IETF Logo Mail Archive

Re: [CDNi] Stephen Farrell's Discuss on draft-ietf-cdni-logging-21: (with DISCUSS and COMMENT)

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Wed, 27 January 2016 19:49 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 394361B304B; Wed, 27 Jan 2016 11:49:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WAeWLzOWf218; Wed, 27 Jan 2016 11:48:58 -0800 (PST)
Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com [IPv6:2607:f8b0:4002:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95D261B304A; Wed, 27 Jan 2016 11:48:58 -0800 (PST)
Received: by mail-yk0-x22c.google.com with SMTP id v14so4306120ykd.3; Wed, 27 Jan 2016 11:48:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mRWyqXN7oJKmmCUkvRFaZA+KSb9EhRFllGyTwV0NhjA=; b=T3GLHCWa+kylq7hZl42zPPeSL6i47+kEAD8Iy2sp/rWMsUueLJMuZ5C+36JqVvgl2k PR530E1oYbi41vKcd3PfO/OlChQr52rryw6dfE0uVRWZdpBWWZa0FKU/u2KEgBQYn36s 4Wx1rkLi8ZM+lAm1yOHOpc8x+oBXEfdaqCkDOU+ci/q6tCenr92wPl1qfAFLOCjB9Aos DsL4Pwo0Jon+CnMiHHtgRTwxu30OSM0lEwPPPnituCKZCrrcGQVBO+krzb5CwAmcGqYi wMZfMZva0/V4PCk7OZB/uNJ4me8AkyaCx/dwji5juP6JpflwWha3Abl9rlZTD+oUG+1m kGnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=mRWyqXN7oJKmmCUkvRFaZA+KSb9EhRFllGyTwV0NhjA=; b=NS8RRLDDvCQAGYdyN/MohRFfATEeUlu3+u9Ptg8q28Tf/1B4rlrw1upOmmF/Dx3VwC BrS0UP3hwlrMwzD0DQjzqq18Y7UKPwy8njMs15XwcC6QSPPos8yzJxCTiL/U4xwQOm61 jJpnvPE7ooLzkFBz22qSyijLTPNy3QxZzU1/HG7gvuvkkX9jg3jsgHodan5BQj7XY1Uu BytwRB95KFOJvf9SLqItN8T/aUFBgFkzjiD2KE5PHRenIKvtDcsMPq63l+omPHtibuSU jxKcerYHBmJvqBYDGNP7GfCrkthCmQ1NC8LBtmPuvz24JX/oQkp336s8sfsIOwFHAyIW 8Quw==
X-Gm-Message-State: AG10YORSv/v1Q4f9HZyRvE2BTMSw3oFZDsO7jWGG+RIuLEZXOPIqGD81AGTFpZZQxtKLuFsULffMUjPr4rVHlQ==
MIME-Version: 1.0
X-Received: by 10.129.155.151 with SMTP id s145mr4434741ywg.24.1453924137918; Wed, 27 Jan 2016 11:48:57 -0800 (PST)
Received: by 10.37.99.65 with HTTP; Wed, 27 Jan 2016 11:48:57 -0800 (PST)
Received: by 10.37.99.65 with HTTP; Wed, 27 Jan 2016 11:48:57 -0800 (PST)
In-Reply-To: <C3E45486-4BA2-4879-A2FD-DB92EF380E02@cisco.com>
References: <20151109165118.779.25437.idtracker@ietfa.amsl.com> <50381CDF-6A40-4447-846F-217E31934D6A@cisco.com> <56520141.8010806@cs.tcd.ie> <CAKKJt-dND0n22hqG7oEn=poAHgnK9dmFj1VCRJ4h9V8QzVKj-A@mail.gmail.com> <C3E45486-4BA2-4879-A2FD-DB92EF380E02@cisco.com>
Date: Wed, 27 Jan 2016 13:48:57 -0600
Message-ID: <CAKKJt-fbSd0YeRpPguJGT+kzQwL=13u-bpMnVcVfCuz==xJY+A@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
To: "Francois Le Faucheur (flefauch)" <flefauch@cisco.com>
Content-Type: multipart/alternative; boundary="94eb2c0b8da8c56d55052a5617e6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cdni/6j2U4Nk55Md_P2wKcx3CFXhBx8Q>
Cc: "draft-ietf-cdni-logging@ietf.org" <draft-ietf-cdni-logging@ietf.org>, "cdni-chairs@ietf.org" <cdni-chairs@ietf.org>, iesg@ietf.org, "cdni@ietf.org" <cdni@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [CDNi] Stephen Farrell's Discuss on draft-ietf-cdni-logging-21: (with DISCUSS and COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 19:49:03 -0000

