IETF Logo Mail Archive

[netconf] Re: Francesca Palombini's Discuss on draft-ietf-netconf-http-client-server-23: (with DISCUSS)

Kent Watsen <kent+ietf@watsen.net> Tue, 20 August 2024 20:11 UTC

Return-Path: <01000191716a91f5-134569c8-7097-4beb-a83c-1e533c72cb92-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97ACCC151543; Tue, 20 Aug 2024 13:11:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hjo2Tk5se7pU; Tue, 20 Aug 2024 13:11:36 -0700 (PDT)
Received: from a8-33.smtp-out.amazonses.com (a8-33.smtp-out.amazonses.com [54.240.8.33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 507E7C151083; Tue, 20 Aug 2024 13:11:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1724184695; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=jEl3ubnxFYak33bQaNXeU+CbgIRy8Ft78eLkj1+/FYs=; b=AhwJQS1dvCSb55QP1JYEFzIAdK3lVnJ2eJjka6HaoE/xeSoaiInHK/EyLOdaHcEB CZCpfCs+49+iLJaSWfLXTltrM7Xnu594o/6SGY/nlLcT6Fr6sIok6TvzrJetgcFa5a1 HyTyB46HyZIReJ8x0uzgNLJ8CC0sLzN5asiVuTbc=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <01000191716a91f5-134569c8-7097-4beb-a83c-1e533c72cb92-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C227CA46-DE8A-46B4-A9A5-F20A8E2076AE"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Date: Tue, 20 Aug 2024 20:11:35 +0000
In-Reply-To: <172416794310.2072814.8838102958915521258@dt-datatracker-6df4c9dcf5-t2x2k>
To: Francesca Palombini <francesca.palombini@ericsson.com>, Mark Nottingham <mnot@mnot.net>
References: <172416794310.2072814.8838102958915521258@dt-datatracker-6df4c9dcf5-t2x2k>
X-Mailer: Apple Mail (2.3774.400.31)
Feedback-ID: ::1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.08.20-54.240.8.33
Message-ID-Hash: JDU6ATY3ARAJ3U5ISAZ2O6XOKVTSUR73
X-Message-ID-Hash: JDU6ATY3ARAJ3U5ISAZ2O6XOKVTSUR73
X-MailFrom: 01000191716a91f5-134569c8-7097-4beb-a83c-1e533c72cb92-000000@amazonses.watsen.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netconf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-netconf-http-client-server@ietf.org, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netconf] Re: Francesca Palombini's Discuss on draft-ietf-netconf-http-client-server-23: (with DISCUSS)
List-Id: NETCONF WG list <netconf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/VfHfqyIishEXWaJrWna7wwCLHYg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Owner: <mailto:netconf-owner@ietf.org>
List-Post: <mailto:netconf@ietf.org>
List-Subscribe: <mailto:netconf-join@ietf.org>
List-Unsubscribe: <mailto:netconf-leave@ietf.org>

[moving Mark to the To line]


Hi Francesca,

Thank you for pointing me to Mark’s HTTPDIR review.  I see that his message was sent to the NETCONF alias but, for some reason I didn’t receive it.   In any case, please see below.


> On Aug 20, 2024, at 11:32 AM, Francesca Palombini via Datatracker <noreply@ietf.org> wrote:
> 
> Francesca Palombini has entered the following ballot position for
> draft-ietf-netconf-http-client-server-23: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-netconf-http-client-server/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Thank you for the work on this document.
> 
> Many thanks to Mark Nottingham for his HTTPDIR review:
> https://mailarchive.ietf.org/arch/msg/netconf/ZB0rAH2qZMF81THzvnDp7WI7eqM/
> 
> Mark brings up valid points about clients' HTTP configuration, as well as
> support for future HTTP versions (for the server) - I'd like to see Mark's
> concerns addressed before the document move forwards.
> 
> Review copied for convenience:

Thank you for copying Mark’s HTTPDIR review.  I will respond below.


> review-ietf-netconf-http-client-server-23-httpdir-telechat-nottingham-2024-08-19-00
> 

Hi Mark,

Thanks for your review!
Please see below for responses to your comments.

Kent


>> My recollection of our most recent discussions of this draft were that it
>> _might_ make sense to allow configuration of what version(s) of HTTP a server
>> supports, but not a client. Since -17, it appears the opposite has been done:
>> while server configuration remains the same, client configuration now allows
>> enumeration of supported versions.

The two cases are covered below:

1) Regarding configuring allowed HTTP-versions for a *client*

I don’t recall this being discussed before.  I apologize if it is an overbite on my part.  Looking at the document’s history, the version discussed in Brisbane didn’t have any ability to configure a client to specific HTTP-versions, hence why it suspect it wasn’t discussed...

In any case, two comments were received since Brisbane by WG members stating that it should be possible to configure a client to use only specific HTTP-versions, hence why it was added.  Is it wrong or bad to restrict a client to specific versions?  

Note that `curl` has params such as "--http1.1”, "--http2”, "--http3", and "—http3-only”...

Please advise.


2) Regarding configuring allowed HTTP-versions for a *server*

Firstly note that the diff shows that it is unchanged from before.  But what is it, you ask?  The current version defines a YANG grouping called "http-server-stack-grouping” (seen in Section 3.1.2.2) that intends to support the configuration of:

	- http over tcp
	- http over tls
	- http over quic

Technically, these are loosely connected to, but do not map exactly to HTTP versions.  If looking closely at it, you will notice “choice transport”, which means that only one of the three above (or any new ones added by other YANG modules in the future) can be defined at a time. 

But, of course, the intent is that a higher-level YANG module (such as the one defined in the restconf-client-server draft) will enable more than more to be configured.  For instance, for a HTTP/3 server, there would might be:

	- one "http over tls” (i.e., tcp/443) configuration stack
		- to present the Alt-Svc record to bounce the client to, e.g., udp/443
	- one “http over quic” (e.g., udp/443) configuration stack
		- to serve the HTTP requests

Makes sense?


>> Additionally, support is indicated by using separate, version-specific
>> indicators. This is a closed list and does not accommodate future versions of
>> the protocol. Can this be an array of strings instead? That would also allow
> us > to avoid the awkward phrasing in the introduction, which leads readers to
>> believe the set of HTTP versions is closed (counter to BCP56).


The "protocol-versions” leaf is not a closed list.  The leaf uses the YANG “bits” statement that, according to RFC 7950, section 11:

	o  A "bits" type may have new bits added

In configuration, the “bits” type is an array of strings.  For example, following is in an example in the draft:

	<protocol-versions>http-11 http-2 http-3</protocol-versions>

All good?


Thanks again!
Kent

v2.37.1 | Report a Bug | By Email | System Status