IETF Logo Mail Archive

Re: [CDNi] FW: New Version Notification for draft-fieau-interfaces-https-delegation-subcerts-01.txt

Christoph Neumann <Christoph.Neumann@broadpeak.tv> Tue, 15 February 2022 17:13 UTC

Return-Path: <Christoph.Neumann@broadpeak.tv>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C56723A0E79 for <cdni@ietfa.amsl.com>; Tue, 15 Feb 2022 09:13:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.799
X-Spam-Level:
X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=broadpeakshare.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cDNGB8_7LEXQ for <cdni@ietfa.amsl.com>; Tue, 15 Feb 2022 09:12:59 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02on0731.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe05::731]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DDB53A0E7A for <cdni@ietf.org>; Tue, 15 Feb 2022 09:12:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ROUNQj9gMczUXOz2nm6NmAbUsw5f0poKCJST79iY/6TBwp2ERyxZgJSrS4GlQ9CNsWt8QJIA7+aAfK6NXmrTzhscNOgt6y9c8UPORSmU6KprwZcZOoL5LeTf0CHQJ40/aKL8n7Dp0AmlhN8aKHyUhrfmIdg5IJ3nzS1Td5CAvNKO3Pzbm7IdpUzi7MmH5VbMc6V4kxW4yeYCxNhLplF/Pfg+yC8vOkr0NW7Gx+a6+sR7qvChWlfeM1W1pUrhtfR/ULe/ryCI7VcIMvW7zwi1i7d5rRtKf06jj42msJ0sTCQOxkwUz+1RhhH5QCUfWueUiBNLcq1aYMO6eAzLhg8RYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5ZUgZUrfNfsHhI3+vFVR4fEF4vGE7AXZ4E922httGkg=; b=Gj3cK4ryTd+c89svRWSB0r0tJzrBxj0I/YvtsHdIziy4f9pEJkrw+2+R19TsE6y2aG7l1VpiNGbl1Zyk9EdecLQV/uUdumi/Hgmu/TFlDhHFHYEjvAM4d4cidmhLn/2gU5NRKUwDYvk23DBMqSPRuJXzNZk8RjeTmpHSfOIcmnYE92/6l2c38rYp7h/vFDO8/Sp25hgZ6bkZsXmS7RgFpLqFYIJs+mDd9S3JP8fWejbjzxiGydPuAs69n5FR5YJXV/dpg6KaY8hT4cTgabg/pFm0KFQldvaeu/Kq56yPbb7dNu9oQ1UzKOxTcF7GYMgjqboHmA1+Z60pIQ0Gz2rbZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=broadpeak.tv; dmarc=pass action=none header.from=broadpeak.tv; dkim=pass header.d=broadpeak.tv; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadpeakshare.onmicrosoft.com; s=selector2-broadpeakshare-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5ZUgZUrfNfsHhI3+vFVR4fEF4vGE7AXZ4E922httGkg=; b=Hv2tAuoFm4tviXFU0JKhkJP6oh1PAoow0F6c0B8nCeFpSkNK7n4U06viA4KSN6VIbPTsR2S5Fq3LYfzukNALjG4r/JWtFQkHgT6CGMWedTCALiPYBTUgI/rCeOUgkF6HANGGeWbryK9jx09gKVrqG4NJ5nuk9ojBpS4lMHegEBI=
Received: from PRAPR10MB5273.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:293::14) by DB9PR10MB4537.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:22f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.14; Tue, 15 Feb 2022 17:12:52 +0000
Received: from PRAPR10MB5273.EURPRD10.PROD.OUTLOOK.COM ([fe80::ed53:2970:8f3f:2f9e]) by PRAPR10MB5273.EURPRD10.PROD.OUTLOOK.COM ([fe80::ed53:2970:8f3f:2f9e%2]) with mapi id 15.20.4975.019; Tue, 15 Feb 2022 17:12:52 +0000
From: Christoph Neumann <Christoph.Neumann@broadpeak.tv>
To: Kevin Ma <kevin.j.ma.ietf@gmail.com>
CC: "cdni@ietf.org" <cdni@ietf.org>
Thread-Topic: [CDNi] FW: New Version Notification for draft-fieau-interfaces-https-delegation-subcerts-01.txt
Thread-Index: AQHYEs3O/WGjyn79306MBfdlVJi0dqx1ebhggBh7AICABv2ugA==
Date: Tue, 15 Feb 2022 17:12:52 +0000
Message-ID: <PRAPR10MB5273B098872588130F6A47E08F349@PRAPR10MB5273.EURPRD10.PROD.OUTLOOK.COM>
References: <164321280803.8419.9611477208216008922@ietfa.amsl.com> <PRAPR10MB5273E44C9F88EBE2882AEBC08F209@PRAPR10MB5273.EURPRD10.PROD.OUTLOOK.COM> <CAMrHYE0TaHxBD7PH7Gc36T6zJWHo4kWQxHCDR4s_mWw0C2Ss1A@mail.gmail.com>
In-Reply-To: <CAMrHYE0TaHxBD7PH7Gc36T6zJWHo4kWQxHCDR4s_mWw0C2Ss1A@mail.gmail.com>
Accept-Language: en-US, fr-FR
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=broadpeak.tv;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b9d7500b-d725-4054-c0b0-08d9f0a66681
x-ms-traffictypediagnostic: DB9PR10MB4537:EE_
