Re: [Netconf] SSE and HTTP/2 in restcon-notif
Kent Watsen <kwatsen@juniper.net> Thu, 04 October 2018 16:01 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEFAF130EA0 for <netconf@ietfa.amsl.com>; Thu, 4 Oct 2018 09:01:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQKlG_T3NNVp for <netconf@ietfa.amsl.com>; Thu, 4 Oct 2018 09:01:33 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD6AD130E78 for <netconf@ietf.org>; Thu, 4 Oct 2018 09:01:32 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w94G04hO015304; Thu, 4 Oct 2018 09:01:31 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=SCIgfnfe6+kTbQBjZNS9+Wnd5jHWKfvj5uNYTEXiSFg=; b=0MGDq1zF/oIrMIC6TeBO5ZtqkBhOInrmiYCwnPGU+/jTj1o8Ja/1MCtfEU//qJR2bRpp dHnchvbjw8+uaztSo3sZcUIZZ4D2f5NlHDJmTRwo9teCqMBcyxW/WwDg4LsylOzazWm+ hM58eDmnupcRM1SbW/ueUcjC5dcArWBhtNsodbXcIGs1+Hx5A0NNeQvXVhGwFPlC2kz4 y/ow/UfBbVttEDVajssFSCuxLCQlSN2ObJ2fCHiwILGwtaTij4djFz5t41vLI3q+8UIx HfxssCSqBleA9UZAEMnSWyCG+RzA0nNSMSjpkRWsytVdvLp1aZ3w/BLuNlS3zxfo9jRb XA==
Received: from nam03-dm3-obe.outbound.protection.outlook.com (mail-dm3nam03lp0021.outbound.protection.outlook.com [207.46.163.21]) by mx0a-00273201.pphosted.com with ESMTP id 2mwna482nw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 04 Oct 2018 09:01:31 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB4508.namprd05.prod.outlook.com (20.176.79.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.13; Thu, 4 Oct 2018 16:01:29 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::8574:3388:660d:e495]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::8574:3388:660d:e495%5]) with mapi id 15.20.1207.022; Thu, 4 Oct 2018 16:01:29 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Andy Bierman <andy@yumaworks.com>
CC: Martin Bjorklund <mbj@tail-f.com>, "rrahman=40cisco.com@dmarc.ietf.org" <rrahman=40cisco.com@dmarc.ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] SSE and HTTP/2 in restcon-notif
Thread-Index: AQHUVpLBkBpJSSIQbkWRq5O8cMUK2aUEmdsAgAAMawCAAGaPgIACgpcAgALhzYCAAEoSAIAAAoQA///NvoCAAEYGgIAENUQA
Date: Thu, 04 Oct 2018 16:01:28 +0000
Message-ID: <8B068781-B680-4FFE-85EA-1A95D7157430@juniper.net>
References: <CABCOCHRyuU712k+QHD0Ke5VF5bj7wSyHAcWxGyDsgT6NKA1ing@mail.gmail.com> <6E59E89D-B00C-4E8A-A3EA-970553C2F40E@juniper.net> <CABCOCHRHVP0kN68w=Wg8rR9AzF4YPteW_GvUVtAuvgTEWoNPNw@mail.gmail.com> <20181001.203508.1709854582923261288.mbj@tail-f.com> <2EAF7889-0179-482E-AEE9-A5311EFAB680@juniper.net> <CABCOCHQKYPWJ8WvvOPWF9dhnxujDE3WbRXMOO94XHO6QB75gBA@mail.gmail.com>
In-Reply-To: <CABCOCHQKYPWJ8WvvOPWF9dhnxujDE3WbRXMOO94XHO6QB75gBA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.2.180910
x-originating-ip: [66.129.241.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB4508; 6:9GfFZ8E77DpntnpPU5oksvL8XXlTu9aeSFZZoucXt6oz0O8iRNiFRSmrpW6wUHZbardoD2cOku/Srsjx/9tbAm2+4kJT7vVB03Py9tAOwweBcu7oxehZJNd5mZ7AOo+2oHfQiyVTysVDMcdyJZo8bEp4dXSNkfjKrKi3o+qTA+QgcgmVbv4+Q1K98cgFxb3sleTUEtThAbwggTepmqw0GvngxSbOpJmBYQAe4KrBCbxhGPvrCvT79e6Hkg2+S3fVWcHhGkfS+pYZO0HHQb1VXu84glDcXUmfPYhlhKs+LGTdu6fcX6z57f6MnRZhBHGDO16w8XB23cGvDbX1Koj3Z3XeLGJGTWewo63jLItWgegO1k0QooDBK51MOjy2YaqaEFOkx2lbXWK91/Z2grqz3fkkw5w2aBROe0C/uEq9nsnYj56ToU4ix4NwLzpqEWhnW3F2PHp0jJQLkUryXgIVpA==; 5:i9rpE0CeBTS5qXhHR1qaxsjkeZCM+5pQeTyFU0tZd3zfABTDJvaZqkFO0kgrcqiw/sdXymkxZ4YaBrY+kL4VTPitdbSTMIRrV4+m4AKPgJ+UU15LQ7Ayz6OgHvmPM2JaXI0p832JpLb7We1qgKytx31Y0jas1Or8wFOW9m3QY6c=; 7:IZj3ILrDIOBfrPxVHyq1+wCtUgwlvD443Gq1vRt9WM/ydNRyEXLN/X479mKiIXHADAap4hQobR+7hwz+5NhjoXpdMff8D0glcTWv8n7QSEslyM9r+qyGc+HQBXwK2QadkGyW1JOYDpf5+Uq4B7q+yQGhYHrJgT1N/TqntnnU/KMSStaaZl2a+1yWlDuMhyCX14uk4TbOBdUT2PDShpV1f/nh540YwK2NfNhoO69Gb6GJru3fY0MZ7riWsOfoqq+y
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 8f774a34-edb6-4585-500a-08d62a12a55b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB4508;
x-ms-traffictypediagnostic: DM6PR05MB4508:
x-microsoft-antispam-prvs: <DM6PR05MB4508F0EA3C15C461A118663EA5EA0@DM6PR05MB4508.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(138986009662008)(158342451672863)(21748063052155)(28532068793085)(190501279198761)(227612066756510);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231355)(944501410)(52105095)(10201501046)(3002001)(93006095)(93001095)(6055026)(149066)(150057)(6041310)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051); SRVR:DM6PR05MB4508; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB4508;
