-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http listen mode (Roman's DISCUSS) #96
Comments
see also #27 |
Also from Éric V:
[Med] The WG had some cycles on this specific point (https://github.com/ietf-wg-alto/draft-ietf-alto-oam-yang/issues/27). This http-listen is echoing what is in https://datatracker.ietf.org/doc/draft-ietf-netconf-restconf-client-server/:
EV: A variation of the text at the bottom about http vs. https would be nice in section 5.3.1.1 |
From Zahed:
|
Based on Eric's comment, added a paragraph in section 5.3.1.1 to clarify when to use 'http' and 'https' cases of the 'transport' choice. See #96 Signed-off-by: jensenzhang <jingxuan.n.zhang@gmail.com>
Based on Eric's comment, added a paragraph in section 5.3.1.1 to clarify when to use 'http' and 'https' cases of the 'transport' choice. See #96 Signed-off-by: jensenzhang <jingxuan.n.zhang@gmail.com>
** Section 5.4.3. It appears that there is an http-auth-client for both http
and https. Is this suggesting that it is possible to have authenticated users
over unencrypted HTTP. How does that work securely? Is this related to
Section 8’s “The ietf-alto supports an HTTP listen mode to cover cases where
the ALTO server stack does not handle the TLS termination itself, but is
handled by a separate component.” If so, what is the residual risk of this
approach?
The text was updated successfully, but these errors were encountered: