Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-09.txt
Kevin Ma <kevin.j.ma.ietf@gmail.com> Fri, 29 July 2022 13:46 UTC
Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD0D2C15C511 for <cdni@ietfa.amsl.com>; Fri, 29 Jul 2022 06:46:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqN1qedhps2e for <cdni@ietfa.amsl.com>; Fri, 29 Jul 2022 06:46:46 -0700 (PDT)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EDA3C14CF03 for <cdni@ietf.org>; Fri, 29 Jul 2022 06:46:46 -0700 (PDT)
Received: by mail-pf1-x436.google.com with SMTP id b9so4661296pfp.10 for <cdni@ietf.org>; Fri, 29 Jul 2022 06:46:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VadFm57sLtfWh6cZTa2waUmjRxuH1MabndTbl6lohbE=; b=VvwC0J0HBu0FXmRIzYypYPzBEVlE+VyBJZYqSDH+NzRbTkOGu2z01jI1O0VrJWfac7 y0SqEQspaYUirW9bN5neql5Pb3ZlrOcMWRWi89NosIda61TLSN2N0odTPPrXNAv0nxqq DaRLnCYpx+ZeAUppP/KU2g8pLvL5JnCDJDOea0DyaKdlTXnIYwgY3z6uMU+7dRDklY1d cJKOLKXQ6V+Hq9rRD0luS67atnt2aSBq8OLr5zNzxMU4oV7JxjyA9vSkYCHjreTQgj44 51Jk26uXlUoSPyKk6890xaGvDPnH+F7W/wNuIXHtOtaPr9I9IwmbJ8Ex46NzDSygxvNz oPew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VadFm57sLtfWh6cZTa2waUmjRxuH1MabndTbl6lohbE=; b=ZwwwQ64A7cX7a0+Dj+BLVBx4A1BW9kOd72d1E9dR/wXS9do6PZ9TXSEh05bKvAE5Zq DY/CV8Ql0vdu7+9nilmOfDmsjsO5ObwMorfR+LxV1eDtmAdHFep1ZgiSChIA8BXKsBtA f10hAaqjgL2Umj04zCN9xm7ChCQsS8foCNanKUWTSPs86RwdbwDSgIBq6Hhnmk/q1tP1 xu0wRQX5HoSNdduRNO/c2uqT8PihZZI3ekye485wabG7vTunF6imxOnUPd+3RepDILpN V9tmS0zDC8iAalds3vJk9ceWsQyUtyK45bnM4Rs7V5a7aSEavXg9+hS+dK7I4GEr1VOk lENA==
X-Gm-Message-State: AJIora9YMgliA4gfPT4A3Gjomzove/dhZCHcPI4maO6KZMufZ7GbpCmc X8q1izewNDt80i588L22HFGEbdzlbyltV834suD9yMPpKwE=
X-Google-Smtp-Source: AGRyM1uex+hVarxBE8Qj3kck6BRpcJGb2bQVO34cZiL1m1dB2iL+4sQ0lpUMKdUBzI3VOkyHsjlOpdllVYRIL0bmM0c=
X-Received: by 2002:a62:1a08:0:b0:52c:147:c517 with SMTP id a8-20020a621a08000000b0052c0147c517mr3662505pfa.85.1659102405341; Fri, 29 Jul 2022 06:46:45 -0700 (PDT)
MIME-Version: 1.0
References: <165729427993.39080.17406768534072744732@ietfa.amsl.com> <17832_1657300932_62C867C4_17832_349_1_586565583e6246baa836eb4c2eb508dd@orange.com> <CAMrHYE26xNLh=3Z=QyRL61knd9CP=yQ3P58BJgxbXSB+ce7QXw@mail.gmail.com>
In-Reply-To: <CAMrHYE26xNLh=3Z=QyRL61knd9CP=yQ3P58BJgxbXSB+ce7QXw@mail.gmail.com>
From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Date: Fri, 29 Jul 2022 09:46:34 -0400
Message-ID: <CAMrHYE03mco4+aEfTv-xg9Pn_6F_uug9u=+LpoWA0pKMTj3Hvg@mail.gmail.com>
To: Frederic Fieau <frederic.fieau@orange.com>
Cc: "cdni@ietf.org" <cdni@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000084348105e4f1e152"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/IQ4jcJ_eli13q-OmbzUw20Be1Vo>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-09.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2022 13:46:49 -0000
Hi Frederic, Some comments on the updated draft below. thanx! -- Kevin J. Ma section 1: remove "Furthermore, it includes a proposal of IANA registry to enable adding of delegation methods." There is no longer a new registry? section 3: I don't see any need for a new FCI object. RFC8008 already has an FCI.Metadata object, and MI.AcmeStarDelegationMethod can just be advertised through that existing object? section 4.1: This section seems to mostly just explain how the Metadata interface works? I don't think it is necessary. I would just remove this section. The final example of what a serialized MI.AcmeStarDelegationMethod generic metadata object looks like should be in a section 4.2.1 (including the generic-metadata-type) and referenced from IANA section 5.1 section 6: If the ACME delegation objects were divulged, what would be the impact? Yes, they should be protected by the proper/mandated encryption and authentication on the Metadata interface, but I think it is best to document what is at stake (if anything) nits: - section 1: "holder of a X.509" -> "a holder of ane X.509" "on-demand a X.509" -> "on-demand an X.509" (multiple places) "use of certificate authority" -> "use of the certificate authority" "an upstream CDN (uCDN) and a downstream CDN (dCDN)" -> "a uCDN and a dCDN" "based on mechanism specified" -> "based on the mechanism specified" - section 4.1: "CDNI Delegation metadata" -> "ACMEStarDelegationMethod metadata" ? "an HostMatch object" -> "a HostMatch object" (multiple places) "The existence