Re: [netconf] Éric Vyncke's Discuss on draft-ietf-netconf-tcp-client-server-21: (with DISCUSS and COMMENT)
Kent Watsen <kent+ietf@watsen.net> Wed, 21 February 2024 22:27 UTC
Return-Path: <0100018dcdc7aa67-7894f636-2412-4a2d-a0be-71154b217bf0-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D27B0C14F68E; Wed, 21 Feb 2024 14:27:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L9-wZevfFqaD; Wed, 21 Feb 2024 14:27:12 -0800 (PST)
Received: from a8-88.smtp-out.amazonses.com (a8-88.smtp-out.amazonses.com [54.240.8.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D464C14F6A8; Wed, 21 Feb 2024 14:27:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1708554431; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=2KmXuRh8cIh3OFWl/dGno0+/uGXEcnZ9pnyXrRrGrwY=; b=iDzFyUXYFaa5Fe3rkk0WWGdnK6l5AKkurchL78RPuJT5gFNE/3L1G+rZS86/V043 MktB4Y7JpPCxTNPEUnD0SJxTPyGbc/vKFhiJxVCakM/FJCsDaq2zUv66m+i9Q6uHsPo moT2NbD5VTeeiaOhg/q+eKqmMoREheBr2mDSYT5A=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100018dcdc7aa67-7894f636-2412-4a2d-a0be-71154b217bf0-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FBA77F0B-4F38-4D42-828F-4E115F65C7DB"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Date: Wed, 21 Feb 2024 22:27:11 +0000
In-Reply-To: <170843373775.28810.15163380629330089098@ietfa.amsl.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-netconf-tcp-client-server@ietf.org, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, "Per Andersson (perander)" <perander@cisco.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, "Scharf, Michael" <michael.scharf@hs-esslingen.de>
To: Éric Vyncke <evyncke@cisco.com>
References: <170843373775.28810.15163380629330089098@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3774.400.31)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.02.21-54.240.8.88
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/hqtfLCMPWn3rhtJqbkZefNk_t-g>
Subject: Re: [netconf] Éric Vyncke's Discuss on draft-ietf-netconf-tcp-client-server-21: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2024 22:27:13 -0000
Hi Éric, Thank you for your comments. Please see below for responses. Kent > On Feb 20, 2024, at 7:55 AM, Éric Vyncke via Datatracker <noreply@ietf.org> wrote: > > Éric Vyncke has entered the following ballot position for > draft-ietf-netconf-tcp-client-server-21: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-netconf-tcp-client-server/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > # Éric Vyncke, INT AD, comments for draft-ietf-netconf-tcp-client-server-21 > > Thank you for the work put into this document. > > Please find below one blocking DISCUSS points (easy to address as it is only to > force a reply), some non-blocking COMMENT points (but replies would be > appreciated even if only for my own education). > > Special thanks to Per Andersson for the shepherd's detailed write-up including > the WG consensus (and the discussion with TCPM) and the justification of the > intended status. > > I hope that this review helps to improve the document, > > Regards, > > -éric > > # DISCUSS (blocking) > > As noted in https://www.ietf.org/blog/handling-iesg-ballot-positions/, a > DISCUSS ballot is a request to have a discussion on the following topics: > > ## No MASQUE or HTTP-proxy defined ? > > This is mainly to force a discussion over email. SOCKS were (and probably are > still) a common proxy mechanism, but should SSH tunnels, MASQUE connect (and > its old parent HTTP connect method) be part of this document? This discuss seems to be about the "http-client-server” draft more so than the “tcp-client-server” draft. For instance, this section[1] in the http-client-server draft defines a node called "proxy-connect” that enables the HTTP-client to be configured to connect via either an HTTP- or HTTPS- based proxy. Though the “http-client-server" document doesn’t say it (which I just fixed), the “proxy-connect” node intends to support HTTP connect [2]. [1] https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server-17#section-2.1.2.2 [2] https://datatracker.ietf.org/doc/html/rfc9110#section-9.3.6 I never heard before about MASQUE, which I see now is defined in both RFC 9298 (Proxying UDP in HTTP) and RFC 9484 (Proxying IP in HTTP). Those RFCs being so new, the question is if MASQUE should be 1) added to the http-client-server draft now, 2) acknowledged as not being in the http-client-server draft, or 3) say nothing about MASQUE, only stating that HTTP-connect is supported and other