Re: [CDNi] Éric Vyncke's Discuss on draft-ietf-cdni-uri-signing-21: (with DISCUSS and COMMENT)
Phil Sorber <sorber@apache.org> Thu, 25 February 2021 06:06 UTC
Return-Path: <sorber@apache.org>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E44B3A13AC for <cdni@ietfa.amsl.com>; Wed, 24 Feb 2021 22:06:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.897
X-Spam-Level:
X-Spam-Status: No, score=-9.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FgXDSc8_cIdk for <cdni@ietfa.amsl.com>; Wed, 24 Feb 2021 22:06:04 -0800 (PST)
Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13B513A13A8 for <cdni@ietf.org>; Wed, 24 Feb 2021 22:06:03 -0800 (PST)
Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id 44446431C8 for <cdni@ietf.org>; Thu, 25 Feb 2021 06:06:03 +0000 (UTC)
Received: (qmail 51476 invoked by uid 99); 25 Feb 2021 06:06:03 -0000
Received: from mailrelay1-he-de.apache.org (HELO mailrelay1-he-de.apache.org) (116.203.21.61) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Feb 2021 06:06:03 +0000
Received: from mail-oi1-f173.google.com (mail-oi1-f173.google.com [209.85.167.173]) by mailrelay1-he-de.apache.org (ASF Mail Server at mailrelay1-he-de.apache.org) with ESMTPSA id 10ABD3E8AA; Thu, 25 Feb 2021 06:06:02 +0000 (UTC)
Received: by mail-oi1-f173.google.com with SMTP id i21so2768283oii.2; Wed, 24 Feb 2021 22:06:02 -0800 (PST)
X-Gm-Message-State: AOAM531l0476remuD1tdBVvbcIdUjVj1vLYsA/bDR1nDyVX32k0XmWpK YreWnVFcxBLKVY3VghvQKLKIF+IRqypAe5r0b7U=
X-Google-Smtp-Source: ABdhPJzZE+3iBB2iY3vF+ViRPVzu5YVIRgJ1/ebiVDgnf5GOpRQfABt4bN2dV/mypuRDNZpyU/zMNYl4QgoNKR38zY8=
X-Received: by 2002:aca:3507:: with SMTP id c7mr943311oia.26.1614233160651; Wed, 24 Feb 2021 22:06:00 -0800 (PST)
MIME-Version: 1.0
References: <161408820873.1023.9593796705929519987@ietfa.amsl.com>
In-Reply-To: <161408820873.1023.9593796705929519987@ietfa.amsl.com>
From: Phil Sorber <sorber@apache.org>
Date: Wed, 24 Feb 2021 23:05:49 -0700
X-Gmail-Original-Message-ID: <CABF6JR2X0ob+PZxwWE=v-zjSDkGUNACnW11AD8-=m2YtNWd6OA@mail.gmail.com>
Message-ID: <CABF6JR2X0ob+PZxwWE=v-zjSDkGUNACnW11AD8-=m2YtNWd6OA@mail.gmail.com>
To: Éric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-cdni-uri-signing@ietf.org, "<cdni@ietf.org>" <cdni@ietf.org>, Kevin Ma J <kevin.j.ma@ericsson.com>, cdni-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000201b5505bc22f273"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/1Wh9mXrQ_pfGi4xrY2nMFxUw7vo>
Subject: Re: [CDNi] Éric Vyncke's Discuss on draft-ietf-cdni-uri-signing-21: (with DISCUSS and COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 06:06:06 -0000
Thank you for this thorough review. I have added my responses below. On Tue, Feb 23, 2021 at 6:50 AM Éric Vyncke via Datatracker < noreply@ietf.org> wrote: > Éric Vyncke has entered the following ballot position for > draft-ietf-cdni-uri-signing-21: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-cdni-uri-signing/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thank you for the work put into this document. > > Special thanks for the doc shepherd write-up , which was really useful > about > the WG history. > > Please find below one blocking DISCUSS points (which should be solved > easily), > one non-blocking COMMENT point (but replies would be appreciated), and some > nits. > > I hope that this helps to improve the document, > > Regards, > > -éric > > == DISCUSS == > > -- Section 2.1.10 -- > About "Client IP (cdniip) claim", I really wonder whether this could be > used in > real life as some IPv4 Carrier-Grade NAT (CGN) have a large pool of > "public" > IPv4 addresses that could select different public IPv4 addresses if badly > designed. How will it work with dual-stack UAs where some connections > could be > over IPv4 and some over IPv6 ? Now to mention a dual-home (Wi-Fi & mobile > data) > UA ? Or what if the dCDN is between the UA and the CGN (assuming that the > uCDN > or CSP are upstream of the CGN) ? > The cdniip claim is considered optional. So it's up to the CSP to determine if this is needed or not, or if it's even useful. It's something that has been common in the space and we needed it to maintain feature parity with existing solutions that we intended to replace. There are definitely limitations to its use, but it is something we have to include. > > Also, "If the received signed JWT contains a Client IP claim" uses singular > rather than "one or several" > I'm not sure I follow. Can you explain how you would change it? > > I also noted that Section 7 (security considerations) puts some > restrictions on > the usefulness of cdniip. > > I would welcome some applicability statements on the use of cdniip. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > == COMMENTS == > > -- Section 1.3 -- > To be honest, I fail to understand the meaning (hence the value) of figure > 3. > It's summarizing whose key of what type to be used in different scenarios, but I agree it's not very helpful. I'll remove it. > > > == NITS == > > I am afraid that the email address kleung@cisco.com is outdated. > I'll look into this. > > -- Section 1 -- > Is CDNI "interconnected CDNs (CDNI)" or "CDN Interconnection (CDNI)" ? > The latter. I will fix the first one. > > > > _______________________________________________ > CDNi mailing list > CDNi@ietf.org > https://www.ietf.org/mailman/listinfo/cdni >
- [CDNi] Éric Vyncke's Discuss on draft-ietf-cdni-u… Éric Vyncke via Datatracker
- Re: [CDNi] Éric Vyncke's Discuss on draft-ietf-cd… Phil Sorber