x-microsoft-antispam-prvs: <DB9PR10MB45370937D5735C156AF6AB028F349@DB9PR10MB4537.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hM8V7wiQWKzRzI+L3YQ1htyGwjm7mY4Iud0hQQbw0E+pAPsrMaH1K1yPYT7LlRdOaQHHkqFJ2ax/TkH0GB6rpaN2m/4NrGFTtfbMZlZlpJWUPUjhI5nRwSx+WiO5Tsh0+X9bG4Ic/WWnPKmq1KQxbl1CYmkwpIBA1O5fSnQ5h/jl2XgJnoOYcPch75g9XLbdCrP9YPzs/i1I7c3IWrNFQIJRt69BFa34BmH6egiGCD7gGv9bzNyYG+dScBlDokYdgr7opdOa0sNun5G3jm/12Oluc4Qo3Y44ptln9xN6W2Pa/MkwJm0tgq39CD4+tJLyK3xOxFRvJ6joZnAZVCGpSngnc8yWKmQRIEbEKMeCe+vs335MApTRss1D63n8wRQMvkJLUTCCV7Ck9hC66lMlUKp6AlptrXFyLanGWuyWFVrSsH38UF5cTSjzl/9tzGsw/2i9DRPo4USm1KiSd01ArDQY4sDsG4893ZCt7iy1PTgDPBisaCriIczmHQDQ4+BvW4qBPEtAX6fLQdLlz1y/ZsgsADQXapf7Y46hk7kuyyQwPf0XQpa72iwsddFMR3TC2pCpiEJyZlIh4/oKU+VI3+yUVSQXTfn8/nqMLHzdOewo6OL/cDwE3NiAdXuZWpK4s1OthBrqgTE80wId1cifxZJ1AolZeNxdS5PqwStCZOkcg2T3kocKP+JZn8OCjXxCIb+8UzuUMoRu0aRvathIljP/fGHtoLFt0U7CME6RCro8AtcCeWctV4jMTOHBDqHNpWONmBGvdGpFQ0wy3P/3CzERuu2AGfvSCelddXSxIM8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PRAPR10MB5273.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(122000001)(86362001)(6916009)(966005)(8936002)(66446008)(66556008)(66946007)(64756008)(508600001)(66476007)(52536014)(8676002)(76116006)(4326008)(5660300002)(71200400001)(66574015)(53546011)(7696005)(6506007)(33656002)(186003)(26005)(15650500001)(55016003)(83380400001)(166002)(316002)(38070700005)(38100700002)(9686003)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 0JB7Fu6tN51mIfqWtVZXCgF4YBDVqsTL1tOo2ItNjnm6dM+8zl7rINlDoSSPsydGfl2maMrL5kYJzdu9GZiGP8Qz5DNnVAEPSlCo3LXbwZX8a08OWCd4gjTdy3tyyZcJt5KNOHI/4TV7KIlWUkE5sTIe5R64YfxUIfFK1yiwP3AQG08VMFjEOv069BakCKmPUXjUJ8uTLGyBU+zhA8D2m8xmncYROnYC2TVPiB1AxEKzzEItF7m3xkwqgTdaFI+G8aBmNobkEiMstoSkUrDjgXdmzYlZdWUDD4K4vAeqZdJV0epHyCjkADtR5AE2pEAILvcUXqIKGIiUZQPyJLK5X2yfbDMyB5IGbWUoxyH5cDFV3ztxG4mb15sIOFz8woQ3nNytG4zotRKVq+y8M4AAeEQHUghLhL2FtD63ktjvfEK34yimLpu2SoYu/1L0tvwiBCsyyKHQi0ai0OObe012EyDHZFtYqlbJwvtkziRveEMJy7P6p/hx8WqNl0v1WGyHiFVYBQOclCvpv4jCIKo2ZOSTIiB2jn3USchLMyf3IIqgnBoA9t3XUML1EhTlS+fjoVYRsKV5UPmgUkhIozGptlJdvtQlaWHPQXsyevRCwAezCj5nKUSnKq2FKdPu/R6jxCPW1wnyFal7/fdqE1QEeqdmd6ALW6Dlzpx6JfeAsFG/z7RKTRZgZRfmLpPtLUh6wnNS7gMyV/bGkyv017yZ/PzPrXIo/WuLM1pXGWcdARarY1YIMeKQCyLum3oKm0sYwGApBTIBGbKX34goJX9s01z4V+ZcQQYv3tYjguXo0rCs760Bd2xFylQkE90ligatcZb/MRzXiANGgk10ZRLdNQ+bHifiEw21bXKICnJJADby0tLojR0WEp6OI9ziWPkQIv1YdyU7UJzOMzwgWJJxKCA8c5w4qpnL7TA48MgTpSdvggkAA9wf1KXcShItDanbfgpjjVOgOgBZggt76Z8kx3UihCF9wngclDmdTOnuS07GR/NdYjK5725fth+P6gHxSSDbeAPNodksBqTLUoSy93IylGuP1qHEZtfHqKB4sE1rnd29g4Z6mxsXHW9g5+9Lie/NSbMsmnmHo/ltRdZnsZMssVSD53ZAuSGxsvbt3sM4nch7BUWJh6CBwjq2JC61CtisvMr/GlTx82dgAW2bwpQZVz7YicISp6DFt7nugUHoMlMpCa5uV8BpcvdWPf66VY2r1s+3XjbYHqNxCXEhZe2m+aFRhSbPkKoO57+ykBgAO7U8M2/ldQgPAatef0IchpRICEJw+nwQ+wU5y+SiBnU00EC+39g2dDuVcoOZCx1BfOY+BmOLxiPWvGrCDB6Fv+mrc079ZPJby277qx1b52VrAKWL/F+jPDaDZdzNoqMgHBSLJ3ohvoKBgor2JivLDZ0Yf7l2dEv0uFF5FllFStm4bJrbKZFybCDNYrBs6Obbs6sgV4JmxhXLDK8Pcz3qxanX91JUh0roG6uTsTBFgdXBMvPatGBeXshSKy3mhcAPcF3MlhHfypafZoGBnhQqWVy4DFuCMCGWurnclEO65gCog3tofsjrPgwDDQWt6NvVD5QgkSdRGTSowIHx6dBew02Ngr5SQl8H5K+vu7bKilEFNcLgWPyPr1+T8PyOuoQGmXh4B8T1VUHlf4KUXLHnfYmZPcws3IhfTlT1kRJB3A==
Content-Type: multipart/alternative; boundary="_000_PRAPR10MB5273B098872588130F6A47E08F349PRAPR10MB5273EURP_"
MIME-Version: 1.0
X-OriginatorOrg: broadpeak.tv
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PRAPR10MB5273.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b9d7500b-d725-4054-c0b0-08d9f0a66681
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Feb 2022 17:12:52.3871 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0ebe44ea-c9c9-438d-a040-7e699f358ed4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NryGw1ZGmxF0DNX/XU+8Yn891kHfEaRg2bSAZWrLeQc3tdrEaYBfjOajoCrdjiHetBDb00LwdmashVF77KcY1st8Wu7rsQsbP2PbEelt5aQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR10MB4537
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/Irlwa2SPyf7pLS1rUGo7Bs2Mecc>
Subject: Re: [CDNi] FW: New Version Notification for draft-fieau-interfaces-https-delegation-subcerts-01.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2022 17:13:05 -0000