Hi, Francois,

On Jan 27, 2016 10:53, "Francois Le Faucheur (flefauch)" <flefauch@cisco.com>
wrote:
>
> Hello Spencer,
>
> I should be able to work on this next week.
> Thanks for the reminder.

That works for me.

Spencer

> Francois
>
>
>> On 26 Jan 2016, at 04:00, Spencer Dawkins at IETF <
spencerdawkins.ietf@gmail.com> wrote:
>>
>> Hi, Francois,
>>
>> On Sun, Nov 22, 2015 at 11:54 AM, Stephen Farrell <
stephen.farrell@cs.tcd.ie> wrote:
>>>
>>>
>>> Hiya,
>>>
>>> Sure placing the text wherever makes sense if of course
>>> fine,
>>>
>>> Cheers,
>>> S
>>>
>>> On 22/11/15 16:57, Francois Le Faucheur (flefauch) wrote:
>>> > Hello Stephen.
>>> >
>>> > Thanks for this update to your DISCUSS and COMMENTS.
>>> > It all makes sense. Specific responses/resolution discussed below:
>>
>>
>> If I'm following this correctly, you and Stephen have closed on
resolutions for his DISCUSS and COMMENTS.
>>
>> Could you let me know when I should expect a revised draft?
>>
>> I would love to finish this up.
>>
>> Thanks!
>>
>> Spencer
>>
>>>
>>> > (5) I'm not clear why you need to be able to send HTTP header
>>> > values or session IDs via this i/f. Why is that needed? And
>>> > it seems very dangerous, e.g. "cs(COOKIE)" could be a doosy.
>>> > I would suggest adding new text in section 3.4 to cover all
>>> > of the log content basically saying that you really need to
>>> > know what you're doing or you can break security very easily.
>>> >
>>> > That makes sense.
>>> >
>>> > Some suggested text that could be added to the end of 3.4
>>> > just before the start of 3.4.1:
>>> >
>>> > Since the text below is specific to HTTP, I would lean for including
it under 3.4.1 ("HTTP Request Logging Record”) rather than under 3.4 which
is meant to apply to any log (possibly of other protocols than HTTP).
>>> >
>>> > There is a discussion under 3.4.1 about which fields MUSt be included
and which one MAY. I think right after that would be an ideal place to add
the text below.
>>> >
>>> > Let me know if that does not work.
>>> >
>>> >
>>> >
>>> > "Logging fields
>>> >
>>> > s/Logging fields/Logging some fields/
>>> >       since some fields are not very dangerous.
>>> >
>>> > from HTTP requests and responses can be
>>> > very dangerous. For example, cookies will often contain
>>> > (months) long lived bearer token
>>> >
>>> > This is a bit beyond my expertise, but I wonder if “bearer” is needed
here:
>>> > s/bearer token/token/  ?
>>> > because I think the discussion here is meant to be generic while
"bearer token" is a specific form of token.
>>> > Or is “bearer token” really the appropriate term in this generic
sentence?
>>> >
>>> > values that can be used
>>> > to login to a service as the relevant user. Similar values
>>> > may be included in other header fields or within URLs or
>>> > elsewhere in HTTP requests and responses. Centralising
>>> > such values in a log
>>> >
>>> > s/log/CDNI Logging File/
>>> >
>>> > can therefore represent a significant
>>> > increase in risk both for the user and the web service
>>> > provider, but also for the CDNs involved. Implementations
>>> > ought therefore attempt to lower the probability of such
>>> > bad outcomes e.g. by only allowing a configured set of
>>> > headers to be added to logs
>>> >
>>> > s/logs/CDNI Logging Records/
>>> >
>>> > , or by not supporting wildcard
>>> > selection of HTTP request/response fields to add. Such
>>> > mechanisms can reduce the probability that security (or
>>> > privacy) sensitive values are centralised in logs.”
>>> >
>>> > s/logs/CDNI Logging Files/
