IETF Logo Mail Archive

Re: [CDNi] Ben Campbell's Discuss on draft-ietf-cdni-logging-25: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 19 May 2016 00:33 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D3B012D0E6; Wed, 18 May 2016 17:33:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.727
X-Spam-Level:
X-Spam-Status: No, score=-5.727 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kM1hLb0GunII; Wed, 18 May 2016 17:33:29 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6216F12B068; Wed, 18 May 2016 17:33:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0FDBDBE2C; Thu, 19 May 2016 01:33:28 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0DfhpuhWULCS; Thu, 19 May 2016 01:33:26 +0100 (IST)
Received: from [10.87.48.75] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id F036DBDF9; Thu, 19 May 2016 01:33:25 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1463618006; bh=nkAzMo2Bo1t/0uhCiaGLoheYHLJ2Z663XdMzmkG0KoY=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=C62+Y/C2INMkCILlLGPO2IORgTzBafl+JKOfP73iJyY50rEcUW3dNGaC8QvrdRk8D cV+/9IzPP5Jx/hTi4+B23iWWV6WxWp6My4N2gt/B+OoVXa9kCxo7tGCUezo63UCHPz B4qEPW0EzJwvMhvb7/ojEYInLEXjWKNPL/Tz4HzI=
To: Ben Niven-Jenkins <ben@niven-jenkins.co.uk>
References: <20160518223257.14733.37895.idtracker@ietfa.amsl.com> <3E2786B2-9204-447C-9A53-A3CB0213E0F5@niven-jenkins.co.uk> <573CFEC8.8010600@cs.tcd.ie> <5DED924E-C407-44E9-8FF1-477B26B69647@niven-jenkins.co.uk>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <573D09D5.1020501@cs.tcd.ie>
Date: Thu, 19 May 2016 01:33:25 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <5DED924E-C407-44E9-8FF1-477B26B69647@niven-jenkins.co.uk>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms040406030908070309020606"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cdni/2rwfA956Vwe7YS7vSj6ODAao7qo>
Cc: Ben Campbell <ben@nostrum.com>, draft-ietf-cdni-logging@ietf.org, The IESG <iesg@ietf.org>, cdni@ietf.org, cdni-chairs@ietf.org
Subject: Re: [CDNi] Ben Campbell's Discuss on draft-ietf-cdni-logging-25: (with DISCUSS and COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 00:33:31 -0000


On 19/05/16 01:24, Ben Niven-Jenkins wrote:
> 
>> On 19 May 2016, at 00:46, Stephen Farrell
>> <stephen.farrell@cs.tcd.ie> wrote: On 19/05/16 00:38, Ben
>> Niven-Jenkins wrote:
>>> Hi Ben,
>>> 
>>> I’ll let the authors respond to most of your comments but I
>>> wanted to respond to one of them, see below.
>>> 
>>>> On 18 May 2016, at 23:32, Ben Campbell <ben@nostrum.com> wrote:
>>>>  
>>>> ----------------------------------------------------------------------
>>>>
>>>>
>>
>>>> 
DISCUSS:
>>>> ----------------------------------------------------------------------
>>>>
>>>>
>>
>>>> 
- 7.3: "Making detailed CDNI logging
>>>> information known to the uCDN does not represent a particular 
>>>> privacy concern because the uCDN is already exposed at request 
>>>> redirection time to most of the information that shows up as
>>>> CDNI logging information (e.g., enduser IP@, URL, HTTP headers
>>>> - at least when HTTP redirection is used between uCDN and
>>>> dCDN)."
>>>> 
>>>> I agree this is mostly true for HTTP redirection. But as you 
>>>> mention, the assertion seems to fall down for DNS redirection, 
>>>> where the uCDN may have considerably less information. I think
>>>> some different guidance for that case may be needed.
>>> 
>>> True, but…making detailed CDNI logging information known to the
>>> uCDN does not expose any more information to the uCDN than if the
>>> uCDN had chosen to perform the content delivery itself.
>>> 
>>> Typically when entity A contracts out work to entity B, entity A
>>> is entitled to see all records produced by entity B on entity
>>> A’s behalf.
>> 
>> I don't accept that that applies to all of the information that 
>> could be at issue here. For example if A is in the US and B is in 
>> the EU then things are not that simple.
> 
> You are correct that there are laws that may prevent the export of
> personal data from one country to another. AFAIK no IETF protocol
> that exchanges personal data or privacy impacting data has additional
> technical mechanisms to account for such laws (and I can not recall
> reading text in a technical specification RFC that discussed the
> impacts of such laws on the protocol being specified) so I don’t see
> how the presence of such laws is relevant to the technical
> specification of the CDNI logging interface.

The relevance is that it shows that your argument wasn't correct
as stated. There are other arguments, that are perhaps not yet well
accepted by those considering CDNI, for example that receiving all
of that logging data unaggregated is more toxic than valuable,
but I think we had that discussion before and concluded that the
best and correct thing for us to do now with CDNI is to ensure
that some privacy friendly mode of operation exists and is usable.
Ben's discuss seems to me to be checking whether we've done that
as well as we thought, and that's a good thing.

If instead you want to re-litigate that basic argument then we
can do that but I expect that'd be unproductive for us all and
would land us back where we are now anyway.

S.


> 
> Ben
>

v2.23.0 | Report a Bug | By Email