IETF Logo Mail Archive

Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt

Chris Lemmons <alficles@gmail.com> Wed, 10 November 2021 07:38 UTC

Return-Path: <alficles@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 606DD3A1075 for <cdni@ietfa.amsl.com>; Tue, 9 Nov 2021 23:38:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2cFViEnvFPRl for <cdni@ietfa.amsl.com>; Tue, 9 Nov 2021 23:38:25 -0800 (PST)
Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDD803A0C98 for <cdni@ietf.org>; Tue, 9 Nov 2021 23:38:25 -0800 (PST)
Received: by mail-ua1-x929.google.com with SMTP id v3so2904429uam.10 for <cdni@ietf.org>; Tue, 09 Nov 2021 23:38:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NRYvIOOXQSqRqVX+qhHJVXnr+/j8DElDtq/G56Yyrfc=; b=ftCIPTbmx2sXMzwQa6n+MWVmte0/83IDdjgnhTIKo68OQEUAvRfcpjv+DwLRu6lBQR BVWXyD7ECzMmbWwej7+qXKd1pht5lMoTF7qF9+mxUX+rxmgyPozD+0WwYlGByFkUaQce zq2KdYq1PFwX5/IT3Bof4x5KAnRlXJrQRJ5jbxaunXfOmSovXzNinApIhD418IBMRQC0 PrkbyxAhsKjVk2u4OEOB4/92rS0eYhWifzKDv3+aEKKS7NS8JUlF5267VeARySyOSoip xAhKHoZBc5nasfRlprJeFUZks3nl9UnriTHtR4mMcs7Wb2pWWDSmL+Bgp1rDF4g6V8+6 MEow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NRYvIOOXQSqRqVX+qhHJVXnr+/j8DElDtq/G56Yyrfc=; b=caRP5kxsVwJ6OZuofXrC11RFbusq2AJ7kEfJJ4x8ukyam6tT9Na2pJ10+/bihkGq/o u27QEKJf3Cs3KxbpYfoXpUUwF80fZDXJrMq0zrJ7X4Nw/NLcVOnMCFd7bc2KIQ/FPwqf Lw8uuHE1LGyweCxqY9eQaQLAKl3kvRRCPuWhb3HiCJIBEMT8d9OX88ajyrjEUnFu1dGE n7Gyf8uJgVVy6qThDsPnwY0hEjosYaVl6rCArdLFWdAR+icVqCE64PxMf4qliHZ+C110 1Epkx5RgwHT6zjpssuqCLopMMdg+v7VEHRzXknCJElCm3h/q1vtyvolhtqSr8SoLdf6I V2/A==
X-Gm-Message-State: AOAM530SV4Mm/Ym2E2vW1IgKpSHeDQp5UqliZ/Q1JAGJAwNN9J7TQzQR o9+6Z4R0jAPO6QE1aDvNVdiuTzD9ZKmCnGcSUhXqBOCXHWs=
X-Google-Smtp-Source: ABdhPJyvA5HsvoaA5Ny6m4bMvtDL+J6u5hV3UjMxiaxx6SslOFUEWChan+UNLJBPNaUQGqaOBB6QjHNlTCesHIvrnek=
X-Received: by 2002:ab0:39cb:: with SMTP id g11mr19295227uaw.53.1636529901999; Tue, 09 Nov 2021 23:38:21 -0800 (PST)
MIME-Version: 1.0
References: <163520346940.2076.13669341839825557305@ietfa.amsl.com> <CAMrHYE0tCc8idgi0-Fp+bcykW==Sv-FkqsqNmRMS19jgESqj8g@mail.gmail.com> <CABF6JR1UvFsBTS4EpUnGJ=Frxdvb=PSDqu9BHY9R=RPH3ZPh=Q@mail.gmail.com> <CAJEGKNtajKcuPtHOSdGZXQzTsi4jM50+CDr3GM8vGH=p5Ehg3g@mail.gmail.com> <CABF6JR3R_eOXWJzE_45nkZY+VE6qy7urpr0AigjR1hZQOPBFyQ@mail.gmail.com>
In-Reply-To: <CABF6JR3R_eOXWJzE_45nkZY+VE6qy7urpr0AigjR1hZQOPBFyQ@mail.gmail.com>
From: Chris Lemmons <alficles@gmail.com>
Date: Wed, 10 Nov 2021 00:38:10 -0700
Message-ID: <CAJEGKNtUm8bC5R_0yFBM+45uk0yuyyAMRCAD8i1w2qGXy3anig@mail.gmail.com>
To: Phil Sorber <sorber@apache.org>
Cc: Kevin Ma <kevin.j.ma.ietf@gmail.com>, "<cdni@ietf.org>" <cdni@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/Dou_tkV4X2tJxAJJDZLoaYhN02E>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 07:38:30 -0000

To save a click, here's the text:

The URI Signing Package will be found by parsing any path-style parameters and
form-style parameters looking for a key name matching the URI Signing
Package Attribute.
Both parameter styles MUST be supported to allow flexibility of operation.
The first matching parameter SHOULD be taken to provide the signed
JWT, though providing
more than one matching key is undefined behavior. Path-style
parameters generated in the
form indicated by Section 3.2.7 of [RFC6570] MUST be supported.
Form-style parameters generated in the form indicated by Section 3.2.8
of [RFC6570]
MUST be supported.

