[CDNi] Protocol Action: 'URI Signing for Content Delivery Network Interconnection (CDNI)' to Proposed Standard (draft-ietf-cdni-uri-signing-26.txt)
The IESG <iesg-secretary@ietf.org> Wed, 23 March 2022 10:01 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: cdni@ietf.org
Delivered-To: cdni@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ACCB03A1B1F; Wed, 23 Mar 2022 03:01:52 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 7.46.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, cdni-chairs@ietf.org, cdni@ietf.org, draft-ietf-cdni-uri-signing@ietf.org, francesca.palombini@ericsson.com, kevin.j.ma@ericsson.com, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <164802971267.30355.14500172139962727009@ietfa.amsl.com>
Date: Wed, 23 Mar 2022 03:01:52 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/IWgQ0HIhhmX1MdCimwzdkaDFnD0>
Subject: [CDNi] Protocol Action: 'URI Signing for Content Delivery Network Interconnection (CDNI)' to Proposed Standard (draft-ietf-cdni-uri-signing-26.txt)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 10:01:59 -0000
The IESG has approved the following document: - 'URI Signing for Content Delivery Network Interconnection (CDNI)' (draft-ietf-cdni-uri-signing-26.txt) as Proposed Standard This document is the product of the Content Delivery Networks Interconnection Working Group. The IESG contact persons are Murray Kucherawy and Francesca Palombini. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-cdni-uri-signing/ Technical Summary This document describes how the concept of URI signing supports the content access control requirements of CDNI and proposes a URI signing method as a JSON Web Token (JWT) profile. The proposed URI signing method specifies the information needed to be included in the URI to transmit the signed JWT, as well as the claims needed by the signed JWT to authorize a UA. The mechanism described can be used both in CDNI and single CDN scenarios. Working Group Summary The document has been extensively reviewed and vetted by the WG. At this point, the WG feels that it is mature and complete. It originally went to WGLC in July 2016. In an pre-sec-dir review, Matt Miller had "reinventing the wheel" (more specifically, reinventing crypto wheels by non-security folks) concerns (see https://mailarchive.ietf.org/arch/msg/cdni/3xTSo1OzQyFf6ky8gj8kMxPTU1Q/). At that time, it was decided to rewrite the draft to rely on JWT for the security aspects. This greatly simplified the security aspects of the draft to specifying just the JWT claims needed to implement the CDNI security policies. There are known security limitations with URI signing, and they are documented in the Introduction and Security Considerations sections. If used responsibly for its intended purpose, URI signing serves a specific function providing basic access control, useful in protecting the CDN itself (though not necessarily the content being served by the CDN). Though these limitations are often misunderstood by or misrepresented to content owners, URI signing is widely used for its intended (stated) purpose by network operators. Because of this wide use, the WG feels that standardizing URI signing is important for interoperability. Document Quality The draft has undergone significant rewrite multiple times as a result of the reviews and implementations. There are commercial implementations, as well as interest and review by other SDOs (e.g., the Streaming Video Alliance and the MPEG WG, see https://datatracker.ietf.org/liaison/1413/). During the most recent rewrite, over the course of many IETFs, the authors, interested parties, and WG discussed all aspects of the switch to JWT. In the more recent revisions, non-editorial changes were primarily the result of implementation findings. Personnel Document Shepherd: Kevin J. Ma Responsible AD: Barry Leiba