Follow-up on draft-ietf-netconf-http-client-server

Thank you all for your earlier comments regarding draft-ietf-netconf-http-client-server <>.

The draft is now almost ready for WGLC (which will be CC-ed here as well), but there remains one item for which your guidance is needed (see bottom).

First, as a recap, one of the primarily takeaways from before was that proxies can be supported both at the TCP-level (i.e., via SOCKS) and at the HTTP-level (i.e. via a Web Proxy).

In order to support TCP-level proxies, the “tcp-client-grouping”, which is defined in another draft (draft-ietf-netconf-tcp-client-server <>), now defines optional configuration enabling any TCP-client to initiate a connection via a proxy.  FWIW, here is a direct link to the "tree diagram” <>  illustrating this.

In order to support HTTP-level proxies, *this* draft was modified to introduce a new “proxy-connect” configuration stanza that, in effect, is the complete configuration for another HTTP-client connection.  Here’s a direct link to the “tree diagram” <> and here is a fully-populated example <> (see 2nd example).

Does everything appear to be in order so far?

Now, for the question, do Web Proxies require client-auth?  More specifically:
when an HTTP client is connecting to a Web Proxy via HTTP, is HTTP-level auth (i.e. Basic) mandatory or optional?
when an HTTP client is connecting to a Web Proxy via HTTPS, is TLS-level and/or HTTP-level auth mandatory or optional?


Received on Tuesday, 21 July 2020 16:40:39 UTC