>>> >
>>> > I suggest that , in addition to recommendations for implementations,
we also add recommendations for CDN operators:
>>> > “Similarly, when agreeing on which HTTP request/response fields are
to be provided in CDNI Logging Files, the uCDN and dCDN administrators
ought to consider these risks."
>>> >
>>> >
>>> >
>>> > I'm sure that can be improved on, and have no problem with
>>> > any specific better words.
>>> >
>>> > (6) cleared
>>> >
>>> > (7) cleared
>>> >
>>> >
>>> > ----------------------------------------------------------------------
>>> > COMMENT:
>>> > ----------------------------------------------------------------------
>>> >
>>> >
>>> > - in the description of c-groupid, "the address
>>> > with a shared secret that is pre-synchronised
>>> > and rotated at a predefined time interval" isn't
>>> > very clear. I know what you mean but I don't
>>> > think you state it very clearly. Could be that a
>>> > bit of text earlier in the document that describes
>>> > the basic idea would be better than doing it all
>>> > inline as you have in -21.
>>> >
>>> > Right.
>>> > We need to do some word tweaking on this anyways, so we’ll try
address that.
>>> >
>>> >
>>> > OLD COMMENTS Below, not updated for -21, I didn't
>>> > check if you took 'em on board, feel free to chat about
>>> > 'em if that's useful  - I'm happy to do so anyway.
>>> >
>>> > Those have been addressed in earlier versions.
>>> >
>>> > Here is the message I sent about those back in July in case you want
to check the detailed resolution:
>>> >
>>> >
>>> > From: Francois Le Faucheur <flefauch@cisco.com<mailto:
flefauch@cisco.com>>
>>> > Subject: Re: Stephen Farrell's Discuss on draft-ietf-cdni-logging-15:
(with DISCUSS and COMMENT)
>>> > Date: 19 July 2015 18:39:38 CEST
>>> > To: Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:
stephen.farrell@cs.tcd.ie>>
>>> > Cc: Le Faucheur Francois <flefauch@cisco.com<mailto:flefauch@cisco.com>>,
The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>, cdni-chairs@ietf.org<mailto:
cdni-chairs@ietf.org>, draft-ietf-cdni-logging@ietf.org<mailto:
draft-ietf-cdni-logging@ietf.org>
>>> >
>>> > Hi Stephen,
>>> >
>>> > Responses to the COMMENT part below:
>>> >
>>> >
>>> >
>>> > ----------------------------------------------------------------------
>>> > COMMENT:
>>> > ----------------------------------------------------------------------
>>> >
>>> >
>>> > - I support Richard's discuss. Isn't it ironic that the dCDN's
>>> > privacy (that of a company) is better supported than that of
>>> > the end user (a person)
>>> >
>>> > With anonymization now being a SHOULD, I thought Richard’s DISCUSS
was addressed (apart from the potential need to add port anonymization as
discussed separately for your own DISCUSS).
>>> >
>>> >
>>> > - 2.2.1 - why is per-chunk always needed?
>>> >
>>> > Aggregated logs for segmented content is a tricky concept, for which
there is no standard today and many potential ways to do it, and which the
Working Group has elected to keep for a next version of the logging spec
(just so that we can come up with a base CDNI logging spec _relatively_
quickly ).
>>> > So the only sure way to support interoperabilty across CDNs for logs
of segmented content is to provide per-chunk log, hence the statement that
those always need to be generated.
>>> >
>>> >
>>> >
>>> > - 2.2.5.3: what's "track audience" mean?
>>> >
>>> > This terminology is likely inherited from the TV/Video era, meaning
in particular tracking how big a population watches which movie/video.
