IETF Logo Mail Archive

Re: [CDNi] Request for feedback on the 3 SVTA drafts presented at IETF116

"Goldstein, Glenn" <Glenn.Goldstein@lumen.com> Tue, 05 September 2023 14:12 UTC

Return-Path: <Glenn.Goldstein@lumen.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6530C14F74A for <cdni@ietfa.amsl.com>; Tue, 5 Sep 2023 07:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.005
X-Spam-Level:
X-Spam-Status: No, score=-7.005 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=lumen.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w7wKYBvkw4h4 for <cdni@ietfa.amsl.com>; Tue, 5 Sep 2023 07:12:40 -0700 (PDT)
Received: from lxdnp29m.centurylink.com (lxdnp29m.centurylink.com [155.70.32.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7412CC151553 for <cdni@ietf.org>; Tue, 5 Sep 2023 07:12:40 -0700 (PDT)
Received: from lxomp90v.corp.intranet (lxomp90v.corp.intranet [151.117.203.59]) by lxdnp29m.centurylink.com (8.14.8/8.14.8) with ESMTP id 385ED476023827 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 5 Sep 2023 08:13:04 -0600
DKIM-Filter: OpenDKIM Filter v2.11.0 lxdnp29m.centurylink.com 385ED476023827
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lumen.com; s=LUMEN; t=1693923187; bh=Qq17ocjcVilTiJmOx4BxS4BbwzGu4wNN0/i2MZC3dxA=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=jeWPpfYRTcKEhCFTM4tUxUN4yNTLhfYSP+Qypn8ZGI/PMa5cjFL6+2+ecaq3S4PnS 7cpjzT45MeEV1pLynX47GAxX+rqU2RPK7j8E9ARXw9qKRtbfn12DV3nLQSzWhMmKd7 gtlSLrF/yLcDTwmIou1lsVBffu/La76fIiD0c9vI=
Received: from lxomp90v.corp.intranet (localhost [127.0.0.1]) by lxomp90v.corp.intranet (8.14.8/8.14.8) with ESMTP id 385ECUFR027524; Tue, 5 Sep 2023 09:12:30 -0500
Received: from lxomp06u.corp.intranet (omahamailgate.corp.intranet [151.117.24.242]) by lxomp90v.corp.intranet (8.14.8/8.14.8) with ESMTP id 385ECUOe027521 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 5 Sep 2023 09:12:30 -0500
Received: from lxomp06u.corp.intranet (localhost [127.0.0.1]) by lxomp06u.corp.intranet (8.14.8/8.14.8) with ESMTP id 385ECTLJ007706; Tue, 5 Sep 2023 09:12:29 -0500
Received: from usidcwvexch06.ctl.intranet ([4.72.132.46]) by lxomp06u.corp.intranet (8.14.8/8.14.8) with ESMTP id 385ECQSP007583 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 5 Sep 2023 09:12:29 -0500
Received: from usidcwvexch05.ctl.intranet (4.72.132.41) by usidcwvexch06.ctl.intranet (4.72.132.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31; Tue, 5 Sep 2023 08:12:28 -0600
