Re: [CDNi] Alexey Melnikov's No Objection on draft-ietf-cdni-logging-26: (with COMMENT)
Francois Le Faucheur <flefauch@gmail.com> Wed, 08 June 2016 08:22 UTC
Return-Path: <flefauch@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFF3112D0F0; Wed, 8 Jun 2016 01:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9isvIzcXkzAS; Wed, 8 Jun 2016 01:22:31 -0700 (PDT)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC2F912D10B; Wed, 8 Jun 2016 01:22:30 -0700 (PDT)
Received: by mail-wm0-x22b.google.com with SMTP id v199so52096711wmv.0; Wed, 08 Jun 2016 01:22:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=95PcXJOcNA2czb2JIZ1k7gjnuJIm2l4/v+2O1iyVkzU=; b=GOTc6lzwN+J/nGAApF2vFZwButFu57IGtPZ/C/PkbWvH8e817sIWq9qkhM64tDnRM8 kAO6FHWqBd++mnUQml8aH7Knw3+tspHbAjEsg3rSQIVHcb7lMeXth50OTQUdhL0VFn5F f8nsajCWcwM+D6kc/Zp52RqrVhDHLR9KLFafvGeyEizxT2f/cSbO7OfmrCBGUVb06z5O h+W/5UxL8gCRt49VoHyA5reBSWLTQpIpwmjMXaHBaSeclDDeCBvbXls1WKyYzWumVOUd T1NqBHG0+xQreLum5Up4FKwQDvFrk79VoESxYv1RBERSqTHQBBMe8Axun5NaX9Ra7HNZ JtQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=95PcXJOcNA2czb2JIZ1k7gjnuJIm2l4/v+2O1iyVkzU=; b=RkJUdlKs6I9XdEEBeR/YL9MwflhHy39x4lmSib1uZpRJnZy2et/VuVFhkepi0ycE5K oKMJajFnPgJ6N/Z8q/PJkG6h3OUOv0oHWAp65AVo7fS37L6oBID48GAvd7x6DJgP1tHO hnXaRG8q6vmn5RTGK5rqCYaWNg7XhBG7GJqLUN5a4uRH6vu7UVe6BVMtffHt5PjNcP4p xK00WCO3AksBscL1yZdmRbnf1Gk2d6YXMDFJlrc8esl/kjo2z7BrcLLK9y0kHXqDfRWF DOFc3+WWZMCAoFQx+IFO/4ubwiAuoTBYSx8gtMCEtaeXUpXoG/+tH/BuXWgTTarK30nE xSIA==
X-Gm-Message-State: ALyK8tIAECj8CcBBt3cWhIlmmhtTBc201yzFqgWEs59i1y6h7CXcieQ/a2r/NDTaWt0Ytw==
X-Received: by 10.195.9.67 with SMTP id dq3mr3521148wjd.140.1465374149105; Wed, 08 Jun 2016 01:22:29 -0700 (PDT)
Received: from [192.168.1.21] (125.216.113.78.rev.sfr.net. [78.113.216.125]) by smtp.gmail.com with ESMTPSA id s125sm23328074wms.14.2016.06.08.01.22.27 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 Jun 2016 01:22:28 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Francois Le Faucheur <flefauch@gmail.com>
In-Reply-To: <56C6B19F-8207-4250-B1D5-055CF67968DB@fastmail.fm>
Date: Wed, 08 Jun 2016 10:22:26 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <A3A92C7D-127C-41EE-880D-C7B7FE288BCE@gmail.com>
References: <20160529114300.27632.32780.idtracker@ietfa.amsl.com> <C5D4433B-1442-4F06-9290-595CF51D4B5F@gmail.com> <56C6B19F-8207-4250-B1D5-055CF67968DB@fastmail.fm>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/8mVdXLiZnwgnGgVF5BvPTCOtAgo>
Cc: draft-ietf-cdni-logging@ietf.org, cdni-chairs@ietf.org, The IESG <iesg@ietf.org>, cdni@ietf.org
Subject: Re: [CDNi] Alexey Melnikov's No Objection on draft-ietf-cdni-logging-26: (with COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2016 08:22:33 -0000
Hi Alexey, > On 1 Jun 2016, at 20:47, Alexey Melnikov <aamelnikov@fastmail.fm> wrote: > > Hi Francois, > > On 1 Jun 2016, at 17:17, Francois Le Faucheur <flefauch@gmail.com> wrote: > >>> In 7.1, last sentence: TLS only provides for protection from tampering >>> when in transit, not when a log file being stored. >> >> I already responded to that point and corrected the sentence so it now reads: >> “ >> Protection against third party tampering, when the CDNI Logging File is communicated over the CDN Logging Interface, can be achieved as discussed above through the use of TLS. >> “ >> >> Is it not acceptable ? > > Sorry, missed that. Yes, this is an improvement. > > Can anything be said about data at rest? The document already has a specific statement wrt data at rest regarding privacy protection : “ The algorithmic mapping and variation over time MAY allow the uCDN … to reconstruct the actual client IPv4 or IPv6 address and/or other network-level identifying information when required … . However, these enduser addresses SHOULD only be reconstructed on-demand and the CDNI Logging File SHOULD only be stored with the anonymised c-groupid value. " The paragraph we were discussing, in the context of your COMMENT, relates to integrity protection. We clarified that the statement about integrity protection applies when the data is in flight. When the data is at rest, I don’t think we need to discuss integrity protection since the data exchanged via CDNI LI interface can be processed by the uCDN as it sees fit (e.g. aggregate CDNI Logging Files with its own local logging records, e.g. filter/sanitise/summarize in order to export to the Content Service Provider, etc.) so it is legitimate that the uCDN can modify the data, once properly communicated via the CDNI LI interface. So to me, we are already covered. Cheers Francois
- [CDNi] Alexey Melnikov's No Objection on draft-ie… Alexey Melnikov
- Re: [CDNi] Alexey Melnikov's No Objection on draf… Francois Le Faucheur
- Re: [CDNi] Alexey Melnikov's No Objection on draf… Alexey Melnikov
- Re: [CDNi] Alexey Melnikov's No Objection on draf… Francois Le Faucheur