>>> > Given the more general applicability here, how about we replace by
something like “develop statistics on content download”?
>>> >
>>> >
>>> > - 2.2.5.4: there are more security goals in the universe
>>> >
>>> > Certainly, but this is not a Security Considerations section: section
2.2.5 discussing Log Consuming applications. And 2.2.5.4 is discussing one
such application which is to detect violation of content access policy.
>>> >
>>> >
>>> > - 2.2.5.4: seems like the user is the enemy, that's odd
>>> >
>>> > With respect to Content Protection (the subject of 2.2.5.4)
unauthorised user is indeed the enemy, aiming at stealing some content from
the CDNs.
>>> >
>>> >
>>> > - 2.2.5.6.2: there is no "browser type header" that I know of,
>>> > but there is the well-known UA string. Being specific about
>>> > that is better.
>>> >
>>> > This is fixed in -19 which now says:
>>> > "Terminal type (mobile, PC, STB, if this information can be
>>> >      acquired from the browser type inferred from the User Agent
>>> >      string, for example).
>>> > "
>>> >
>>> > - 3.1: SS.S - does that imply a time granularity of 100ms?  If
>>> > so, please say so.
>>> >
>>> > As a result of another IESG review comment, we have replaced  our own
definition of time by a reference to RFC3339.
>>> >
>>> > “
>>> > TIME = 2DIGIT ":" 2DIGIT ":" 2DIGIT ["." *DIGIT]
>>> >         ; Times are encoded as "partial-time" specified in [RFC3339].
>>> > "
>>> >
>>> > So that point should be fixed already.
>>> >
>>> >
>>> >
>>> > - 3.4.4: cs-uri: please not that these can be privacy
>>> > sensitive, though presumably less so than e.g.  logged URIs on
>>> > a search engine.
>>> >
>>> > Is this just for our information or do you recommend that we add a
statement about the fact that cs-uri can be privacy sensitive?
>>> > If IP/ports are anonymised, is cs-uri still privacy sensitive (is
this in case the uri itself contains some information that can be traced
back to a given end-user?
>>> >
>>> >
>>> >
>>> > - 3.4.4: foo-uri: do these contain fragments or not?
>>> >
>>> > In a per-chunk log (which is specified in this document as the
interoperable mechanism to exchange logs for fragmented content), the uri
contains the URI of each specific fragment.
>>> > In an aggregated log for a segmented content delivery (which is not
specified in this document), there are many potential options (URI of first
segment, URI of the playlist, part of the URI common to all segments,….).
This is one of the complexities of specifying aggregated logs for segmented
content.
>>> >
>>> >
>>> >
>>> >
>>> > - I support Richard's discuss. Isn't it ironic that the dCDN's
>>> > privacy (that of a company) is better supported than that of
>>> > the end user (a person)
>>> >
>>> > - 2.2.1 - why is per-chunk always needed?
>>> >
>>> > - 2.2.5.3: what's "track audience" mean?
>>> >
>>> > - 2.2.5.4: there are more security goals in the universe
>>> >
>>> > - 2.2.5.4: seems like the user is the enemy, that's odd
>>> >
>>> > - 2.2.5.6.2: there is no "browser type header" that I know of,
>>> > but there is the well-known UA string. Being specific about
>>> > that is better.
>>> >
>>> > - 3.1: SS.S - does that imply a time granularity of 100ms?  If
>>> > so, please say so.
>>> >
>>> > - 3.4.4: cs-uri: please not that these can be privacy
>>> > sensitive, though presumably less so than e.g.  logged URIs on
>>> > a search engine.
>>> >
>>> > - 3.4.4: foo-uri: do these contain fragments or not?
>>> >
>>> >
>>> >
>>>
>>
>

v2.23.0 | Report a Bug | By Email