Received: from usidcwvedgex02.ctl.intranet (4.68.50.27) by usidcwvexch05.ctl.intranet (4.72.132.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31 via Frontend Transport; Tue, 5 Sep 2023 08:12:28 -0600
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.169) by edge.centurylink.com (4.68.50.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.31; Tue, 5 Sep 2023 08:12:27 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SgQdUbrHo/gX5M0TMQjOVqK2zuJa5ixcFzqlzwv2bFO6hedsQXSC0C5Oq8m3eCNCh1V31n6Sd91JkxoUOhoyfdyJh71IQsMoOZL79gO2K+5lZxpwoWpR+boHpdtUptjlgLWwGvuBRu2qt+5nbOP0PnrLNNiuAM/46wKO6m328/qP/aMIKfnRx61TomxJmjAZ57KshnNMG5dq6pGrisA+iggvL42xQA6Rg1DjQ9dvQRlPO3vv2PM0rm0WaJ/zy771W44uWAKvkNAWXA3HiZq+6sRVEzCS429CdFRWG1q67hJYU+CcohaI4Uh4pxyF07EQl7yzyS2Jm+CJj+KFl6xMnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9WBqS34YDpvnkNPvTIKtPCwLnl7T6V1c3tHvftiHeAA=; b=FpAlz8Lje1ekafaQbK1zxOQBomry5wI6ka6XzvazYh6T29JPEdQLZU8PYu2HCxV8RTi1PP8L2VRx418hjYJp3WIeEYgK1eDwbnNpx3Y52LFuS5eonMlzZDHKICkw6n0hfYiPcET35dLO3MFaLm8mQBceT8QUoRd+4nTf8CN0+RT/wYJx7pm18qVs3EMKB0QJgqTixN2b1XxlkFtQGKjYJ3p5UyvBwey5wKBOSKtIzZS+RiGwEQduLoZKfHs+QMbjhTVrIUWo+i4qdYpMFiTWR7ZgBD9ZyzipslTm6cWzfQioSkbb32mbEOkMUxquI0jnSO0v888dQ1/kTJGR7LO7ag==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=lumen.com; dmarc=pass action=none header.from=lumen.com; dkim=pass header.d=lumen.com; arc=none
Received: from MN2PR02MB7086.namprd02.prod.outlook.com (2603:10b6:208:20c::17) by SA1PR02MB9867.namprd02.prod.outlook.com (2603:10b6:806:377::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.33; Tue, 5 Sep 2023 14:12:25 +0000
Received: from MN2PR02MB7086.namprd02.prod.outlook.com ([fe80::3eba:cb6c:400d:c352]) by MN2PR02MB7086.namprd02.prod.outlook.com ([fe80::3eba:cb6c:400d:c352%4]) with mapi id 15.20.6745.030; Tue, 5 Sep 2023 14:12:25 +0000
From: "Goldstein, Glenn" <Glenn.Goldstein@lumen.com>
To: Kevin Ma <kevin.j.ma.ietf@gmail.com>, "Goldstein, Glenn" <Glenn.Goldstein=40lumen.com@dmarc.ietf.org>
CC: "cdni@ietf.org" <cdni@ietf.org>
Thread-Topic: [CDNi] Request for feedback on the 3 SVTA drafts presented at IETF116
Thread-Index: AQHZeSuOS2t4MPNYXEuzZTfT5xwnKrAMTp6AgADEsRY=
Date: Tue, 05 Sep 2023 14:12:25 +0000
Message-ID: <MN2PR02MB708637CC2FD9165CAD8723BDEFE8A@MN2PR02MB7086.namprd02.prod.outlook.com>
References: <MN2PR02MB70867C5B19194F6DA6C3CD3AEF6A9@MN2PR02MB7086.namprd02.prod.outlook.com> <CAMrHYE1gUUfx7ga23eaCuVfX=nP7jo-gK1+QoQNgx-5PFqhhdg@mail.gmail.com>
In-Reply-To: <CAMrHYE1gUUfx7ga23eaCuVfX=nP7jo-gK1+QoQNgx-5PFqhhdg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=lumen.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR02MB7086:EE_|SA1PR02MB9867:EE_
