IETF Logo Mail Archive

[netconf] Re: Francesca Palombini's Discuss on draft-ietf-netconf-http-client-server-23: (with DISCUSS)

Mark Nottingham <mnot@mnot.net> Fri, 20 September 2024 17:19 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75069C14F5F1; Fri, 20 Sep 2024 10:19:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b="NuBhWi5D"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="RYObVITG"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MWtzp7DGL_DH; Fri, 20 Sep 2024 10:19:19 -0700 (PDT)
Received: from fhigh1-smtp.messagingengine.com (fhigh1-smtp.messagingengine.com [103.168.172.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2342C14F5E9; Fri, 20 Sep 2024 10:19:18 -0700 (PDT)
Received: from phl-compute-01.internal (phl-compute-01.phl.internal [10.202.2.41]) by mailfhigh.phl.internal (Postfix) with ESMTP id AB09C11401AF; Fri, 20 Sep 2024 13:19:17 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-01.internal (MEProxy); Fri, 20 Sep 2024 13:19:17 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1726852757; x=1726939157; bh=Tr5eCw+9CHVK4ZNnWRVXEG0ye3yYGgLhqoIMdG9wEuA=; b= NuBhWi5D40jANDHHBEu6lq5Sw2RomdRAUKUBkEPopxNAzGUyS5Y97mfxureMp+ri rc/0+RPCdIM+FHRGv+cvavzkkXkBsgnLdTf4dvUFBv+8tAYhRlVVA9hn05R11Vbi f5obQzqRlEdlB5EH8GTo+sNtJ8wUPMcnq4WxHYjv9G/Jmb0asGySCg+LrdHepPax MP638uZ3lhP6aUyTGS1qSSn0zMTqa9fQDypxwYIOYmqBqq5vu33SPD6tzHJkZxRT fiyEqO+vhpQJRY1AEKPVoJKMVRX/knFq5pu1Nr31g9n9pqWAkpv1t7y2/nbLBWmp DnEoVCBI4SxGEZvxKdeLeQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1726852757; x= 1726939157; bh=Tr5eCw+9CHVK4ZNnWRVXEG0ye3yYGgLhqoIMdG9wEuA=; b=R YObVITGusefpV0LrVEWMRyqctIWhp9MyISvjjEYyLTz7H3/9vXNG8BfMX+ZPpVAI TQ0UxNjIElymoAFROBvPL8VtzceLrAPH3bSpjRi2HBsZWdFvgK6LLVoct5iVVsvM UrgIOfkefrCbQHqoJsMV9pR+bNLwRF8B0Nv/YQHWy1QwIma44dMRQf3+XP8Vzw5a 4P3Ao2G0utY/MgF8GK4XgDyZoH181+PcfxgPW9SqQVhcGo6YSj15pHM0I43N2ssA l0m0MD8ie+MCTO3fYAGfzgHpFtddK1CklLI2w8TzJLDKI7YD5uEb9f1iYwUqSBMM ne95Nk8CIEhQAurNSZhuA==
X-ME-Sender: <xms:la7tZg4_pqgBk90Wq5AsEqEo2Vsj7m_Q3hCyEa_ygWCB-_IvCamZ7A> <xme:la7tZh6JTbjqXQFWIWv16iXiWpSx0jcHs5FxmriW0AsBW1LNMPuw8DN1T_GIBoafW MxkXc1wQRPB6yNvRw>
X-ME-Received: <xmr:la7tZvetPIV6wXwQ0mEIGn0LzMtwypMk1DK4ao2ZA1y6DF092sGFeg2YXKKjgxZ1xNY>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudelfedgudduvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg hnthhsucdlqddutddtmdenucfjughrpegtggfuhfgjffevgffkfhfvofesthhqmhdthhdt jeenucfhrhhomhepofgrrhhkucfpohhtthhinhhghhgrmhcuoehmnhhothesmhhnohhtrd hnvghtqeenucggtffrrghtthgvrhhnpeekvedtuefhhedvuddvgeejieejveegffelfeek gefhheelieehudevfeetieehvdenucffohhmrghinhepghhithhhuhgsrdgtohhmpdhivg htfhdrohhrghdpshifrghgghgvrhdrihhopdhhthhtphifghdrohhrghdpmhhnohhtrdhn vghtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmh hnohhtsehmnhhothdrnhgvthdpnhgspghrtghpthhtohepjedpmhhouggvpehsmhhtphho uhhtpdhrtghpthhtohepkhgvnhhtodhivghtfhesfigrthhsvghnrdhnvghtpdhrtghpth htohepfhhrrghntggvshgtrgdrphgrlhhomhgsihhnihesvghrihgtshhsohhnrdgtohhm pdhrtghpthhtohepmhhjvghthhgrnhgrnhgurghnihesghhmrghilhdrtghomhdprhgtph htthhopehivghsghesihgvthhfrdhorhhgpdhrtghpthhtohepughrrghfthdqihgvthhf qdhnvghttghonhhfqdhhthhtphdqtghlihgvnhhtqdhsvghrvhgvrhesihgvthhfrdhorh hgpdhrtghpthhtohepnhgvthgtohhnfhdqtghhrghirhhssehivghtfhdrohhrghdprhgt phhtthhopehnvghttghonhhfsehivghtfhdrohhrgh
