IETF Logo Mail Archive

[netconf] Re: Francesca Palombini's Discuss on draft-ietf-netconf-http-client-server-23: (with DISCUSS)

Mark Nottingham <mnot@mnot.net> Tue, 20 August 2024 23:47 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9C87C18DB99; Tue, 20 Aug 2024 16:47:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b="d6vbJtto"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="mGJfNCVQ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K7HLymB-eE-Q; Tue, 20 Aug 2024 16:47:36 -0700 (PDT)
Received: from fout3-smtp.messagingengine.com (fout3-smtp.messagingengine.com [103.168.172.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA769C18DB93; Tue, 20 Aug 2024 16:47:35 -0700 (PDT)
Received: from phl-compute-03.internal (phl-compute-03.nyi.internal [10.202.2.43]) by mailfout.nyi.internal (Postfix) with ESMTP id D8B8D138FF76; Tue, 20 Aug 2024 19:47:34 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Tue, 20 Aug 2024 19:47:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1724197654; x=1724284054; bh=dv7ik1KnYdsHmEzL3Slp+f7H6YQ+mwn8yUOI/0Ec4qY=; b= d6vbJtto1bRuOQehZTpVq1A/6ip56/nCmK1F8CrfowJZwjqXqSlRgU1rZaAm/zT5 ty8bqYn4lcJ65TE24TBStN6kc+n4BCtOgvecEXjqlJ/Fw5ZDnwy7JkfeCUMVyxHp U+0RSEjK18fKTt/xJJ3y4MuFfU6OxhLR5D3Wpu2dVBauudyD0ZDuscRiJxIHyC/u Q593QxoKSPYAYwcX9UN/D7ET8SGIrDhB83FPVOeh07DLue7rO19mZhFy6XekV/Ku TWsMU4dp1lbId6+sCG9HzJIxoNu6hbFWLzmCDK4wbYHVu5Emj15OxIc1PYs+gm74 SzzeJAxP1wqxHDSr/4MQZw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1724197654; x= 1724284054; bh=dv7ik1KnYdsHmEzL3Slp+f7H6YQ+mwn8yUOI/0Ec4qY=; b=m GJfNCVQHXaWBMe2Q5ofIpjZ6Xj1qn32xDiQ2Qxw1XoEKtPCoiesc+2a1jc7z58g/ pSebjCCsyNKUTXgAweqD1aqisgjpaesAldRXyh3gKEA1cnGSsfGvLB7nylHerGJj gh0QkPyK0BgYfq3CLeLdylbXE5Sk7rN4jqdKCcSkrZfpHzD93IEkKAz4xbgvVdkZ uoIQ3lUvHYX/rR2EEBC7MDXDV8n0PwCoxlDeozzzLExnYCBMX2dvf6Rnu2RnRIKe oo/w7V+cxMObrHHeHk0/px792duxrZGS+h9vGi9+07ATp1SViMfgSt4qgm5CsQfB EEW4uCirqqwUDI/C1CW0A==
X-ME-Sender: <xms:FSvFZveS3zSLHfPSk5n8Il0bzgitzaMi7b4o-_-z3RIEL75C6NFblA> <xme:FSvFZlOZ5VY_6QV5DHpsGfE7bicYcgRJJEJdPtQnbUsbRCEE6dpPphLZgGU2yhi27 3qxEEhfTms3QQyA-g>
X-ME-Received: <xmr:FSvFZogyZ5GraMhOWIpk3TZ8qNnBLtwM-7RnVuzV4mLM7GvTmuxxzx7S85vvdEN7JNMshWzuNHOZnY56Qtk6tmOmTwbKNbHO8a4jj0dlD4ZlPzKeEuCaO4EJ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddruddujedgvdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurheptggguffhjgffvefgkfhfvffosehtqhhmtdhhtdej necuhfhrohhmpeforghrkhcupfhothhtihhnghhhrghmuceomhhnohhtsehmnhhothdrnh gvtheqnecuggftrfgrthhtvghrnhepheehiedtfeegtefgieefiedvkeetledthfejjeet uefgfffgteevffehhfefhfevnecuffhomhgrihhnpehhthhtphdqvhgvrhhsihhonhhshh gvnhgtvgifhhihihhtfigrshgrugguvggurdhishdpmhhnohhtrdhnvghtnecuvehluhhs thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhnohhtsehmnhhoth drnhgvthdpnhgspghrtghpthhtohepjedpmhhouggvpehsmhhtphhouhhtpdhrtghpthht ohepkhgvnhhtodhivghtfhesfigrthhsvghnrdhnvghtpdhrtghpthhtohepfhhrrghntg gvshgtrgdrphgrlhhomhgsihhnihesvghrihgtshhsohhnrdgtohhmpdhrtghpthhtohep ihgvshhgsehivghtfhdrohhrghdprhgtphhtthhopegurhgrfhhtqdhivghtfhdqnhgvth gtohhnfhdqhhhtthhpqdgtlhhivghnthdqshgvrhhvvghrsehivghtfhdrohhrghdprhgt phhtthhopehnvghttghonhhfqdgthhgrihhrshesihgvthhfrdhorhhgpdhrtghpthhtoh epnhgvthgtohhnfhesihgvthhfrdhorhhgpdhrtghpthhtohepmhhjvghthhgrnhgrnhgu rghnihesghhmrghilhdrtghomh
X-ME-Proxy: <xmx:FivFZg8gmmrzS48m6Uq-F48ZcL-G3tHbS8nxJay0Jg2GMuD6PAw5mw> <xmx:FivFZrvkhKikf1L0r1upz3CaB38uL793gvaE-WRnLSoj95O5KyEyPw> <xmx:FivFZvEBYK19TVp5HBBDRFJCl997CHtE8fiAKt2jtbWByItRGH00mQ> <xmx:FivFZiPraE63eyGvyWnjpiMCXmCNm8QZNsmWYQKQ2jWzaRoU-xMn5Q> <xmx:FivFZhDN59aidL8vSWHyAPNRoS4H54SsgRA19Z5-N3N1d1jj8iVpyzjc>
Feedback-ID: ie6694242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 20 Aug 2024 19:47:31 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <01000191716a91f5-134569c8-7097-4beb-a83c-1e533c72cb92-000000@email.amazonses.com>
Date: Wed, 21 Aug 2024 09:47:26 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <B930CFB9-0827-4A04-B3DE-103253048DE1@mnot.net>
References: <172416794310.2072814.8838102958915521258@dt-datatracker-6df4c9dcf5-t2x2k> <01000191716a91f5-134569c8-7097-4beb-a83c-1e533c72cb92-000000@email.amazonses.com>
To: Kent Watsen <kent+ietf@watsen.net>
X-Mailer: Apple Mail (2.3776.700.51)
Message-ID-Hash: ZPJWWRYUBIP6SAFPZY4UXBRUTDPXDNSY
X-Message-ID-Hash: ZPJWWRYUBIP6SAFPZY4UXBRUTDPXDNSY
X-MailFrom: mnot@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netconf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Francesca Palombini <francesca.palombini@ericsson.com>, The IESG <iesg@ietf.org>, draft-ietf-netconf-http-client-server@ietf.org, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netconf] Re: Francesca Palombini's Discuss on draft-ietf-netconf-http-client-server-23: (with DISCUSS)
List-Id: NETCONF WG list <netconf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/u6JHhrjdfoei4NiXr2DnazdRtzw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Owner: <mailto:netconf-owner@ietf.org>
List-Post: <mailto:netconf@ietf.org>
List-Subscribe: <mailto:netconf-join@ietf.org>
List-Unsubscribe: <mailto:netconf-leave@ietf.org>