x-ms-office365-filtering-correlation-id: d6104cbd-9a7e-4fbe-431c-08dbae1a218d
x-proofpoint-id: cc8d24b9-62b4-40eb-a691-fd30daa1e245
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wYMN+1gMJjOqaOwi2LPcAN5vCWt94loszW3petPc9tC0JAHqymuF2eM6HVxbbPaW0ySUqUWWVNSAt2kwkkN/iLknEPB+qHDYpMvKIVYhnx2RgnitORWmsvwAyeRpvzQIA1ggy3MUnEyVyQb0HitEvsTyHCnC7LFbxbaBgn7UwNJHQTP2LXzHs2Tvqdj0noDeJ5j8MYWGxItjcjiFdsrpYhGFv5zZ77eUZ9UPuJm1O1X4NdN65FQWO34+Ish4XXDOikzj3YZcXgfocluxZHPQos+BPe9fvw0iDT0K/3wYyV9gTKrPosS8Pc9AjlE0EKd209OF4Gty7az+sKfcK/qqpj0q0SN31IYC2ei61CeEfuKRhC1XmE1KY1stLy2KFvb3y60MmOUrAVVuk3lNKyOy2jWOT9N3FNyFWL/lg6Oj1t5cX76tMO2HoZpQYC6PXdniFgR/yNYMtptoT2/JsD2EukKHwGlnLkx8RV6kRmXHed8wQbAzg5+gDnLaJmJ8bmdi+52di0MPpC68iABaYk0ww4gG8tpjHSk7T2uQeCWI+7Dg5aO8O62SBilqxJp6ovFdjd3I4bRk1uM6LHgoroWHL4H8WfeyXqJyFnho1Y1I4vw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR02MB7086.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(376002)(136003)(39860400002)(366004)(346002)(451199024)(1800799009)(186009)(52536014)(8676002)(316002)(66556008)(110136005)(66476007)(66446008)(64756008)(4326008)(66946007)(76116006)(8936002)(55016003)(166002)(122000001)(7696005)(9686003)(53546011)(6506007)(41300700001)(5660300002)(71200400001)(966005)(478600001)(2906002)(83380400001)(86362001)(33656002)(38070700005)(38100700002)(82960400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: G+NAMo/RS5kCJ9FABNKDUnTBla8HBY+es5oWzpo6JNlgzRljgzT5TlxU3K6bYbS3C86zDLQdefcinJRoVy5g6Hp/4nQlWgya0+MiIqL+HUq6DNglc9q3sKwbpoTZLkEnRmEuoceVMemgLQIzBoR5FJU7J2fMOc41ZDPf2dCD+l43W1PFglVUcnPjYKeQjLYg3oAwHz/W74fqFYzWF9L98s++8KruXrcmRjcMmBiPvPThkTc9rXznwe6PZ8HCaVTq3bbXQ9YP5+S/lfRKPX1U86FIDzuI/xUsAOTlusiHSPRiL3TnKOfko0neX7A12k/nW6FrygWRs0y6hCpT/LQ3/aifewcgg3aVreg+B2rFEmFYWx53TijpUoVK4HenwDYcloBe+pUOJJbnK2jo3gXQTFYF5muVFZxFSKZQ/lMkMAn090eM9kMA+w34OhT9BFtd3+yq/D/BvVIh8HXi8wXujOAdBoXBC+VfwqAxzFe3cKKSaHLqyl96Ylvj3+2kJNVAP+mi5yrbvlIkCzUgOS8x6SR3kjnMeDAnL/SiIVJQhUpuauheg5BNXPOROlvnancT2ep5zTgAsmJ23eRDBS4EDnVSYg2Z23S1ohgEM9RtvlfdwrRiXnPVPkxTcTFPi/eq9mHXpIXmD4kDYn90owQ4G2QbOVLrEkeJn4prGzDhbZB6WxslWrpk2SpEEVkt5cnNAMn7v6iAomqj6pIKINnq0p4bxwkht4BR4DmcjvNQK7U7qQfVudBHybEwPRuIC5hiAzXJwJTY/rYWkJt0MkJ+O9aHkTqGo04Kl3ZOlPKYGifB8Yry4SXeEbdPv2Hs9QT+gxCT2f/yv10i5zE6RYdgbhmjyZc3dL568pV8mHWybTc15V51OdLt3wr0QRv7pWG1k7oZ5EPhK/zLhaMSIcVZ22+4fiN3pKrpnY6zkx7MUA7CWCXBIo4ElhOU8285maqbtTTEIQMTEwkPxi+UvQtTE/tMPQ7dtuQNFSWDQ4PEDVoikCkNIXbK4iJWrUt6k4WLc4MbymZjget+tukFM91BZ31LamyKRR+kr5n5Ml7To4