The last two sentences are what I'm proposing we add. This was the
simplest variation I could come up with that doesn't add a whole bunch
of construction rules to this document, but provides at least one
clear MUST-accept implementation for each style that allows a dCDN to
be certain that it knows how to find the URIs.

On Tue, Nov 9, 2021 at 8:46 AM Phil Sorber <sorber@apache.org> wrote:
>
> Thanks, I merged two of these, but I think we should have a little more time to think on #72 before we merge it, just because it's been so debated and I don't want to keep changing it.
>
> On Tue, Nov 9, 2021 at 1:01 AM Chris Lemmons <alficles@gmail.com> wrote:
>>
>> Fixes for nits, regrettably also including the same ones you just
>> fixed in 69: https://github.com/PSUdaemon/URISigningSpec/pull/70
>>
>> Updates that I _think_ fix the weird figure text? I'm not certain this
>> is the best way to do it, but the existing way looks odd. Look at the
>> diff linked earlier and check out the figure titles.
>> https://github.com/PSUdaemon/URISigningSpec/pull/71
>>
>> The much-belated text I promised a while back on 6570:
>> https://github.com/PSUdaemon/URISigningSpec/pull/72
>>
>> On Mon, Nov 8, 2021 at 7:55 PM Phil Sorber <sorber@apache.org> wrote:
>> >
>> > https://github.com/PSUdaemon/URISigningSpec/pull/69
>> >
>> > On Sat, Nov 6, 2021 at 10:02 PM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote:
>> >>
>> >> Hi Phil,
>> >>
>> >>   Thanks for getting the updated draft out.  A couple typos/nits:
>> >>
>> >>   - section 2.1.10: "for example in" -> "for example, in"
>> >>   - section 3.2.1: "MAY bt" -> "MAY be"
>> >>   - section 4: "after and access" -> "after an access"
>> >>   - section 4.4: remove "against the key issuer with"
>> >>   - section 5.2: "Sigbned" -> "Signed"
>> >>
>> >> --  Kevin J. Ma
>> >>
>> >>
>> >> On Mon, Oct 25, 2021 at 7:12 PM <internet-drafts@ietf.org> wrote:
>> >>>
>> >>>
>> >>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> >>> This draft is a work item of the Content Delivery Networks Interconnection WG of the IETF.
>> >>>
>> >>>         Title           : URI Signing for Content Delivery Network Interconnection (CDNI)
>> >>>         Authors         : Ray van Brandenburg
>> >>>                           Kent Leung
>> >>>                           Phil Sorber
>> >>>         Filename        : draft-ietf-cdni-uri-signing-22.txt
>> >>>         Pages           : 42
>> >>>         Date            : 2021-10-25
>> >>>
>> >>> Abstract:
>> >>>    This document describes how the concept of URI Signing supports the
>> >>>    content access control requirements of Content Delivery Network
>> >>>    Interconnection (CDNI) and proposes a URI Signing method as a JSON
>> >>>    Web Token (JWT) profile.
>> >>>
>> >>>    The proposed URI Signing method specifies the information needed to
>> >>>    be included in the URI to transmit the signed JWT, as well as the
>> >>>    claims needed by the signed JWT to authorize a User Agent (UA).  The
>> >>>    mechanism described can be used both in CDNI and single Content
>> >>>    Delivery Network (CDN) scenarios.
>> >>>
>> >>>
>> >>> The IETF datatracker status page for this draft is:
>> >>> https://datatracker.ietf.org/doc/draft-ietf-cdni-uri-signing/
>> >>>
>> >>> There is also an htmlized version available at:
>> >>> https://datatracker.ietf.org/doc/html/draft-ietf-cdni-uri-signing-22
>> >>>
>> >>> A diff from the previous version is available at:
>> >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-uri-signing-22
>> >>>
>> >>>
>> >>> Internet-Drafts are also available by anonymous FTP at:
>> >>> ftp://ftp.ietf.org/internet-drafts/
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> CDNi mailing list
>> >>> CDNi@ietf.org
>> >>> https://www.ietf.org/mailman/listinfo/cdni
>> >
>> > _______________________________________________
>> > CDNi mailing list
>> > CDNi@ietf.org
>> > https://www.ietf.org/mailman/listinfo/cdni

v2.23.0 | Report a Bug | By Email