subject:"Re\: \[edk2\] \[Patch 0\/2\] NetworkPkg\: Support the platform to configure TLS CipherList."

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

2018-02-12 Thread Laszlo Ersek

On 02/11/18 03:33, Wu, Jiaxin wrote:
> Hi Laszlo,
> 
> Besides the compatibility consideration, we'd better *not* put
> CipherList and CaCertificate into one variable.

I didn't suggest to put them in the same variable -- I meant to put them
in separate variables, just the two variables should belong to the same
namespace GUID.

> In the future, we prefer to manage the CaCertificate with other cert
> configuration items together (e.g. HostPublicCert, HostPrivateCert,
> etc ) rather than the parameters like CipherList.  You know we can't
> save the host cert pairs as variable due to the security
> consideration.
> 
> So, case by case, let's keep current solution to define the variable
> named as "HttpTlsCipherList".

Sure, that works for me.

Thanks,
Laszlo


>> -Original Message-
>> From: Laszlo Ersek [mailto:ler...@redhat.com]
>> Sent: Friday, February 9, 2018 6:12 PM
>> To: Fu, Siyuan ; Wu, Jiaxin ;
>> edk2-devel@lists.01.org
>> Cc: Kinney, Michael D ; Zimmer, Vincent
>> ; Yao, Jiewen ; Ye,
>> Ting 
>> Subject: Re: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
>> CipherList.
>>
>> On 02/09/18 06:22, Fu, Siyuan wrote:
>>> Hi, Jiaxin
>>>
>>> I think we can remove the "TlsCipherList.h" to another name like
>>> "HttpTlsCipherListVariable.h" to  highlight that the variable is only
>>> used for HTTP configuration. And also the variable name and GUID
>>> name.
>> If we are renaming gEfiTlsCaCertificateGuid, can we pick a generic term
>> as new name, something like "gHttpTlsVariableGuid"? And then put both
>> variables, the CA List and the Cipher List, in that (same) namespace GUID?
>>
>> It's not that we'll run out of GUIDs any time soon :) , but I think
>> these variables belong closely together.
>>
>> Thanks,
>> Laszlo
>>
 -Original Message-
 From: Wu, Jiaxin
 Sent: Friday, February 9, 2018 12:00 PM
 To: edk2-devel@lists.01.org
 Cc: Laszlo Ersek ; Kinney, Michael D
 ; Zimmer, Vincent
>> ;
 Yao, Jiewen ; Ye, Ting ; Fu,
 Siyuan ; Wu, Jiaxin 
 Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
 CipherList.

 Cc: Laszlo Ersek 
 Cc: Kinney Michael D 
 Cc: Zimmer Vincent 
 Cc: Yao Jiewen 
 Cc: Ye Ting 
 Cc: Fu Siyuan 
 Contributed-under: TianoCore Contribution Agreement 1.0
 Signed-off-by: Wu Jiaxin 

 Jiaxin Wu (2):
   NetworkPkg: Define one private variable for TLS CipherList
 configuration.
   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
 session.

  NetworkPkg/HttpDxe/HttpDriver.h |  3 +-
  NetworkPkg/HttpDxe/HttpDxe.inf  |  3 +-
  NetworkPkg/HttpDxe/HttpsSupport.c   | 92
 -
  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++
  NetworkPkg/NetworkPkg.dec   |  3 ++
  5 files changed, 136 insertions(+), 3 deletions(-)
  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h

 --
 1.9.5.msysgit.1
>>>
> 

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

2018-02-10 Thread Wu, Jiaxin

Hi Laszlo,

Besides the compatibility consideration, we'd better *not* put CipherList and 
CaCertificate into one variable. In the future, we prefer to manage the 
CaCertificate with other cert configuration items together (e.g. 
HostPublicCert, HostPrivateCert, etc ) rather than the parameters like 
CipherList.  You know we can't save the host cert pairs as variable due to the 
security consideration.

So, case by case, let's keep current solution to define the variable named as 
"HttpTlsCipherList".