> On 21 Aug 2024, at 6:11 AM, Kent Watsen <kent+ietf@watsen.net> wrote:
> 
>>> 
>>> My recollection of our most recent discussions of this draft were that it
>>> _might_ make sense to allow configuration of what version(s) of HTTP a server
>>> supports, but not a client. Since -17, it appears the opposite has been done:
>>> while server configuration remains the same, client configuration now allows
>>> enumeration of supported versions.
> 
> The two cases are covered below:
> 
> 1) Regarding configuring allowed HTTP-versions for a *client*
> 
> I don’t recall this being discussed before.  I apologize if it is an overbite on my part.  Looking at the document’s history, the version discussed in Brisbane didn’t have any ability to configure a client to specific HTTP-versions, hence why it suspect it wasn’t discussed...
> 
> In any case, two comments were received since Brisbane by WG members stating that it should be possible to configure a client to use only specific HTTP-versions, hence why it was added.  Is it wrong or bad to restrict a client to specific versions?  
> 
> Note that `curl` has params such as "--http1.1”, "--http2”, "--http3", and "—http3-only”...
> 
> Please advise.

As discussed, HTTP negotiates the version of the protocol in use at runtime; constraining it to a set of versions is counter to best practice (notwithstanding what curl can and cannot do).


> 2) Regarding configuring allowed HTTP-versions for a *server*
> 
> Firstly note that the diff shows that it is unchanged from before.  But what is it, you ask?  The current version defines a YANG grouping called "http-server-stack-grouping” (seen in Section 3.1.2.2) that intends to support the configuration of:
> 
> - http over tcp
> - http over tls
> - http over quic
> 
> Technically, these are loosely connected to, but do not map exactly to HTTP versions.  If looking closely at it, you will notice “choice transport”, which means that only one of the three above (or any new ones added by other YANG modules in the future) can be defined at a time. 
> 
> But, of course, the intent is that a higher-level YANG module (such as the one defined in the restconf-client-server draft) will enable more than more to be configured.  For instance, for a HTTP/3 server, there would might be:
> 
> - one "http over tls” (i.e., tcp/443) configuration stack
> - to present the Alt-Svc record to bounce the client to, e.g., udp/443
> - one “http over quic” (e.g., udp/443) configuration stack
> - to serve the HTTP requests
> 
> Makes sense?

Sort of. I am not confident that this will map well to actual HTTP server configurations, but don't oppose this approach from what I can understand of it.


>>> Additionally, support is indicated by using separate, version-specific
>>> indicators. This is a closed list and does not accommodate future versions of
>>> the protocol. Can this be an array of strings instead? That would also allow
>> us > to avoid the awkward phrasing in the introduction, which leads readers to
>>> believe the set of HTTP versions is closed (counter to BCP56).
> 
> 
> The "protocol-versions” leaf is not a closed list.  The leaf uses the YANG “bits” statement that, according to RFC 7950, section 11:
> 
> o  A "bits" type may have new bits added
> 
> In configuration, the “bits” type is an array of strings.  For example, following is in an example in the draft:
> 
> <protocol-versions>http-11 http-2 http-3</protocol-versions>

I see. The specification still enumerates only those versions, however -- per above, versioning should be omitted from clients completely.

Cheers,


--
Mark Nottingham   https://www.mnot.net/

v2.37.1 | Report a Bug | By Email | System Status