fSt/RtyTOE91p49apdh10p4bgdWKR8wS7xK7w3y1ARVNOsbN6/fs9YTmhXJ3JtQkpLjb1b/l/TxP0oD9CHB1XlVQADpAFP96XvPwIZxDAn8QGIpZEiSevhKb1U/G9ePXzPqmfX3/eOEA51rL2QZmIlQbU5mPOE+KXWrjEcuGM5vPgEjwfBBuYrsXhe0Ko08pGq5TzhUJVc22DwFdy1H+I/rRxXnelmE+LNI0fdCJfQPZmzvPUNRuHF99DUkhH2GyPp8+WN3Ps38H4IEaQBKQ3VH3Gk9y9mH1myDnWbbtYGCZ12zbeWGsR61CEHBZ2i4AUTSQzg/psYCf29ZmkwkV8BxIbPn2RCRte1bxb8uBvu4a8lx+O9nryHQtCCjOSQ1NlJ0SCqYBjNwEX7uRgITOGimndKF/txF4LdwFQ3LlfpMhP6OLzWDKEnE343QlSKWuqs6Ru504jQQ4e1oWzcV4iajUjY+uTdHCqeizcyKDmx0OpquYkk3a7QPRzuWW0s/DwmWRsZicr9b0588J7P1rHnFkGblg0eltm9Eu7ArDomaqyOArYoCxM8+6g93P/UOUt02ds134hql/TFk3trkO7Etj4Fwt8xAtV5C8OrBO+RgXjs1R1+XC/Z5LSc9uwy3YI=
Content-Type: multipart/alternative; boundary="_000_MN2PR02MB708637CC2FD9165CAD8723BDEFE8AMN2PR02MB7086namp_"
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: T6g8ySa5f7pXplCkGijGIZbT0WZQ3NzjS7I4BMrVhYkLriHLeg+OC2XSnsUXoGfunNHi5mfsrYnfnwDdKBWY1o29q+u/g+5ybS+lNdkfXG+juf55LYSCd5An+SU4/emiEDFzWzORouknThhunqsnjRuNH2GUbWa//FeFanDqUuwcZKnpDKjz6JxNBxbItmqs561PQpb6VmbatBtDY9VshJ76U8gtH3e7AZP6lDZVAqYtL0echiL/hk2IgHt4bXzMI6R7kWCzf7+3vjHljh6mY56G6/BtBcpH4UI/a6fM8f+zXl9tADD6hEBZPOj76y0DPLoExcnYAFI8xxqN0sRd2ArjwzV4q0rUceeU98UB5bjgnXoOwlPHC7P/IEfS5PTEFLb2ROQhBhDtf+xYG5Gc6zrfOVthDyJjoYMRTXFIjwROqgO/HkKXtcMzH1u2jKAxts4FsA/ndzc+BRmssv5N+E1UEOVBx1TIAtWKYE9nU1D4fHHwgHLYsvNvHhaXS5ZPlJ1O2slDu2+HcIrZtzmO03aftbVpVxcSZCOUgp5AslKTwvy5Vmluyn24bnsf0/CyzM4i7Llf0vUkOTcvVqW7Osdapx/d+GUg4GHEcIN80HemoMXM9CcqYzWcLAH4mHfNP0wDxwV4jX5+BVVjbSYSbSFv+W/KPblpRVBLVKnRhBkef2QjjviU1F2wagnTihIzdgqXaeK/8M9xD7XbZxcL7/e5sdpPG/HuWqIZuhh3oxvIP7C2Xih9VSbBz6eSN3vyMxLZDewwSEmGSXSPOQGtyo8qyOwAz6Am3EIGy45K1yt6LaTwKc4rdX4VslbibgLphBkWndnNncoYGtq9D54IRFpltU5waqo/qQqQZO1seRZnNsKYLWbUaN3CmhTUzUZE
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR02MB7086.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6104cbd-9a7e-4fbe-431c-08dbae1a218d
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Sep 2023 14:12:25.8260 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72b17115-9915-42c0-9f1b-4f98e5a4bcd2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KWhPIR1eJDcCt6C2zoERpficFN3XjvMo276gERqEfc+cT6f7nEyWvdS0OsWeWooTVTRrbKsgEWOe757DOnx4NO754FU8H/YkKG7hHG3dW+E=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR02MB9867
X-OriginatorOrg: lumen.com
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/5ISJmtsXl4ZKMdpj8zOrxkVINH4>
Subject: Re: [CDNi] Request for feedback on the 3 SVTA drafts presented at IETF116
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Sep 2023 14:12:44 -0000