Thanks,
Jiaxin


> -Original Message-
> From: Laszlo Ersek [mailto:ler...@redhat.com]
> Sent: Friday, February 9, 2018 6:12 PM
> To: Fu, Siyuan ; Wu, Jiaxin ;
> edk2-devel@lists.01.org
> Cc: Kinney, Michael D ; Zimmer, Vincent
> ; Yao, Jiewen ; Ye,
> Ting 
> Subject: Re: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> On 02/09/18 06:22, Fu, Siyuan wrote:
> > Hi, Jiaxin
> >
> > I think we can remove the "TlsCipherList.h" to another name like
> > "HttpTlsCipherListVariable.h" to  highlight that the variable is only
> > used for HTTP configuration. And also the variable name and GUID
> > name.
> If we are renaming gEfiTlsCaCertificateGuid, can we pick a generic term
> as new name, something like "gHttpTlsVariableGuid"? And then put both
> variables, the CA List and the Cipher List, in that (same) namespace GUID?
> 
> It's not that we'll run out of GUIDs any time soon :) , but I think
> these variables belong closely together.
> 
> Thanks,
> Laszlo
> 
> >> -Original Message-
> >> From: Wu, Jiaxin
> >> Sent: Friday, February 9, 2018 12:00 PM
> >> To: edk2-devel@lists.01.org
> >> Cc: Laszlo Ersek ; Kinney, Michael D
> >> ; Zimmer, Vincent
> ;
> >> Yao, Jiewen ; Ye, Ting ; Fu,
> >> Siyuan ; Wu, Jiaxin 
> >> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> >> CipherList.
> >>
> >> Cc: Laszlo Ersek 
> >> Cc: Kinney Michael D 
> >> Cc: Zimmer Vincent 
> >> Cc: Yao Jiewen 
> >> Cc: Ye Ting 
> >> Cc: Fu Siyuan 
> >> Contributed-under: TianoCore Contribution Agreement 1.0
> >> Signed-off-by: Wu Jiaxin 
> >>
> >> Jiaxin Wu (2):
> >>   NetworkPkg: Define one private variable for TLS CipherList
> >> configuration.
> >>   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
> >> session.
> >>
> >>  NetworkPkg/HttpDxe/HttpDriver.h |  3 +-
> >>  NetworkPkg/HttpDxe/HttpDxe.inf  |  3 +-
> >>  NetworkPkg/HttpDxe/HttpsSupport.c   | 92
> >> -
> >>  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++
> >>  NetworkPkg/NetworkPkg.dec   |  3 ++
> >>  5 files changed, 136 insertions(+), 3 deletions(-)
> >>  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> >>
> >> --
> >> 1.9.5.msysgit.1
> >

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

2018-02-09 Thread Laszlo Ersek

On 02/09/18 06:22, Fu, Siyuan wrote:
> Hi, Jiaxin
> 
> I think we can remove the "TlsCipherList.h" to another name like
> "HttpTlsCipherListVariable.h" to  highlight that the variable is only
> used for HTTP configuration. And also the variable name and GUID
> name.
If we are renaming gEfiTlsCaCertificateGuid, can we pick a generic term
as new name, something like "gHttpTlsVariableGuid"? And then put both
variables, the CA List and the Cipher List, in that (same) namespace GUID?

It's not that we'll run out of GUIDs any time soon :) , but I think
these variables belong closely together.

Thanks,
Laszlo

>> -Original Message-
>> From: Wu, Jiaxin
>> Sent: Friday, February 9, 2018 12:00 PM
>> To: edk2-devel@lists.01.org
>> Cc: Laszlo Ersek ; Kinney, Michael D
>> ; Zimmer, Vincent ;
>> Yao, Jiewen ; Ye, Ting ; Fu,
>> Siyuan ; Wu, Jiaxin 
>> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
>> CipherList.
>>
>> Cc: Laszlo Ersek 
>> Cc: Kinney Michael D 
>> Cc: Zimmer Vincent 
>> Cc: Yao Jiewen 
>> Cc: Ye Ting 
>> Cc: Fu Siyuan 
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Wu Jiaxin 
>>
>> Jiaxin Wu (2):
>>   NetworkPkg: Define one private variable for TLS CipherList
>> configuration.
>>   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
>> session.
>>
>>  NetworkPkg/HttpDxe/HttpDriver.h |  3 +-
>>  NetworkPkg/HttpDxe/HttpDxe.inf  |  3 +-
>>  NetworkPkg/HttpDxe/HttpsSupport.c   | 92
>> -
>>  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++
>>  NetworkPkg/NetworkPkg.dec   |  3 ++
>>  5 files changed, 136 insertions(+), 3 deletions(-)
>>  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
>>
>> --
>> 1.9.5.msysgit.1
> 

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

2018-02-08 Thread Wu, Jiaxin

Sure, I will update the wiki once the patch is committed.