X-ME-Proxy: <xmx:la7tZlJouRVzU4wul51LyrMPFULDJG6XOOsVpkQrtNQzv9SAbu5nSQ> <xmx:la7tZkLbhldggemO7ro2g9NEdU_7pq-A3iTvyBfONR6jbwTP7_bkTA> <xmx:la7tZmxDJ0t9k3W7UkVLaemRsy4edXeukj-SpbamTZJk8DrGJHAEIA> <xmx:la7tZoJOeIgq5uUX9xMr-WcDllK0JKUs6HaKWkzOu2-8sPWQGbAViQ> <xmx:la7tZj8CX_lgAwlnRxWO-xKA6Q_FhZBm7gu8ofV7sMUzVISDEDgr_P6q>
Feedback-ID: ie6694242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 20 Sep 2024 13:19:16 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3818.100.11.1.3\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <0100019206419089-61fd041b-6c56-49d7-ab46-b73c305ec629-000000@email.amazonses.com>
Date: Fri, 20 Sep 2024 13:19:16 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE39ADAF-148C-4B5D-8F54-81629C36137F@mnot.net>
References: <172416794310.2072814.8838102958915521258@dt-datatracker-6df4c9dcf5-t2x2k> <01000191716a91f5-134569c8-7097-4beb-a83c-1e533c72cb92-000000@email.amazonses.com> <B930CFB9-0827-4A04-B3DE-103253048DE1@mnot.net> <010001917276c9a9-61d073c7-2edc-4fb6-8397-6bf11b2cf243-000000@email.amazonses.com> <DC395793-7357-45E3-BF94-E99280A66C0C@mnot.net> <010001917365fcca-e582458e-7aa7-4c46-bf31-fbcbccefb210-000000@email.amazonses.com> <BBA38183-A666-4CCF-BB89-D552B7BC6B44@gmail.com> <ABDB4C56-8A51-4FCC-B4B5-D6F80118D3E9@mnot.net> <B1FCA958-C784-4995-95E3-4B6775B3E198@gmail.com> <PAXPR07MB78381E22931ABEEFC500DAD098602@PAXPR07MB7838.eurprd07.prod.outlook.com> <0100019206419089-61fd041b-6c56-49d7-ab46-b73c305ec629-000000@email.amazonses.com>
To: Kent Watsen <kent+ietf@watsen.net>
X-Mailer: Apple Mail (2.3818.100.11.1.3)
Message-ID-Hash: KZPICV44YRENCMPREONKYJ6ERMLHHEI5
X-Message-ID-Hash: KZPICV44YRENCMPREONKYJ6ERMLHHEI5
X-MailFrom: mnot@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netconf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Francesca Palombini <francesca.palombini@ericsson.com>, The IESG <iesg@ietf.org>, "draft-ietf-netconf-http-client-server@ietf.org" <draft-ietf-netconf-http-client-server@ietf.org>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netconf] Re: Francesca Palombini's Discuss on draft-ietf-netconf-http-client-server-23: (with DISCUSS)
List-Id: NETCONF WG list <netconf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/glMV7sUSKHmp3zyb2OEv-EXuowc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Owner: <mailto:netconf-owner@ietf.org>
List-Post: <mailto:netconf@ietf.org>
List-Subscribe: <mailto:netconf-join@ietf.org>
List-Unsubscribe: <mailto:netconf-leave@ietf.org>

Kent,

We have explained repeatedly that HTTP semantics are not versioned, and that the runtime protocol version is negotiated, not preset in configuration. Some tools (e.g., Curl) expose it for testing, not operational purposes. Limiting the HTTP version in use by a client in configuration is bad practice because it limits the deployments of new protocol versions unnecessarily. 

