Re: [CDNi] Early AD review of draft-ietf-cdni-metadata-18

Kevin Ma J <kevin.j.ma@ericsson.com> Mon, 13 June 2016 21:01 UTC

Return-Path: <kevin.j.ma@ericsson.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4A9812DA29 for <cdni@ietfa.amsl.com>; Mon, 13 Jun 2016 14:01:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7n0WYoK_1lho for <cdni@ietfa.amsl.com>; Mon, 13 Jun 2016 14:01:37 -0700 (PDT)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4638E12DA20 for <cdni@ietf.org>; Mon, 13 Jun 2016 14:01:36 -0700 (PDT)
X-AuditID: c6180641-f796f6d000000e1e-92-575f1ef49d46
Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id 83.82.03614.4FE1F575; Mon, 13 Jun 2016 23:00:36 +0200 (CEST)
Received: from EUSAAMB103.ericsson.se ([147.117.188.120]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.03.0294.000; Mon, 13 Jun 2016 17:01:35 -0400
From: Kevin Ma J <kevin.j.ma@ericsson.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>, "cdni@ietf.org" <cdni@ietf.org>
Thread-Topic: [CDNi] Early AD review of draft-ietf-cdni-metadata-18
Thread-Index: AQHRxXKTDE1Cgkb4nEmGuN8N4i4y4p/n4rTggAAATHA=
Date: Mon, 13 Jun 2016 21:01:34 +0000
Message-ID: <A419F67F880AB2468214E154CB8A556206E1444A@eusaamb103.ericsson.se>
References: <A419F67F880AB2468214E154CB8A556206DE1909@eusaamb103.ericsson.se> <1464861734.1246901.625717065.0912CC9E@webmail.messagingengine.com> <1465822376.2345831.636047169.2F7E30C4@webmail.messagingengine.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.12]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrCLMWRmVeSWpSXmKPExsUyuXRPiO4Xufhwg513LCz2vz/EZPF09h9W ByaPnacOsHksWfKTKYApissmJTUnsyy1SN8ugStjW+MFtoK9ChUTJ1xha2B8KdHFyMkhIWAi sfDaXCYIW0ziwr31bF2MXBxCAkcZJRatXc8E4SxnlHjXM4MdpIpNQEvi8de/YB0iAr4Sqxf9 YwWxhQWcJCasmMsMEXeW2Nryhg3CtpI4eusHkM3BwSKgKtH3vxokzAvU+vpLByvE/FuMEmfu bwebzwh0xfdTa8DmMwuIS9x6Mh/qOgGJJXvOM0PYohIvH0PslRBQkpjz+hozRL2OxILdn9gg bG2JZQtfM0MsE5Q4OfMJywRGkVlIxs5C0jILScssJC0LGFlWMXKUFhfk5KYbGW5iBIb9MQk2 xx2Me3s9DzEKcDAq8fAm3I4NF2JNLCuuzD3EKMHBrCTCO1cmPlyINyWxsiq1KD++qDQntfgQ ozQHi5I4r/5LxXAhgfTEktTs1NSC1CKYLBMHp1QDY+U6jfq8a7kXJb/JeG5u7pY4cV8i72fT uurv3xQ3qJ4sq9qYIfo/tdnO+3CiimrkUa5XMslOLFE/+P1i37cpcH6umPHu9PmFVzbEv/Cd Hl4tPidu/bIFJwrL/qmb1NaaB+yrECgTS3H4cDHJ9dTPp9eXWP+KKlrG/X6qPLeR7YXZVzyt 90cvVGIpzkg01GIuKk4EAET0Z0R3AgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/9nfNTujm1b_GsuHH8PmijE3-uzA>
Subject: Re: [CDNi] Early AD review of draft-ietf-cdni-metadata-18
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2016 21:01:41 -0000