Thanks
Jiaxin



> -Original Message-
> From: Li, Ruth
> Sent: Friday, February 9, 2018 3:08 PM
> To: Fu, Siyuan <siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com>;
> edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Zimmer, Vincent
> <vincent.zim...@intel.com>; Ye, Ting <ting...@intel.com>; Yao, Jiewen
> <jiewen@intel.com>
> Subject: RE: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> Jiaxin
> 
> With this capability introduced, could you update Wiki page to notify platform
> to configure that if needed?
> https://github.com/tianocore/tianocore.github.io/wiki/HTTPS-Boot
> 
> Thanks,
> Ruth
> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Fu,
> Siyuan
> Sent: Friday, February 9, 2018 1:23 PM
> To: Wu, Jiaxin <jiaxin...@intel.com>; edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Zimmer, Vincent
> <vincent.zim...@intel.com>; Ye, Ting <ting...@intel.com>; Laszlo Ersek
> <ler...@redhat.com>; Yao, Jiewen <jiewen@intel.com>
> Subject: Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to
> configure TLS CipherList.
> 
> Hi, Jiaxin
> 
> I think we can remove the "TlsCipherList.h" to another name like
> "HttpTlsCipherListVariable.h" to  highlight that the variable is only used for
> HTTP configuration. And also the variable name and GUID name.
> 
> Siyuan
> 
> > -Original Message-
> > From: Wu, Jiaxin
> > Sent: Friday, February 9, 2018 12:00 PM
> > To: edk2-devel@lists.01.org
> > Cc: Laszlo Ersek <ler...@redhat.com>; Kinney, Michael D
> > <michael.d.kin...@intel.com>; Zimmer, Vincent
> <vincent.zim...@intel.com>;
> > Yao, Jiewen <jiewen@intel.com>; Ye, Ting <ting...@intel.com>; Fu,
> > Siyuan <siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com>
> > Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> > CipherList.
> >
> > Cc: Laszlo Ersek <ler...@redhat.com>
> > Cc: Kinney Michael D <michael.d.kin...@intel.com>
> > Cc: Zimmer Vincent <vincent.zim...@intel.com>
> > Cc: Yao Jiewen <jiewen@intel.com>
> > Cc: Ye Ting <ting...@intel.com>
> > Cc: Fu Siyuan <siyuan...@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Wu Jiaxin <jiaxin...@intel.com>
> >
> > Jiaxin Wu (2):
> >   NetworkPkg: Define one private variable for TLS CipherList
> > configuration.
> >   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
> > session.
> >
> >  NetworkPkg/HttpDxe/HttpDriver.h |  3 +-
> >  NetworkPkg/HttpDxe/HttpDxe.inf  |  3 +-
> >  NetworkPkg/HttpDxe/HttpsSupport.c   | 92
> > -
> >  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++
> >  NetworkPkg/NetworkPkg.dec   |  3 ++
> >  5 files changed, 136 insertions(+), 3 deletions(-)
> >  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> >
> > --
> > 1.9.5.msysgit.1
> 
> ___
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

2018-02-08 Thread Li, Ruth

Jiaxin

With this capability introduced, could you update Wiki page to notify platform 
to configure that if needed? 
https://github.com/tianocore/tianocore.github.io/wiki/HTTPS-Boot 

Thanks,
Ruth
-Original Message-
From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Fu, 
Siyuan
Sent: Friday, February 9, 2018 1:23 PM
To: Wu, Jiaxin <jiaxin...@intel.com>; edk2-devel@lists.01.org
Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Zimmer, Vincent 
<vincent.zim...@intel.com>; Ye, Ting <ting...@intel.com>; Laszlo Ersek 
<ler...@redhat.com>; Yao, Jiewen <jiewen....@intel.com>
Subject: Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure 
TLS CipherList.

Hi, Jiaxin

I think we can remove the "TlsCipherList.h" to another name like 
"HttpTlsCipherListVariable.h" to  highlight that the variable is only used for 
HTTP configuration. And also the variable name and GUID name. 

