > | | | | | +--rw > name string > > | | | | | +--rw > cert-data trust-anchor-cert-cms > > | | | | | +---n certificate-expiration > {certificate-expiration-notification}? > > | | | | | +-- expiration-date > yang:date-and-time > > | | | | +--:(truststore) > {central-truststore-supported,certificates}? > > | | | | +--rw truststore-reference? > ts:certificate-bag-ref > > | | | +--rw ee-certs! {client-auth-x509-cert}? > > | | | | +--rw (local-or-truststore) > > | | | | +--:(local) > {local-definitions-supported}? > > | | | | | +--rw local-definition > > | | | | | +--rw certificate* [name] > > | | | | | +--rw > name string > > | | | | | +--rw > cert-data trust-anchor-cert-cms > > | | | | | +---n certificate-expiration > {certificate-expiration-notification}? > > | | | | | +-- expiration-date > yang:date-and-time > > | | | | +--:(truststore) > {central-truststore-supported,certificates}? > > | | | | +--rw truststore-reference? > ts:certificate-bag-ref > > | | | +--rw raw-public-keys! > {client-auth-raw-public-key}? > > | | | | +--rw (local-or-truststore) > > | | | | +--:(local) > {local-definitions-supported}? > > | | | | | +--rw local-definition > > | | | | | +--rw public-key* [name] > > | | | | | +--rw name > string > > | | | | | +--rw public-key-format > identityref > > | | | | | +--rw public-key > binary > > | | | | +--:(truststore) > {central-truststore-supported,public-keys}? > > | | | | +--rw truststore-reference? > ts:public-key-bag-ref > > | | | +--rw tls12-psks? empty > {client-auth-tls12-psk}? > > | | | +--rw tls13-epsks? empty > {client-auth-tls13-epsk}? > > So what are we expecting to define this authentication choice? > Good point. I think we can reuse the client-authentication config. The auth-client list can just provide a binding from the client-id to one of http basic-auth user-id, certificate name, and public key name. It allows a role in the role list to easily reference an authenticated client using client-id. > > > If there is only one client-id leaf needed inside client list, then why > not directly define the client as leaf-list? Or would we like future > extension to the client list definition? > I think leaf-list should be enough. Will change it. > > > BTW. There seems to exist some revision inconsistence warnings: > > libyang warn: File name "ietf-alto-stats@2022-07-11.yang" does not match > module revision "2023-02-10". > > libyang warn: File name "ietf-alto@2022-10-24.yang" does not match module > revision "2023-02-10". > Could it be caused by the local cache? I don't see the warnings reported by the datatracker. Cheers, Jensen > > > Best Regards, > > Qiufang > > > > *From:* alto [mailto:alto-bounces@ietf.org] *On Behalf Of *Jensen Zhang > *Sent:* Friday, February 17, 2023 12:30 AM > *To:* alto@ietf.org > *Subject:* Re: [alto] I-D Action: draft-ietf-alto-oam-yang-03.txt > > > > Hi ALTOers, > > The revision -03 of draft-ietf-alto-oam-yang has been uploaded. In this > new revision, the authors fixed all the YANG syntax issues and made the > following changes based on the discussions in WG: > > - Added the basic data model for ALTO client operation and management > - Added resource-level access control (see discussions [1]) > - Revised data model for reactive mode data source configuration (see [2]) > - Improved and added more examples in the appendix about extending the > data model for real implementation > - Added security considerations > > [1] > https://mailarchive.ietf.org/arch/msg/alto/NX_Y_nvJrNDj6FIVreRbzzo3XNg/ > [2] > https://mailarchive.ietf.org/arch/msg/alto/U2LIc1e8zP4Y6yVLnVo7WSzkJmc/ > > Any comments and feedback are welcomed. > > > > Best regards, > > Jensen > > > > > > On Sat, Feb 11, 2023 at 10:53 AM <internet-drafts@ietf.org> wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Application-Layer Traffic Optimization WG > of the IETF. > > Title : A Yang Data Model for OAM and Management of ALTO > Protocol > Authors : Jingxuan Jensen Zhang > Dhruv Dhody > Kai Gao > Roland Schott > Filename : draft-ietf-alto-oam-yang-03.txt > Pages : 65 > Date : 2023-02-10 > > Abstract: > This document defines a YANG data model for Operations, > Administration, and Maintenance (OAM) & Management of Application- > Layer Traffic Optimization (ALTO) Protocol. The operator can use the > data model to create and update ALTO information resources, manage > the access control, configure server-to-server communication and > server discovery, and collect statistical data. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-alto-oam-yang/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-alto-oam-yang-03.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-alto-oam-yang-03 > > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > _______________________________________________ > alto mailing list > alto@ietf.org > https://www.ietf.org/mailman/listinfo/alto > >
- [alto] I-D Action: draft-ietf-alto-oam-yang-03.txt internet-drafts
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Jensen Zhang
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… maqiufang (A)
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Jensen Zhang
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Jensen Zhang
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… maqiufang (A)
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Sabine Randriamasy (Nokia)
- Re: [alto] I-D Action: draft-ietf-alto-oam-yang-0… Jensen Zhang