of delegation method in the CDNI metadata Object" -> "The existence of ACMEStarDelegationMethod in the CDNI metadata" "set of Host" -> "set of Hosts" - section 4.2: "(i.e. dCDN)" -> "(i.e., the dCDN)" "end-user client, a short-term" -> "end-user client a short-term" - section 5.1: "see Section 5" -> "see Section 4.2.1" On Sat, Jul 9, 2022 at 9:55 AM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote: > Hi Frederic, > > (As Chair) Thanks for the updated draft. If we think this is pretty > close to final, I will start my pre-shepherd review. I encourage everyone > to please take a look, as we would like to try and finish up this work by > IETF 115. > > I fully support updating the name of the draft to deconflict it from the > subcerts draft. > > thanx! > > -- Kevin J. Ma > > > On Fri, Jul 8, 2022 at 1:22 PM <frederic.fieau@orange.com> wrote: > >> Hi all >> >> I've submitted the -09 version of >> draft-ietf-cdni-interfaces-https-delegation-09. Changes are mainly on the >> abstract and introduction. >> Also I would suggest to change the title to : "CDNI metadata for HTTPS >> delegation using Short-Term Automatically Renewed Certificates". >> >> Feel free to comment. >> >> Thank you, >> Regards, >> Frederic >> >> >> >> Orange Restricted >> >> -----Message d'origine----- >> De : CDNi <cdni-bounces@ietf.org> De la part de internet-drafts@ietf.org >> Envoyé : vendredi 8 juillet 2022 17:31 >> À : i-d-announce@ietf.org >> Cc : cdni@ietf.org >> Objet : [CDNi] I-D Action: >> draft-ietf-cdni-interfaces-https-delegation-09.txt >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Content Delivery Networks >> Interconnection WG of the IETF. >> >> Title : CDNI extensions for HTTPS delegation >> Authors : Frederic Fieau >> Emile Stephan >> Sanjay Mishra >> Filename : draft-ietf-cdni-interfaces-https-delegation-09.txt >> Pages : 9 >> Date : 2022-07-08 >> >> Abstract: >> This document defines a new Footprint and Capabilities metadata >> objects to support HTTPS delegation between two or more >> interconnected CDNs. Specifically, this document outlines CDNI >> Metadata interface objects for delegation method as published in the >> ACME-STAR document [RFC9115]. >> >> >> The IETF datatracker status page for this draft is: >> >> https://datatracker.ietf.org/doc/draft-ietf-cdni-interfaces-https-delegation/ >> >> There is also an HTML version available at: >> >> https://www.ietf.org/archive/id/draft-ietf-cdni-interfaces-https-delegation-09.html >> >> A diff from the previous version is available at: >> >> https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-interfaces-https-delegation-09 >> >> >> Internet-Drafts are also available by rsync at rsync.ietf.org: >> :internet-drafts >> >> >> _______________________________________________ >> CDNi mailing list >> CDNi@ietf.org >> https://www.ietf.org/mailman/listinfo/cdni >> >> >> _________________________________________________________________________________________________________________________ >> >> Ce message et ses pieces jointes peuvent contenir des informations >> confidentielles ou privilegiees et ne doivent donc >> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez >> recu ce message par erreur, veuillez le signaler >> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages >> electroniques etant susceptibles d'alteration, >> Orange decline toute responsabilite si ce message a ete altere, deforme >> ou falsifie. Merci. >> >> This message and its attachments may contain confidential or privileged >> information that may be protected by law; >> they should not be distributed, used or copied without authorisation. >> If you have received this email in error, please notify the sender and >> delete this message and its attachments. >> As emails may be altered, Orange is not liable for messages that have >> been modified, changed or falsified. >> Thank you. >> >> _______________________________________________ >> CDNi mailing list >> CDNi@ietf.org >> https://www.ietf.org/mailman/listinfo/cdni >> >
- [CDNi] I-D Action: draft-ietf-cdni-interfaces-htt… internet-drafts
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… frederic.fieau
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… frederic.fieau
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… frederic.fieau