[CDNi] Ben Campbell's Discuss on draft-ietf-cdni-logging-25: (with DISCUSS and COMMENT)
"Ben Campbell" <ben@nostrum.com> Wed, 18 May 2016 22:32 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: cdni@ietf.org
Delivered-To: cdni@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A74F012D1E0; Wed, 18 May 2016 15:32:57 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.20.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160518223257.14733.37895.idtracker@ietfa.amsl.com>
Date: Wed, 18 May 2016 15:32:57 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/cdni/2lkPAjWFxdCpmUpPZC_OqUBmgAc>
Cc: draft-ietf-cdni-logging@ietf.org, cdni@ietf.org, cdni-chairs@ietf.org
Subject: [CDNi] Ben Campbell's Discuss on draft-ietf-cdni-logging-25: (with DISCUSS and COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2016 22:32:58 -0000
Ben Campbell has entered the following ballot position for draft-ietf-cdni-logging-25: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cdni-logging/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- While the security and privacy bits are much improved from earlier versions, I think I have found some holes. I assume these are not intentional, and it's entirely possible I have misread some things. But I would like to make sure they are considered prior to progressing. - 3.4.1, c-groupid: The privacy-related guidance about c-groupids indentifying individual clients (in the several bullet list entries with "-" bullets) seems contingent on the MAY in the parent (with the "+" bullet.) The parent says that you MAY structure the field so that parts identify the aggregate and one part aggregates the individual, with the sub-bullets following an "In this case..." clause. I assume the guidance is intended to apply even when an implementation doesn't structure c-groupid that way (or at all.) - 7.1: This section seems to effectively say that various protections are required when they are required. But it doesn't give advice on when they may be required. (For example, when c-groupid can be mapped to individual client addresses.) - 7.3: "Making detailed CDNI logging information known to the uCDN does not represent a particular privacy concern because the uCDN is already exposed at request redirection time to most of the information that shows up as CDNI logging information (e.g., enduser IP@, URL, HTTP headers - at least when HTTP redirection is used between uCDN and dCDN)." I agree this is mostly true for HTTP redirection. But as you mention, the assertion seems to fall down for DNS redirection, where the uCDN may have considerably less information. I think some different guidance for that case may be needed. -- "Transporting detailed CDNI logging information over the HTTP based CDNI Logging Interface does not represent a particular privacy concern because it is protected by usual IETF privacy-protection mechanism (e.g.,TLS)." I don't find normative text that says privacy-sensitive information MUST be protected. Just that information that needs to be protected MUST be protected. The reader is left to infer that privacy-sensitive information is covered by that. (See previous comment about 7.1). Without something explicit there, I think it highly likely that some people will rationalize that their deployments don't need protection for one reason or another. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - 3.3, 2nd to last paragraph: What does it mean to reject a logging file? Does it mean to simply ignore it, or does it imply some notice back the source of the file that there's a problem? (I tend to think of "reject" as implying the latter in a protocol, in contrast to words like "drop" or "ignore".) - 3.4.1, 3rd "-" bullet: "The algorithmic mapping and variation over time MAY allow the uCDN ... to reconstruct the actual client IPv4 or IPv6 address" Is that intended to be a 2119 MAY or a statement of fact? If the former, it seems to directly contradict the NOT RECOMMENDED in the next "-" bullet..
- [CDNi] Ben Campbell's Discuss on draft-ietf-cdni-… Ben Campbell
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Ben Niven-Jenkins
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Stephen Farrell
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Ben Niven-Jenkins
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Stephen Farrell
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Ben Campbell
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Ben Niven-Jenkins
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Ben Niven-Jenkins
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Stephen Farrell
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Ben Niven-Jenkins
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Spencer Dawkins at IETF
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Francois Le Faucheur
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Francois Le Faucheur
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Francois Le Faucheur
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Ben Campbell
- Re: [CDNi] Ben Campbell's Discuss on draft-ietf-c… Francois Le Faucheur