IETF Logo Mail Archive

Re: [CDNi] URI Signing Signed Token Chaining refactor

"Kevin J. Ma" <kevin.j.ma.ietf@gmail.com> Wed, 19 July 2017 14:38 UTC

Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53C22131C74 for <cdni@ietfa.amsl.com>; Wed, 19 Jul 2017 07:38:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9dWNVDz2cZby for <cdni@ietfa.amsl.com>; Wed, 19 Jul 2017 07:38:10 -0700 (PDT)
Received: from mail-qt0-x241.google.com (mail-qt0-x241.google.com [IPv6:2607:f8b0:400d:c0d::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B394F126CB6 for <cdni@ietf.org>; Wed, 19 Jul 2017 07:38:10 -0700 (PDT)
Received: by mail-qt0-x241.google.com with SMTP id h47so481109qta.5 for <cdni@ietf.org>; Wed, 19 Jul 2017 07:38:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PEg+6HGxb9IhpieC0x2MiECe9Kw+WFcbDs2IDeLtT0E=; b=sFW62/1a40G999hODyaxMx1be4zQHNkleLJOnpAQvFzcD8VWaQfBhkefbXbmcfcOwH XBwIBM5K1kZSIePlRI6NCZMnm4da0wer/dX41KmlDCSl47N75d9+EDZxhz/zHkrOcvjl pIoSLUDWZNVyWqViMj1ecs/xgrkW6XK8QFkP94zd4bdnB0Keu0DK9RppIgFc1tSEwamc g5/8dkeyh6zro8qKx4Bznu/zFUZqJWsJS90tv03EH6OfD2hL9lrzy3+DQFaSwjT+dobD 1MHlui0+Rdf9z5vzw4LscH065HSeh0L5uxMTNcKKVs2vAG1b4u+Ie+TSt1yU7eh2P4dR 9u0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PEg+6HGxb9IhpieC0x2MiECe9Kw+WFcbDs2IDeLtT0E=; b=DijNolqfixDqqiugxyNcmWNOd5JRpSgHAujs1+k7zJ38jKAIUOsl1mnztG0ZcXrFgD PMkKtXWxyxzO8kAe5BHuJtladAzB+uKSxYKU7cNiMoSvhErQsxF8Sc37W/wl/WjbpTBB e3p3KWUSnulnCXWIdWbiRCUZcoF45e7zIJE7mR8wlgZBpNEOv4qOCv5YFKJzvNynjCok DRNxQTg/+RJnzwJWjwtV865e7Wyq/6pB9BbM0HjOgHC9C6h3EIFAX2f2Hb6C9+CwnHlh vjAthE0046Q8Wh9Ht9j5o81oWfrD1oSOY5DVyM3qF02PvknHRQhlnJ9dJvxV1WWpOER/ dzkA==
X-Gm-Message-State: AIVw1120zrlLprq0EVgL9yvuUSh29f5Szbpj99pj1hLvVYDQPMOlOpkD O+jBJsFIoH37iIaDJck=
X-Received: by 10.200.42.130 with SMTP id b2mr412858qta.259.1500475089918; Wed, 19 Jul 2017 07:38:09 -0700 (PDT)
Received: from [172.20.20.20] ([73.61.19.153]) by smtp.gmail.com with ESMTPSA id e40sm148796qta.14.2017.07.19.07.38.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Jul 2017 07:38:08 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: "Kevin J. Ma" <kevin.j.ma.ietf@gmail.com>
X-Mailer: iPhone Mail (14F89)
In-Reply-To: <68a60ab4-df68-6c59-cafc-3850012083cf@outer-planes.net>
Date: Wed, 19 Jul 2017 10:38:07 -0400
Cc: Ray van Brandenburg <ray@tiledmedia.com>, Phil Sorber <sorber@apache.org>, "cdni@ietf.org" <cdni@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D66E565F-32BF-4C36-9B20-98E1406F3D57@gmail.com>
References: <CABF6JR3wEfUoCSJ29xQ3n56Ah1EqPnCvkZ4x6W5_cTW8V35Hwg@mail.gmail.com> <7CEB7DDD-7C33-4FD9-93BC-75E5E78AB3C2@gmail.com> <A2FBEA85-BF95-44A4-8E11-97D39C8DCF76@tiledmedia.com> <f56a1478-2457-6179-619f-b0f38700eaa6@outer-planes.net> <10AF9851-D7DA-42F8-A8E7-B70D4795E0E1@gmail.com> <68a60ab4-df68-6c59-cafc-3850012083cf@outer-planes.net>
To: "Matthew A. Miller" <linuxwolf@outer-planes.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/IA2bMiPRqNcuZ9xZPzfbdZmwLtk>
Subject: Re: [CDNi] URI Signing Signed Token Chaining refactor
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 14:38:15 -0000