proxy-types can be added by future work? PS: there is a related DISCUSS going on for the http-client-server draft, regarding its current lack of support for QUIC. The same 1/2/3-options in the previous paragraph are in play. I had a conversion with the NETCONF-chairs (Mahesh and Per) today and we think that a small update to the http-client-server draft might be possible to support QUIC, assuming the configuration for QUIC and DTLS are the same (i.e., TLS + UDP). [Is there a QUIC expert in the house I can ask?] > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > # COMMENTS (non-blocking) > > ## Section 2.1 > > While the text about keep-alives use cases sounds correct, I wonder whether > this text is relevant in an I-D about *data models*, i.e., why discussing the > semantics and use cases of TCP keep-alives? Section 2.1.5 (Guidelines for Configuring TCP Keep-Alives) was written by my co-author, Michael Sharf (CC-ed), who is also a chair of the TCPM WG. I had assumed that it was important... Michael, can you respond to this comment? > Some issue with the use of normative language for the default values of TCP > keep-alives, those values SHOULD be in NETCONF/RESTCONF protocols and not > discussed in this data model. To be honest, I hesitated to raise a discuss > level on this. I’m assuming this comment regards Section 2.1.5 (Guidelines for Configuring TCP Keep-Alives). I agree that text about motivation doesn’t need to be in a document regarding data-models... Michael, can you respond to this comment also? > ## Section 3.1.2.1 > > The reader would probably welcome an explanation of the differences between > 'socks4' and 'socks4a', is it only to allow for a hostname ? > > Should it be possible to configure multiple remote-addresses for the proxy ? This took some effort. As you’ll see when I publish an update to the suite of drafts (maybe later today), I made the following changes: 1) added three new “feature” statements: - socks4-supported - socks4a-supported - socks5-supported 2) greatly expanded Section 3.1.1 (Features) to describe each feature, with the description for the “socks4a-supported” feature including the statement: "The difference between Socks4 and Socks4a is that Socks4a enables the "remote-address" to be specified using a hostname, in addition to an IP address. 3) expanded Section 3.1.2.1, under the "proxy-server” description section, to refer to the new “feature” statements and, in particular, the aforementioned Section 3.1.1. I’m hoping you will be happy with this update. > ## Section 3.3 > > About the tcp-client-grouping remote-address `the IP addresses are tried > according to local preference order`, should there be a reference to RFC 6724 > (as there can be multiple source addresses) ? I’m looking at https://datatracker.ietf.org/doc/html/rfc6724#section-6 …and feeling unsure about applicability to this section. My hesitation regards how this same "tcp-client-grouping” specifies the "local-address” (which I equate to “source address” as a single value (type inet:ip-address), either specified or picked by the OS, but it is still just one value. Does RFC 6724 still apply? Please advise. > Also in tcp-client-grouping local-address, AFAIK `INADDR6_ANY > ('0:0:0:0:0:0:0:0' a.k.a. '::')` also means supporting IPv4-mapped addresses > per RFC 4291. SO, the text `the server can bind to any IPv4 or IPv6 addresses, > respectively ` should be amended. Looking at: https://datatracker.ietf.org/doc/html/rfc4291#section-2.5.2 https://datatracker.ietf.org/doc/html/rfc4291#section-2.2 https://datatracker.ietf.org/doc/html/rfc4291#section-2.5.5 I see what you mean. I made this change: OLD: any IPv4 or IPv6 addresses, respectively. NEW: any IPv4 or IPv6 address. > ## Section 4.3 > > Also in tcp-server-grouping local-address, AFAIK `INADDR6_ANY > ('0:0:0:0:0:0:0:0' a.k.a. '::')` also means supporting IPv4-mapped addresses > per RFC 4291. SO, the text `the server can bind to any IPv4 or IPv6 addresses, > respectively ` should be amended. I made the same change as described in my previous response. Thanks again! Kent
- [netconf] Éric Vyncke's Discuss on draft-ietf-net… Éric Vyncke via Datatracker
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Kent Watsen
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Scharf, Michael
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Scharf, Michael
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Kent Watsen
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)