Re: [alto] Roman Danyliw's Discuss on draft-ietf-alto-new-transport-17: (with DISCUSS and COMMENT)
kaigao@scu.edu.cn Wed, 25 October 2023 09:57 UTC
Return-Path: <kaigao@scu.edu.cn>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECC89C14F736; Wed, 25 Oct 2023 02:57:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FC_LwTZhzwoD; Wed, 25 Oct 2023 02:57:10 -0700 (PDT)
Received: from sgoci-sdnproxy-4.icoremail.net (sgoci-sdnproxy-4.icoremail.net [129.150.39.64]) by ietfa.amsl.com (Postfix) with ESMTP id 30DB6C151084; Wed, 25 Oct 2023 02:56:59 -0700 (PDT)
Received: from kaigao$scu.edu.cn ( [171.223.195.31] ) by ajax-webmail-app2 (Coremail) ; Wed, 25 Oct 2023 17:57:00 +0800 (GMT+08:00)
X-Originating-IP: [171.223.195.31]
Date: Wed, 25 Oct 2023 17:57:00 +0800
X-CM-HeaderCharset: UTF-8
From: kaigao@scu.edu.cn
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, alto-chairs@ietf.org, draft-ietf-alto-new-transport@ietf.org, alto@ietf.org
X-Priority: 3
X-Mailer: Coremail Webmail Server Version 2023.1-cmXT5 build 20230419(ff23bf83) Copyright (c) 2002-2023 www.mailtech.cn scu
In-Reply-To: <169811524611.9451.4946205247504860406@ietfa.amsl.com>
References: <169811524611.9451.4946205247504860406@ietfa.amsl.com>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Message-ID: <58627ea3.17d3.18b664417c8.Coremail.kaigao@scu.edu.cn>
X-Coremail-Locale: en_US
X-CM-TRANSID: Mv0DCgD3_0ds5jhlmUAhAA--.1574W
X-CM-SenderInfo: 5ndlwt3r6vu3oohg3hdfq/1tbiAQYPB2U3plE0HQACsB
X-Coremail-Antispam: 1Ur529EdanIXcx71UUUUU7IcSsGvfJ3iIAIbVAYjsxI4VW3Jw CS07vEb4IE77IF4wCS07vE1I0E4x80FVAKz4kxMIAIbVAFxVCaYxvI4VCIwcAKzIAtYxBI daVFxhVjvjDU=
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/uUo3TiRvqC6feHacUCqLUX9jdjQ>
Subject: Re: [alto] Roman Danyliw's Discuss on draft-ietf-alto-new-transport-17: (with DISCUSS and COMMENT)
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2023 09:57:14 -0000
Hi Roman, Thanks for the review. Please see inline. Best, Kai > -----Original Messages----- > From: "Roman Danyliw via Datatracker" <noreply@ietf.org> > Send time:Tuesday, 10/24/2023 10:40:46 > To: "The IESG" <iesg@ietf.org> > Cc: alto-chairs@ietf.org, draft-ietf-alto-new-transport@ietf.org, alto@ietf.org > Subject: [alto] Roman Danyliw's Discuss on draft-ietf-alto-new-transport-17: (with DISCUSS and COMMENT) > > Roman Danyliw has entered the following ballot position for > draft-ietf-alto-new-transport-17: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-alto-new-transport/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > ** Section 6.2. Construction of the “tips-view-uri”. > > -- Under what circumstances would it be appropriate to use http (instead of > https) for the tips-view-uri for this new protocol mechanism? Why is http > needed? Could https be the only option? I appreciate that there is history of > an http URL from RFC7285 published in 2014, but has field experience continue > to dictate a need for this insecure approach for an entirely new service? If > it is needed would there be a away to express a preference for secure transport? > [KAI] One reason I can think of to keep http is to allow caching of incremental updates (whose uri is based on the tips-view-uir) for a given resource whose content is intended to be publicly accessible, which could happen if the server is hosted by the ISP and a cost map is intended to be accessible by all its users. How about we add the following sentence in sec 6.2: An ALTO server SHOULD always use "https" unless the ALTO resource is intended to be publicly accessible and does not raise any security concerns. > -- Is there any underlying assumption in how “tips-view-path” is constructed? I > asked because Section 9.3 says “An outside party that can read the TIPS > response or that can observe TIPS requests can obtain the TIPS view URI and use > that to send fraudulent ‘DELETE’ requests thus disabling the service for the > valid ALTO client. This can be avoided by encrypting the requests and > responses (Section 15 of [RFC7285]).” Observing the tips-view-uri is one way > to spoof the URI, but what if it could be guessed? Is there an assumption that > a unguessable random string is part of the path? As far as I can find, no text > explicitly says that, although the examples imply it. If the string is > guessable being encrypted doesn’t help but using some kind of authentication > would. > > [KAI] In -17, the fraudulent 'DELETE' issue no long exists as we now require the server to close of TIPS views, as suggested by the HTTPDIR reviewer and the AD. I think that would address this issue. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Donald Eastlake for the SECDIR review. > > ** Section 6.3. The example in Figure 10 describes Basic Auth. Section 8.3.5 > of RFC7295 notes that Digest Auth is MTI. Recommend using that instead. > > ** Section 9. > The security considerations (Section 15 of [RFC7285]) of the base > protocol fully apply to this extension. For example, the same > authenticity and integrity considerations (Section 15.1 of [RFC7285]) > still fully apply; > > Since ALTO TIPS is a new protocol mechanism is it possible to improve on the > TLS guidance in Section 8.3.5 of RFC7295 (from circa 2014)? Specifically, can > RFC9325 be mandated? > > > > _______________________________________________ > alto mailing list > alto@ietf.org > https://www.ietf.org/mailman/listinfo/alto
- [alto] Roman Danyliw's Discuss on draft-ietf-alto… Roman Danyliw via Datatracker
- Re: [alto] Roman Danyliw's Discuss on draft-ietf-… kaigao
- Re: [alto] Roman Danyliw's Discuss on draft-ietf-… kaigao
- Re: [alto] Roman Danyliw's Discuss on draft-ietf-… mohamed.boucadair
- Re: [alto] Roman Danyliw's Discuss on draft-ietf-… Qin Wu