I'm good with replacing "chaining" with "renewal".

Ray?

Sent from my iPhone

> On Jul 19, 2017, at 10:36 AM, Matthew A. Miller <linuxwolf@outer-planes.net> wrote:
> 
> Even simply 'Token Renewal' would be perfectly fine.  I'm most concerned
> about the 'Chain' part.
> 
> 
> - m&m
> 
> Matthew A. Miller
> < http://goo.gl/LM55L >
> 
>> On 7/19/17 4:35 PM, Kevin J. Ma wrote:
>> how do you feel about "short-lived token renewal"?
>> 
>> --  Kevin J. Ma
>> 
>> Sent from my iPhone
>> 
>>> On Jul 19, 2017, at 10:27 AM, Matthew A. Miller <linuxwolf@outer-planes.net> wrote:
>>> 
>>> Making it (a little bit) more generic makes sense.
>>> 
>>> I'm not sure about the name 'Signed Token Chain', but I don't have a
>>> better one.  In cryptographic circles, "chain" has certain implications
>>> that this document is not expressing.  The "next" item in the chain is
>>> supposed to be cryptographically tied to the "previous" item in the
>>> chain by using (a hash of, or the exact value of) the previous token
>>> when generating the next token.
>>> 
>>> I don't know that that binding property is required here, so I'm not
>>> suggesting a change in the protocol.  I do worry, however, that the
>>> language may potentially confuse (or worse, mislead) people about the
>>> security properties this document is providing.
>>> 
>>> 
>>> - m&m
>>> 
>>> Matthew A. Miller
>>> < http://goo.gl/LM55L >
>>> 
>>>> On 7/19/17 4:14 PM, Ray van Brandenburg wrote:
>>>> Yes, good point!
>>>> 
>>>> Although I can’t think of another use case from the top of my head, I don’t see a good reason to limit it to HAS either.
>>>> 
>>>> Ray
>>>> 
>>>> 
>>>>> On 19 Jul 2017, at 15:51, Kevin J. Ma <kevin.j.ma.ietf@gmail.com> wrote:
>>>>> 
>>>>> (as an individual) I agree with making the section more generic and citing HAS as a use case for token chaining.
>>>>> 
>>>>> Sent from my iPhone
>>>>> 
>>>>>> On Jul 19, 2017, at 9:43 AM, Phil Sorber <sorber@apache.org> wrote:
>>>>>> 
>>>>>> Since we have added the HAS content I have been thinking about how specific we have made it. Perhaps just specifying a method for token chaining, and then citing HAS as a use case makes more sense. I wanted to get some opinions on it before I make those changes. It shouldn't be that big of a change, just taking the HAS specific stuff and putting it in a lower "Use Case" sub-section at the bottom and leaving everything else as a "Signed Token Chaining" section.
>>>>>> 
>>>>>> Thoughts?
>>>>>> 
>>>>>> Thanks.
>>>>>> _______________________________________________
>>>>>> CDNi mailing list
>>>>>> CDNi@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/cdni
>>>> 
>>> 
>

v2.23.0 | Report a Bug | By Email