Regarding being 'in the rough' - we're determining IETF consensus, not WG consensus here.

Cheers,


> On 18 Sep 2024, at 1:50 pm, Kent Watsen <kent+ietf@watsen.net> wrote:
> 
> Hi Francesca,
> 
> It was the NETCONF WG's idea (not mine) to add the ability to configure what protocol versions a client wishes to use.   The ability to do so is not uncommon, e.g., to support test automation, resulting in a pattern of YANG models constraining versions when versions exist.  This is normal operation and so it’s surprising/alarming that constraining available versions may harm the HTTP ecosystem.  This opinion is inconsistent with experience, and seems to be in the rough.  It is hard to understand/accept when no concrete example is provided.  Adding text regarding possible impact may be important for future maintainers of this work, depending on the nature of the issue.
> 
> Mark’s other suggestion to remove the "Support is provided for HTTP/1.1, HTTP/2, and HTTP/3.” sentence from both the Abstract and the Introduction sections is fine, and can be considered done (will be part of the next update).  Here’s the GitHub diff:  https://github.com/netconf-wg/http-client-server/commit/ee514fcb49406c58bc515432d6c96772b766ae4a.
> 
> Thanks,
> Kent
> 
> 
> 
>> On Sep 16, 2024, at 6:12 AM, Francesca Palombini <francesca.palombini@ericsson.com> wrote:
>> 
>> Hi Mahesh,
>>  I believe the question here is why this configuration is needed at all. Mark has made a constructive suggestion that will get the doc unstuck, that protocol-versions for the client is removed as well as specific talk about the different versions, rather than additional text be added about the possible impact.
>>  Thanks,
>> Francesca
>>  From: Mahesh Jethanandani <mjethanandani@gmail.com>
>> Date: Wednesday, 11 September 2024 at 22:28
>> To: Mark Nottingham <mnot@mnot.net>
>> Cc: Francesca Palombini <francesca.palombini@ericsson.com>, The IESG <iesg@ietf.org>, draft-ietf-netconf-http-client-server@ietf.org <draft-ietf-netconf-http-client-server@ietf.org>, NETCONF WG Chairs <netconf-chairs@ietf.org>, NETCONF WG <netconf@ietf.org>, Kent Watsen <kent+ietf@watsen.net>
>> Subject: Re: Francesca Palombini's Discuss on draft-ietf-netconf-http-client-server-23: (with DISCUSS)
>> Hi Mark,
>>  Thanks for the suggestion.
>> 
>> 
>> On Aug 28, 2024, at 6:22 PM, Mark Nottingham <mnot@mnot.net> wrote:
>>  It doesn't.
>> 
>> Concretely, I suggest - 
>> 
>> * In the Abstract, remove "Support is provided for HTTP/1.1, HTTP/2, and HTTP/3."
>> * Remove protocol-versions from http-client-common-grouping
>>  Apparently, the question of the impact of client choosing a HTTP version is still not clear.  I am specifically referring to this exchange between you and Kent.
>>  No; I'm only attempting to make sure that your specification doesn't actively harm the HTTP ecosystem.
>> 
>> 
>> Good - and thank you!
>> 
>> 
>> 
>> Constraining the available versions is one way that can happen.
>> 
>> Can you provide a scenario where the client being configured to use specific versions harms the HTTP ecosystem?
>>  It would help for Kent to document in the draft why choosing a particular version of HTTP in this particular case is a bad idea.
>>  Thanks.
>> 
>> 
>> 
>> Also, I noticed that the Abstract says:
>> 
>> 
>> It is intended that these groupings will be used to help define the configuration for simple HTTP-based protocols (not for complete web servers or browsers).
>> 
>> If this is indeed intended to be a configuration mechanism for HTTP-based protocols, that would seem to be more in-scope with the HTTPAPI WG - has any coordination been done with them? In particular, the relationship to OpenAPI <https://swagger.io/specification/> should be considered, as it has considerable adoption and overlaps this use case.
>> 
>> Cheers,
>> 
>> 
>> 
>> 
>> On 27 Aug 2024, at 10:54 AM, Mahesh Jethanandani <mjethanandani@gmail.com> wrote:
>> 
>> Hi Mark,
>> 
>> Francesca’s DISCUSS, which is a proxy for your HTTPDIR review was discussed in the telechat last Thursday. I am following up to find out if Kent’s reply below addresses your concerns or not. If my understanding is correct, the main sticking point is the client trying to specify a HTTP version it wants to use, and its possible impact on the HTTP ecosystem. 