x-forefront-prvs: 0815F8251E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(346002)(376002)(136003)(396003)(189003)(199004)(14454004)(53936002)(229853002)(106356001)(4326008)(3846002)(58126008)(25786009)(66066001)(6116002)(102836004)(86362001)(478600001)(8936002)(99286004)(2906002)(33656002)(6246003)(2900100001)(105586002)(81166006)(5250100002)(53546011)(54906003)(68736007)(81156014)(11346002)(316002)(6306002)(54896002)(6512007)(36756003)(186003)(7736002)(83716004)(5660300001)(6916009)(236005)(76176011)(8676002)(93886005)(6506007)(256004)(476003)(82746002)(26005)(2616005)(71200400001)(6486002)(6436002)(446003)(486006)(14444005)(97736004)(71190400001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB4508; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 0DObVw8dVZNc2hAw+0dOhupa6ZBKzOKIQ2O/z3G5X76r8i4c0HqvfPNeGd20ytFiYqwcrxl/w9s4GXHySO0Wgu4oF9OBY4vf9HY4WyBjy7gVlkaF+7yB+U0ktjD5G+OW6W+O9BX29S7zwimrByuyzsI1cpzVoa1pe3cxrQOScpg7jEhTdmc2lcQR9uFGAQnXxWAJBuWexoPQGU10pCNGEAZUuY0Vv0uBx/MAL+M4jx1cIzeQU4tBhpco2wTRMR6Bqcj8r6U9bYae2Xn3WFqzIrYEFcpl/a7qQ5SlTdxrrAz7s9B+BY89GQSBCHC65VSHQ/RvOfLyH16lAmEBNpe8K5MNHPqjc2OeUdYkv3HSqtM=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_8B068781B6804FFE85EA1A95D7157430junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 8f774a34-edb6-4585-500a-08d62a12a55b
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2018 16:01:29.0195 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB4508
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-04_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810040149
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/XR5BqBTyfEQu37a9yuqfyzDzZWA>
Subject: Re: [Netconf] SSE and HTTP/2 in restcon-notif
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Oct 2018 16:01:41 -0000
Regarding this URI issue, I’m okay if it’s implementation specific for how the security is ensured. Let’s be sure this is clearly called out in the Security Considerations section. Kent On 10/1/18, 3:46 PM, "Andy Bierman" <andy@yumaworks.com<mailto:andy@yumaworks.com>> wrote: On Mon, Oct 1, 2018 at 12:35 PM, Kent Watsen <kwatsen@juniper.net<mailto:kwatsen@juniper.net>> wrote: >> I think the URI should be implementation-specific. >> There is a standard mechanism to discover the correct URI to use >> so there should not be any client issues. > > +1 > >> If the URI just happens to match /streams/<stream-name>\ >> /<subscription-id> then so what? It is just an implementation >> detail right? I thought the concern was for preventing access by other clients. One way is through obfuscation (e.g., random URI). Another is through access control, but we wouldn't want dynamically-generated NACM rules, in <intended> at least, so then is the idea for dynamically-generated NACM rules to be in <operational>? Perhaps someone can post text? I don't know why changes to NACM would be needed. The server just needs to remember the username of the client that did the <establish-subscription> and only allow that username to do the GET on the SSE URI. Kent // contributor Andy
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Kent Watsen
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Martin Bjorklund
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Reshad Rahman (rrahman)
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Eric Voit (evoit)
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Andy Bierman
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Kent Watsen
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Juergen Schoenwaelder
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Kent Watsen
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Qin Wu
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Andy Bierman
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Reshad Rahman (rrahman)
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Andy Bierman
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Kent Watsen
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Andy Bierman
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Martin Bjorklund
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Kent Watsen
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Andy Bierman
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Reshad Rahman (rrahman)
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Kent Watsen
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Eric Voit (evoit)
- Re: [Netconf] SSE and HTTP/2 in restcon-notif Kent Watsen