Re: [CDNi] Early AD review of draft-ietf-cdni-metadata-17
Ben Niven-Jenkins <ben@niven-jenkins.co.uk> Sun, 12 June 2016 21:13 UTC
Return-Path: <ben@niven-jenkins.co.uk>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 314B712D1D2 for <cdni@ietfa.amsl.com>; Sun, 12 Jun 2016 14:13:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXd7mXq5eKWA for <cdni@ietfa.amsl.com>; Sun, 12 Jun 2016 14:13:17 -0700 (PDT)
Received: from mailex.mailcore.me (smtp.123-reg.co.uk [94.136.40.63]) by ietfa.amsl.com (Postfix) with ESMTP id 1022A12D0F9 for <cdni@ietf.org>; Sun, 12 Jun 2016 14:13:16 -0700 (PDT)
Received: from [118.201.150.4] (helo=[10.5.1.220]) by smtp04.mailcore.me with esmtpa (Exim 4.80.1) (envelope-from <ben@niven-jenkins.co.uk>) id 1bCCh1-0005Va-1e; Sun, 12 Jun 2016 22:13:15 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Ben Niven-Jenkins <ben@niven-jenkins.co.uk>
In-Reply-To: <A419F67F880AB2468214E154CB8A556206DFD2B9@eusaamb103.ericsson.se>
Date: Sun, 12 Jun 2016 22:13:10 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <E6FF0025-CDA5-4E2F-A46B-4EBDC6406595@niven-jenkins.co.uk>
References: <A419F67F880AB2468214E154CB8A556206DE1909@eusaamb103.ericsson.se> <1464861734.1246901.625717065.0912CC9E@webmail.messagingengine.com> <A419F67F880AB2468214E154CB8A556206DFD2B9@eusaamb103.ericsson.se>
To: Kevin Ma J <kevin.j.ma@ericsson.com>
X-Mailer: Apple Mail (2.2098)
X-Mailcore-Auth: 9600544
X-Mailcore-Domain: 172912
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/0t9fcHkWA5TKr0wD6THFHOZFYD8>
Cc: "cdni@ietf.org" <cdni@ietf.org>
Subject: Re: [CDNi] Early AD review of draft-ietf-cdni-metadata-17
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Jun 2016 21:13:19 -0000
Alexey, Kevin, I’m coming to the party a bit late (unfortunately I have very little time for IETF work these days). This caught my eye and I wanted to comment on it. > On 2 Jun 2016, at 15:15, Kevin Ma J <kevin.j.ma@ericsson.com> wrote: > > wrt: >>> In 7.4: I think I am sad that you haven't defined any initial >>> authentication mechanism. Has this been discussed in the WG? > > The thought behind this was that URI Signing would be the primary delivery auth mechanism, and could also be used for acquisition auth; but thank you for reminding me that I missed the Auth Type registration in https://tools.ietf.org/html/draft-ietf-cdni-uri-signing-07#section-8. :) URL signing provides authorisation, not authentication. At the time my opinion/thinking (and it hasn’t changed since) was: - The vast majority of HTTP content is delivered without authentication. - Defining authentication is hard - by which I mean the auth itself is not hard, specifying a secure way to distribute secrets etc is hard, as illustrated by the need for a LURK WG for doing something similar for related but not identical use cases to CDNI. - I was worried trying to define a secure way to distribute auth secrets etc would delay the work unnecessarily both in terms of time spent in the WG and time spent getting whatever mechanism we defined past the IESG. Authenticating the channel over which the CDNI metadata is distributed (as opposed to authenticating the User Agent/user requesting the content from the dCDN) is already specified/mandated in the document IIRC. Ben
- [CDNi] Working Group Last Call on draft-ietf-cdni… Kevin Ma J
- [CDNi] Early AD review of draft-ietf-cdni-metadat… Alexey Melnikov
- Re: [CDNi] Early AD review of draft-ietf-cdni-met… Kevin Ma J
- Re: [CDNi] Early AD review of draft-ietf-cdni-met… Kevin Ma J
- Re: [CDNi] Early AD review of draft-ietf-cdni-met… Kevin Ma J
- Re: [CDNi] Early AD review of draft-ietf-cdni-met… Alexey Melnikov
- Re: [CDNi] Early AD review of draft-ietf-cdni-met… Kevin Ma J
- Re: [CDNi] Early AD review of draft-ietf-cdni-met… Kevin Ma J
- Re: [CDNi] Working Group Last Call on draft-ietf-… Kevin Ma J
- Re: [CDNi] Early AD review of draft-ietf-cdni-met… Kevin Ma J
- Re: [CDNi] Early AD review of draft-ietf-cdni-met… Ben Niven-Jenkins
- [CDNi] Early AD review of draft-ietf-cdni-metadat… Alexey Melnikov