Siyuan

> -Original Message-
> From: Wu, Jiaxin
> Sent: Friday, February 9, 2018 12:00 PM
> To: edk2-devel@lists.01.org
> Cc: Laszlo Ersek <ler...@redhat.com>; Kinney, Michael D
> <michael.d.kin...@intel.com>; Zimmer, Vincent <vincent.zim...@intel.com>;
> Yao, Jiewen <jiewen@intel.com>; Ye, Ting <ting...@intel.com>; Fu,
> Siyuan <siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com>
> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> Cc: Laszlo Ersek <ler...@redhat.com>
> Cc: Kinney Michael D <michael.d.kin...@intel.com>
> Cc: Zimmer Vincent <vincent.zim...@intel.com>
> Cc: Yao Jiewen <jiewen@intel.com>
> Cc: Ye Ting <ting...@intel.com>
> Cc: Fu Siyuan <siyuan...@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin <jiaxin...@intel.com>
> 
> Jiaxin Wu (2):
>   NetworkPkg: Define one private variable for TLS CipherList
> configuration.
>   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
> session.
> 
>  NetworkPkg/HttpDxe/HttpDriver.h |  3 +-
>  NetworkPkg/HttpDxe/HttpDxe.inf  |  3 +-
>  NetworkPkg/HttpDxe/HttpsSupport.c   | 92
> -
>  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++
>  NetworkPkg/NetworkPkg.dec   |  3 ++
>  5 files changed, 136 insertions(+), 3 deletions(-)
>  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> 
> --
> 1.9.5.msysgit.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

2018-02-08 Thread Wu, Jiaxin

Thanks the comment, I will refine the series patch.



> -Original Message-
> From: Fu, Siyuan
> Sent: Friday, February 9, 2018 1:23 PM
> To: Wu, Jiaxin ; edk2-devel@lists.01.org
> Cc: Laszlo Ersek ; Kinney, Michael D
> ; Zimmer, Vincent
> ; Yao, Jiewen ; Ye,
> Ting 
> Subject: RE: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> Hi, Jiaxin
> 
> I think we can remove the "TlsCipherList.h" to another name like
> "HttpTlsCipherListVariable.h" to  highlight that the variable is only used for
> HTTP configuration. And also the variable name and GUID name.
> 
> Siyuan
> 
> > -Original Message-
> > From: Wu, Jiaxin
> > Sent: Friday, February 9, 2018 12:00 PM
> > To: edk2-devel@lists.01.org
> > Cc: Laszlo Ersek ; Kinney, Michael D
> > ; Zimmer, Vincent
> ;
> > Yao, Jiewen ; Ye, Ting ; Fu,
> > Siyuan ; Wu, Jiaxin 
> > Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> > CipherList.
> >
> > Cc: Laszlo Ersek 
> > Cc: Kinney Michael D 
> > Cc: Zimmer Vincent 
> > Cc: Yao Jiewen 
> > Cc: Ye Ting 
> > Cc: Fu Siyuan 
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Wu Jiaxin 
> >
> > Jiaxin Wu (2):
> >   NetworkPkg: Define one private variable for TLS CipherList
> > configuration.
> >   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
> > session.
> >
> >  NetworkPkg/HttpDxe/HttpDriver.h |  3 +-
> >  NetworkPkg/HttpDxe/HttpDxe.inf  |  3 +-
> >  NetworkPkg/HttpDxe/HttpsSupport.c   | 92
> > -
> >  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++
> >  NetworkPkg/NetworkPkg.dec   |  3 ++
> >  5 files changed, 136 insertions(+), 3 deletions(-)
> >  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> >
> > --
> > 1.9.5.msysgit.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

2018-02-08 Thread Fu, Siyuan

Hi, Jiaxin

I think we can remove the "TlsCipherList.h" to another name like 
"HttpTlsCipherListVariable.h" to  highlight that the variable is only used for 
HTTP configuration. And also the variable name and GUID name. 

Siyuan

> -Original Message-
> From: Wu, Jiaxin
> Sent: Friday, February 9, 2018 12:00 PM
> To: edk2-devel@lists.01.org
> Cc: Laszlo Ersek ; Kinney, Michael D
> ; Zimmer, Vincent ;
> Yao, Jiewen ; Ye, Ting ; Fu,
> Siyuan ; Wu, Jiaxin 
> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
> 
> Cc: Laszlo Ersek 
> Cc: Kinney Michael D 
> Cc: Zimmer Vincent 
> Cc: Yao Jiewen 
> Cc: Ye Ting 
> Cc: Fu Siyuan 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin 
> 
> Jiaxin Wu (2):
>   NetworkPkg: Define one private variable for TLS CipherList
> configuration.
>   NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
> session.
> 
>  NetworkPkg/HttpDxe/HttpDriver.h |  3 +-
>  NetworkPkg/HttpDxe/HttpDxe.inf  |  3 +-
>  NetworkPkg/HttpDxe/HttpsSupport.c   | 92
> -
>  NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++
>  NetworkPkg/NetworkPkg.dec   |  3 ++
>  5 files changed, 136 insertions(+), 3 deletions(-)
>  create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> 
> --
> 1.9.5.msysgit.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

Re: [edk2] [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.

7 matches

Site Navigation

Mail list logo

Footer information