>> 
>> Let us know. Thanks.
>> 
>> 
>> On Aug 20, 2024, at 10:25 PM, Kent Watsen <kent+ietf@watsen.net> wrote:
>> 
>> 
>> Negotiating version at runtime (startup handshake) is common practice.   The way it usually goes is that the client has a list of what it allows, and the server has a list of what it supports, and the latest/newest common version is selected.  This is how it works in HTTP also, yes?
>> 
>> No. See:
>> 
>> https://httpwg.org/specs/rfc9112.html#http.version
>> https://httpwg.org/specs/rfc9113.html#starting
>> https://httpwg.org/specs/rfc9114.html#discovery
>> 
>> Fine, but your point is only made because HTTP keeps changing its transport  ;)
>> 
>> Assuming HTTP/4 stays with QUIC, then RFC 7301, Section 1 says:
>> 
>> With ALPN, the client sends the list of supported application
>> protocols as part of the TLS ClientHello message. The server
>> chooses a protocol and sends the selected protocol as part of
>> the TLS ServerHello message.
>> 
>> 
>> In such a case, the client’s ALPN list would be [h3, h4], and the server returns one or the other, depending on what it supports, which is effectively what I wrote. 
>> 
>> I also note that RFC 9114 Section 3.1 says:
>> 
>>   A client MAY attempt access to a resource with an "https" URI by
>>   resolving the host identifier to an IP address, establishing a
>>   QUIC connection to that address on the indicated port (including
>>   validation of the server certificate as described above), and
>>   sending an HTTP/3 request message targeting the URI to the server
>>   over that secured connection. 
>> 
>> This optimization is possible if the client knows it only wants QUIC-based HTTP.   This is faster than first establishing an HTTP/2 connection and switching after receiving the "alt-svc” header.  This is also faster than the client optimistically switching after receiving a "TCP RST”, assuming the server isn't listening on tcp/443.
>> 
>> 
>> 
>> Let’s say there exists an HTTP-client that requires multiplexing, so it requires at least HTTP/2.  But it connects to a server that only supports HTTP/1.1.  IMO the negotiation should fail, letting the HTTP-client to try another server.  Isn’t this proper?
>> 
>> A "HTTP-client that requires multiplexing" (i.e., an application using HTTP that wants to multiplex) can use multiple HTTP/1 connections, or HTTP/2, or HTTP/3, or...
>> 
>> It was just an example.  The general point is that each HTTP version comes with a set of features (e.g., scalability, performance, security, etc.) and a client may require a specific feature-set.
>> 
>> 
>> 
>> The configuration -23 regards setting the client’s "list of what it allows".  It can be a list of versions, or the special wildcard value “any”.   It is expected that this “list of versions" will feed into the negotiation.  IDK, maybe you thought that the draft was always setting the client to a single version?
>> 
>> No; I'm only attempting to make sure that your specification doesn't actively harm the HTTP ecosystem.
>> 
>> 
>> Good - and thank you!
>> 
>> 
>> 
>> Constraining the available versions is one way that can happen.
>> 
>> Can you provide a scenario where the client being configured to use specific versions harms the HTTP ecosystem?
>> 
>> 
>> 
>> I continue to be concerned that you're defining a configuration language for HTTP without a strong understanding of the protocol's core concepts or common implementation patterns.
>> 
>> It could also be that you don’t appreciate that, by nature of this being “configuration”, it is not a "first contact” scenario.  That is, this is much more like a script using `curl` than a user using a browser.
>> 
>> 
>> Thanks again!
>> Kent
>> 
>> 
>> 
>> Mahesh Jethanandani
>> mjethanandani@gmail.com
>> 
>> 
>> 
>> 
>> 
>> 
>> --
>> Mark Nottingham   https://www.mnot.net/
>>  
>> Mahesh Jethanandani
>> mjethanandani@gmail.com
> 
> 

--
Mark Nottingham   https://www.mnot.net/

v2.35.0 | Report a Bug | By Email | System Status