On Thursday, December 5, 2019 at 12:31:56 PM UTC-8, Yihua Zhang wrote: > I have created a gRFC - https://github.com/grpc/proposal/pull/167 > > Please let me know your comments on this thread.
I think it would be useful to add to the proposal: * an explanation of the pros/cons that lead to the determination of the required level is only settable by the credential implementation and not the application; * a brief explanation about why UDS and TCP local connections were assigned the level they were assigned; and * an explanation of the behavior when a credential is not transferred because the connection didn't meet the required level (e.g., call failure vs no propagation vs something else). Consider assigning the grpc_security_level enum members explicit numerical values with gaps in them for future extension. Also, I'm not following the "Rational" section as currently written... Do the permissions on the UDS that is associated with a file system path need to affect its level? Is a UDS in a 777 directory still considered privacy+integrity or should that be insecure? Does there need to be a privacy+integrity local connection on all platforms? Right now, it looks like Windows won't have one, because local TCP is considered insecure and there's currently no UDS transport on Windows. -- Christopher Warrington Microsoft Corp. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/60ac9238-66db-461b-96b6-8270577ede4d%40googlegroups.com.