Thanks for the detailed feedback Kevin. The 404’s on the SVTA document references will be fixed within the next week or so, as we are building out http://svta.org/documents/.


From: CDNi <cdni-bounces@ietf.org> on behalf of Kevin Ma <kevin.j.ma.ietf@gmail.com>
Date: Monday, September 4, 2023 at 10:27 PM
To: Goldstein, Glenn <Glenn.Goldstein=40lumen.com@dmarc.ietf.org>
Cc: cdni@ietf.org <cdni@ietf.org>
Subject: Re: [CDNi] Request for feedback on the 3 SVTA drafts presented at IETF116

CAUTION: This email originated outside of Lumen Technologies. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi All,

  (as an individual) I read through the protected secrets draft and have included some comments below.

thanx!

--  Kevin J. Ma

- abstract: "for ... that may be embedded" -> "to embed ..."

- section 1: "in both the FCI and MI" -> "in both the CDNI FCI and MI"

- section 1: "(support defined in this draft is specifically for HashiCorp Vault), which are accessed via a specified path and a key ID. Refer to HashiCorp Vault documentation for details." -> "(e.g., HashCorp Vault [reference])."  -- i'm not sure if we should really make a reference to a specific implementation here; could we describe it more generically as "and external key management system"?  counter argument: if we're going to create a registry and register HashCorp Vault, then it's probably fine.

- section 1: remove duplicate "uCDN issues a GET to receive an advertisement with FCI.SecretStore and FCI.SecretCertificate. As the uCDN has not yet provided a certificate, any embedded secret values in the advertisement are omitted."

- section 1: "uCDN issues a GET to receive an advertisement" -> "The uCDN receives an advertisement" - CDNI FCI (currently) is a push interface via ALTO.

- section 1: "any embedded secret values in the advertisement are omitted" - i think this could use a little bit more explicit explanation, e.g., the dCDN is not yet able to encrypt the secrets, so no secrets are provided.

- section 1: "uCDN issues a PUT to publish a configuration" -> "The uCDN publishes a configuration" - CDNI MI (currently) is a pull interface; alternately, this could be an invalidation/prepositioning trigger?

- section 1: remove " The configuration also contains MI.SecretStore and MI.SecretCertificate." ?

- section 1: "uCDN issues a GET to receive" -> "The uCDN receives"

- section 1: "the advertisement SHOULD now contain populated MI.SecretValue objects where necessary" - again, i think some addition context would help here, bothas to why secrets "SHOULD" now be populated, and why the qualifier "where necessary" is necessary

- section 1: a sequence diagram might help here.

- section 1: is "MI.LoggingTransportS3API" in a separate, yet to be adopted draft?  we may want to remove this to remove the forward reference.

- section 3.1, "secret-store-type" type: should probably quote "MI.SecretStoreTypeEmbedded" and "MI.SecretStoreTypeVault"

- section 3.1: should there be a registry for secret-store-types?

- section 3.1: why is "secret-certificate-id" in the MI.SecretStore object and not in the MI.SecretStoreTypeEmbedded object if it is MI.SecretStoreTypeEmbedded-specific?

- section 3.1: the example is duplicated in 3.2; can probably remove this one

- section 3.2: should there be a registry for formats?

- section 3.2: there is probably going to need to be must stronger wording around the usage (or prohibition thereof) of "cleartext"

- section 3.3: is "MI.SecretStoreTypeVault" HashiCorp Vault specific?  is there a way to make it generic to support AWS KMS, GCP KMS, and/or Azure Key Vault?  alternately, should the object name be made HashiCorp-specific?

- section 3.3: is there a reference for the definition of "namespace" and "version"?

- section 3.4, "secret-store-id" description: "The linked" -> "The ID of the"

- section 3.4: should we have separate objects for embedded secrets and HashiCorp Vault?  it seems odd to mix "secret-value" and "secret-path" in the same object.

- section 3.4, does one of either "secret-value" or "secret-path" have to be specified?  the MtSs both say no, but it doesn't make sense to let them both be blank?

- section 3.4, "timeout" description: "the specified duration" -> "this timeout"

- section 3.4, "timeout" description: "should be discarded" -> "MUST be discarded" or "SHOULD be discarded" ?

