Re: [netconf] Éric Vyncke's No Objection on draft-ietf-netconf-http-client-server-17: (with COMMENT)
Kent Watsen <kent@watsen.net> Mon, 12 February 2024 20:47 UTC
Return-Path: <0100018d9f134418-9a975cd8-69e9-46e2-816c-883f57db817d-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E338BC1519A4; Mon, 12 Feb 2024 12:47:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.904
X-Spam-Level:
X-Spam-Status: No, score=-6.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMyBT5_82gS0; Mon, 12 Feb 2024 12:47:41 -0800 (PST)
Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4877C15199B; Mon, 12 Feb 2024 12:47:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1707770856; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=jT/bxb+5y2NrBuLFsdHMIISARDfA7Rg2/VLk1ezdaF4=; b=G0mpcLvDSQlBRtTY8hKRao5tVH3WGQfGMu320RtX+uxx8RnvJKlxYS/6w07LAuV9 6zDHMI99dcqe+6RppKny3DGo2YlelDpx4I5zaAYVhydakbR6lt15mkzmdE882qggpNK AkXO4NhcFKS2RopzcRAA72m2Vi4v81TS08h8w28k=
From: Kent Watsen <kent@watsen.net>
Message-ID: <0100018d9f134418-9a975cd8-69e9-46e2-816c-883f57db817d-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_27C1F14A-4BE4-4E5A-9332-2FCD4B385FE3"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Date: Mon, 12 Feb 2024 20:47:36 +0000
In-Reply-To: <170775640781.36552.154759888559021641@ietfa.amsl.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-netconf-http-client-server@ietf.org, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
To: Éric Vyncke <evyncke@cisco.com>
References: <170775640781.36552.154759888559021641@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3731.600.7)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.02.12-54.240.8.96
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/TXvV8bm7ejv5BrX0MakxpUL_Di0>
Subject: Re: [netconf] Éric Vyncke's No Objection on draft-ietf-netconf-http-client-server-17: (with COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2024 20:47:44 -0000
Hi Éric, Thank you for your valuable comments. Please find responses below. Kent > On Feb 12, 2024, at 11:46 AM, Éric Vyncke via Datatracker <noreply@ietf.org> wrote: > > Éric Vyncke has entered the following ballot position for > draft-ietf-netconf-http-client-server-17: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-netconf-http-client-server/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > # Éric Vyncke, INT AD, comments for draft-ietf-netconf-http-client-server-17 > > Thank you for the work put into this document. > > Please find below some non-blocking COMMENT points (but replies would be > appreciated even if only for my own education). > > Special thanks to Mahesh Jethanandani for the shepherd's detailed write-up > including the WG consensus and the justification of the intended status. > > I hope that this review helps to improve the document, > > Regards, > > -éric > > # COMMENTS (non-blocking) > > ## What about HTTP3 ? > > Is HTTP/3 (RFC 9114) so different to HTTP1/HTTP2 that it is not included in > this I-D ? > I don’t know. Can you help me understand? Do you know if there are any QUIC-specific configurations: - beyond the basic UDP local/remote/ address/port config? - for either the client or the server? - I guess it has all the TLS stuff… If we were to add QUIC, I think that there would need to be a new document called “draft-ietf-netconf-quic-client-server”. - I would start it by copy/pasting “draft-ietf-netconf-tls-client-server” - since QUIC needs to be configured like TLS. - this sounds like a lot of work... In the meanwhile, I added the following tex to the linked sections: https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server-17#name-the-http-client-stack-group https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server-17#name-the-http-server-stack-group NEW: Other protocols (e.g., QUIC) may be added by future work. https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server-17#name-the-http-client-grouping-gr NEW: The "proxy-connect" node defines support for HTTP 1.1 and HTTP 2.0. Support for other protocols versions, e.g., HTTP/3, MAY be added by future work. Good for now? > ## Section 2.1.2.1 > > Having a module only using basic authentication seems *very* restrictive in > 2024... I would have expected the WG to specify a YANG module supporting other > authentication scheme. I could add “digest”, but doing much more gets complicated and contentious. Actually, an older version of this draft defined many authentication schemes. See the tree diagram here: https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server-00#section-3.1. But there was concern by reviewers that the draft was defining too much. As a result, I removed all of the auth schemes except for “basic” - maybe overkill? From https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server-17#name-the-http-client-identity-gr: The "basic" authentication scheme is the only scheme defined by this module, albeit it must be enabled via the "basic-auth" feature (see Section 2.1.1 <https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server-17#client-features>). Other authentication schemes MAY be augmented in as needed by the application. Thoughts? Thanks again! Kent
- [netconf] Éric Vyncke's No Objection on draft-iet… Éric Vyncke via Datatracker
- Re: [netconf] Éric Vyncke's No Objection on draft… Kent Watsen