[CDNi] Protocol Action: 'URI Signing for Content Delivery Network Interconnection (CDNI)' to Proposed Standard (draft-ietf-cdni-uri-signing-26.txt)

The IESG <iesg-secretary@ietf.org> Wed, 23 March 2022 10:01 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, cdni-chairs@ietf.org, cdni@ietf.org, draft-ietf-cdni-uri-signing@ietf.org, francesca.palombini@ericsson.com, kevin.j.ma@ericsson.com, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <164802971267.30355.14500172139962727009@ietfa.amsl.com>
Date: Wed, 23 Mar 2022 03:01:52 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/IWgQ0HIhhmX1MdCimwzdkaDFnD0>
Subject: [CDNi] Protocol Action: 'URI Signing for Content Delivery Network Interconnection (CDNI)' to Proposed Standard (draft-ietf-cdni-uri-signing-26.txt)

The IESG has approved the following document:
- 'URI Signing for Content Delivery Network Interconnection (CDNI)'
  (draft-ietf-cdni-uri-signing-26.txt) as Proposed Standard

This document is the product of the Content Delivery Networks Interconnection
Working Group.

The IESG contact persons are Murray Kucherawy and Francesca Palombini.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-cdni-uri-signing/




Technical Summary
This document describes how the concept of URI signing supports the
content access control requirements of CDNI and proposes a URI signing
method as a JSON Web Token (JWT) profile. The proposed URI signing method
specifies the information needed to be included in the URI to transmit
the signed JWT, as well as the claims needed by the signed JWT to
authorize a UA.  The mechanism described can be used both in CDNI and
single CDN scenarios.

Working Group Summary
The document has been extensively reviewed and vetted by the WG.    At
this point, the WG feels that it is mature and complete.  It originally
went to WGLC in July 2016.  In an pre-sec-dir review, Matt Miller had
"reinventing the wheel" (more specifically, reinventing crypto wheels by
non-security folks) concerns (see
https://mailarchive.ietf.org/arch/msg/cdni/3xTSo1OzQyFf6ky8gj8kMxPTU1Q/).
 At that time, it was decided to rewrite the draft to rely on JWT for the
security aspects.  This greatly simplified the security aspects of the
draft to specifying just the JWT claims needed to implement the CDNI
security policies.

There are known security limitations with URI signing, and they are
documented in the Introduction and Security Considerations sections.  If
used responsibly for its intended purpose, URI signing serves a specific
function providing basic access control, useful in protecting the CDN
itself (though not necessarily the content being served by the CDN). 
Though these limitations are often misunderstood by or misrepresented to
content owners, URI signing is widely used for its intended (stated)
purpose by network operators.  Because of this wide use, the WG feels
that standardizing URI signing is important for interoperability.


Document Quality
The draft has undergone significant rewrite multiple times as a result of
the reviews and implementations.  There are commercial implementations,
as well as interest and review by other SDOs (e.g., the Streaming Video
Alliance and the MPEG WG, see
https://datatracker.ietf.org/liaison/1413/).  During the most recent
rewrite, over the course of many IETFs, the authors, interested parties,
and WG discussed all aspects of the switch to JWT.  In the more recent
revisions, non-editorial changes were primarily the result of
implementation findings.

Personnel
Document Shepherd: Kevin J. Ma
Responsible AD: Barry Leiba

[CDNi] Protocol Action: 'URI Signing for Content … The IESG