- section 3.5: "(CA)and" -> "(CA) and"

- section 4: I don't think we need to register separate types for FCI.  If the "FCI.*" object is identical to the corresponding "MI.*" object, this is just registry bloat?  there's nothing that says a "capability-type" must start with "FCI."; you can just use the MI payload types, as long as it is clear how to deserialize it.

- section 5: the SVTA2038 reference gives a 404.  again, i'm wondering if there is a way to make the proposed metadata objects extensible to other methods/services.

- section 5: remove duplicate "When the recipient of a secret provides an updated configuration that no longer contains an MI.SecretCertificate with an ID referenced in MI.SecretStore used by MI.SecretValue objects, those MI.SecretValue objects SHOULD be reduced to an object with no contained secret-value property as they would be in the initial state before any certificate had been provided."

- section 5: "in MI.SecretStore" -> "in an MI.SecretStore"

- section 5: a sequence diagram might help

- section 5.1: remove duplicate "The uCDN advertises FCI.SecretStore with a store-type of MI.SecretStoreTypeEmbedded; other FCI objects may contain MI.SecretValue objects that reference the store-id. MI.SecretValue objects that do not presently contain a secret-value property."

- section 5.1: "MI.SecretValue objects that do not presently contain a secret-value property" - this is an incomplete sentence?

- section 5.1: a sequence diagram might help

- section 5.2: remove duplicate "The uCDN advertises an FCI.SecretCertificate."

- section 5.2: a sequence diagram might help

- section 5.3: remove duplicate "An MI.SecretStoreTypeEmbedded has a defined format of "cleartext"."

- section 5.3: a sequence diagram might help

- section 5.4: the uCDN should use MI to provide config to a dCDN?

- section 5.4: the dCDN should use FCI to advertise to a uCDN?

- section 7.1: this obviously needs to be filled out.


On Thu, Apr 27, 2023 at 1:16 PM Goldstein, Glenn <Glenn.Goldstein=40lumen.com@dmarc.ietf.org<mailto:40lumen.com@dmarc.ietf.org>> wrote:
We received a good chunk of comments from Kevin on the Cache Control Metadata draft (https://datatracker.ietf.org/doc/draft-power-cdni-cache-control-metadata/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-power-cdni-cache-control-metadata/__;!!CdLFVIQ!VnUjuud-3stkqx-wuV4oQiwY6r15dUNiUlWt8WQa2cKcyoPHBVIIoUr_36DqbfyJ27xYhXATyw3oc3dm15eEpB5IpBY_oQ$>), and have addressed all the issues for the update that we will submit prior to IETF117.

It would be very helpful if we could also get some feedback from the CDNI WG on the other 2 drafts:
https://datatracker.ietf.org/doc/draft-rosenblum-cdni-protected-secrets-metadata/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-rosenblum-cdni-protected-secrets-metadata/__;!!CdLFVIQ!VnUjuud-3stkqx-wuV4oQiwY6r15dUNiUlWt8WQa2cKcyoPHBVIIoUr_36DqbfyJ27xYhXATyw3oc3dm15eEpB4fp3W71w$>
https://datatracker.ietf.org/doc/draft-siloniz-cdni-edge-control-metadata/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-siloniz-cdni-edge-control-metadata/__;!!CdLFVIQ!VnUjuud-3stkqx-wuV4oQiwY6r15dUNiUlWt8WQa2cKcyoPHBVIIoUr_36DqbfyJ27xYhXATyw3oc3dm15eEpB6x82hQfQ$>

thanks,
Glenn

This communication is the property of Lumen Technologies and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
_______________________________________________
CDNi mailing list
CDNi@ietf.org<mailto:CDNi@ietf.org>
https://www.ietf.org/mailman/listinfo/cdni<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/cdni__;!!CdLFVIQ!VnUjuud-3stkqx-wuV4oQiwY6r15dUNiUlWt8WQa2cKcyoPHBVIIoUr_36DqbfyJ27xYhXATyw3oc3dm15eEpB6Yp9BL3g$>
This communication is the property of Lumen Technologies and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.

v2.23.0 | Report a Bug | By Email