Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http listen mode (Roman's DISCUSS) #96

Open
boucadair opened this issue Oct 25, 2023 · 3 comments
Open

http listen mode (Roman's DISCUSS) #96

boucadair opened this issue Oct 25, 2023 · 3 comments

Comments

@boucadair
Copy link
Contributor

** Section 5.4.3. It appears that there is an http-auth-client for both http
and https. Is this suggesting that it is possible to have authenticated users
over unencrypted HTTP. How does that work securely? Is this related to
Section 8’s “The ietf-alto supports an HTTP listen mode to cover cases where
the ALTO server stack does not handle the TLS termination itself, but is
handled by a separate component.” If so, what is the residual risk of this
approach?
@boucadair
Copy link
Contributor Author

see also #27

@boucadair
Copy link
Contributor Author

Also from Éric V:

Section 5.3.1.1

As I am trusting the SEC ADs' reviews, I will not ballot a blocking
DISCUSS,
please remove all HTTP (as opposed to HTTPS) in the text and in the
data model
itself. Or is "http" used instead of "https" ? But, then why is there
a "tls"

[Med] The WG had some cycles on this specific point (https://github.com/ietf-wg-alto/draft-ietf-alto-oam-yang/issues/27). This http-listen is echoing what is in https://datatracker.ietf.org/doc/draft-ietf-netconf-restconf-client-server/:

  • The "transport" choice node enables either the HTTP or HTTPS
    transports to be configured, with each option enabled by a
    "feature" statement. The HTTP option is provided to support cases
    where a TLS-terminator is deployed in front of the RESTCONF-
    server.

EV: A variation of the text at the bottom about http vs. https would be nice in section 5.3.1.1

@boucadair
Copy link
Contributor Author

From Zahed:

Also supporting Roman's discuss. It is very important that we record
under what circumstances ALTO servers are configured to use HTTP
instead of HTTPS.

fno2010 added a commit that referenced this issue Dec 12, 2023
@fno2010
Clarify cases for HTTP and HTTPS
4bfb813 
Based on Eric's comment, added a paragraph in section 5.3.1.1 to clarify
when to use 'http' and 'https' cases of the 'transport' choice.

See #96

Signed-off-by: jensenzhang <jingxuan.n.zhang@gmail.com>
@fno2010 fno2010 mentioned this issue Dec 12, 2023
Merged
fno2010 added a commit that referenced this issue Jan 3, 2024
@fno2010
Clarify cases for HTTP and HTTPS
34b8cdf 
Based on Eric's comment, added a paragraph in section 5.3.1.1 to clarify
when to use 'http' and 'https' cases of the 'transport' choice.

See #96

Signed-off-by: jensenzhang <jingxuan.n.zhang@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@boucadair