s/diff/draft

> -----Original Message-----
> From: Kevin Ma J
> Sent: Monday, June 13, 2016 5:03 PM
> To: 'Alexey Melnikov'; cdni@ietf.org
> Subject: RE: [CDNi] Early AD review of draft-ietf-cdni-metadata-18
> 
> Hi Alexey,
> 
>   We will address and upload a new diff.
> 
> thanx!
> 
> --  Kevin J. Ma
> 
> > -----Original Message-----
> > From: CDNi [mailto:cdni-bounces@ietf.org] On Behalf Of Alexey Melnikov
> > Sent: Monday, June 13, 2016 8:53 AM
> > To: cdni@ietf.org
> > Subject: [CDNi] Early AD review of draft-ietf-cdni-metadata-18
> >
> > Thank you for addressing most of my concerns. Here is the updated list
> > of issues:
> >
> > In 4.1.2: hostname need to have defined syntax (at least by reference).
> > You also need to say whether IDN domain names are
> > allowed here.
> >
> > In 6.1:
> >
> >    The CDNI metadata interface specified in this document is a read-only
> >    interface.  Therefore support for other HTTP methods such as PUT,
> >    POST, DELETE, etc. is not specified.  A server implementation of the
> >    CDNI metadata interface MUST reject all methods other than GET and
> >    HEAD.
> >
> > I think the change to the MUST is too strong and is a wrong thing to do,
> > because that means that existing HTTP/1.1 software might have to be
> > modified to
> > support this specification.
> >
> > So I would prefer that you either delete the last sentence or reword to
> > say
> > "doesn't have to support any methods other that ..."
> >
> > In 8.3:
> >
> >    An implementation of the CDNI metadata interface MUST use strong
> >    encryption and mutual authentication to prevent undetectable
> >
> > Encryption doesn't necessarily provide integrity of data, so I would
> > change "strong encryption" to TLS.
> >
> >    modification of metadata (see Section 8.5).
> >
> >
> > On Thu, Jun 2, 2016, at 11:02 AM, Alexey Melnikov wrote:
> > > In order to speed up publication of this draft, I decided to do early
> AD
> > > review. Here are my comments. My apologies if they are a bit cryptic,
> if
> > > you are unsure of what I meant, please ask!
> > >
> > > In 1.2: content can only be delivered using HTTP/1.1 and not HTTP/1.1
> > > over TLS? Is last para saying that this is an unsolved problem (e.g.
> > > LURK BOF solution is needed)?
> > >
> > > In 4.1.2: hostname and IP addresses need to have defined syntaxes (at
> > > least by reference). You also need to say whether IDN domain names are
> > > allowed here.
> > >
> > > In 4.1.5: does "case insensitive" only applies to ASCII range? I.e.,
> > > encoded UTF-8 sequences in URIs are not affected.
> > >
> > > In 4.2.6: URI needs a Normative Reference (RFC 3986).
> > >
> > > In 4.3.7: need a reference to a document/registry defining ASNs.
> > >
> > > In 6.1: need a reference to HTTP/1.1 spec.
> > >
> > > Should OPTIONS method be allowed?
> > >
> > > In 6.2/6.3: Is discovery of the initial URI truly out of scope? You
> can
> > > define a .well-known URI to allow bootstrapping.
> > > If it is defined, is it likely to be used?
> > >
> > > In 7.3: Nit: HTTP/1.1 over TLS needs 2 references, not just one.
> > >
> > > In 7.4: I think I am sad that you haven't defined any initial
> > > authentication mechanism. Has this been discussed in the WG?
> > >
> > > In 8.1, last para: a requirement to implement mutual authentication is
> > > underspecified. Do you mean TLS mutual authentication? If yes, say so.
> > > If other mechanisms can be used, say so as well.
> > > If you meant to reference 8.5 here, please do so.
> > >
> > > Why is this only a SHOULD (and not a MUST)?
> > >
> > > In 8.2: similarly, how can the SHOULD be satisfied? Do you mean TLS or
> > > something else? Reference 8.5?
> > >
> > > In 8.3: similar issue.
> > >
> > > Also encryption doesn't necessarily provide integrity of data, so the
> > > last sentence sounds wrong.
> > >
> > > In 8.4: similar issue.
> >
> > _______________________________________________
> > CDNi mailing list
> > CDNi@ietf.org
> > https://www.ietf.org/mailman/listinfo/cdni