Hi Kevin,

Thanks for your comments.

MI.DelegatedCredentials may or may not be part of the Metadata Interface (MI) described in RFC8006 (In theory, it should not part of it, I agree with you here, at least as it is in the current proposal) but it should be somehow part of CDNi .

The way to retrieve MI.DelegatedCredentials as defined in the proposal is a bit particular. As only the dCDN knows how many delegated credentials (MI.DelegatedCredentials) it needs , it must fetch/request as many MI.DelegatedCredentials as required. On the other side, the uCDN may decide to respond with different or identical MI.DelegatedCredentials payloads.  I also note that there is an error in the current text which can be a bit confusing: page 4: second paragraph, we should read:

"The MI.ConfDelegatedCredentials contains a URI (credentials-location-uri) that allows the dCDN to download delegated credentials. The expected behavior of this URI is that each time that the dCDN accesses this URI a MI.DelegatedCredentials object containing a delegated credential with its corresponding private key is delivered."

I reckon this workflow is not typical to RFC8006 which would favor a separate/new interface for describing that process. This drives to the possibility of only adding MI.ConfDelegatedCredentials to MI (RFC8006) . However, if we cannot describe the protocol to fetch the MI.DelegatedCredentials object and its payload structure (i.e. private key +  DelegatedCredential as defined in [I-D.ietf-tls-subcerts]) as part of CDNi, the MI.ConfDelegatedCredentials becomes pointless. Ideally, we should generate a new CDNi interface dedicated to subcert describing the MI.DelegatedCredentials payload and the protocol between the uCDN and dCDN.

There is however a possible complementary solution to this. The dCDN may advertise about supporting the subcert capability through a dedicated new FCI object named e.g., FCI.delegatedCredentials. The latter would indicate the number of required [different] delegated credential objects. The uCDN when configuring the dCDN would then use an MI object (we can name it MI.ConfDelegatedCredentials) to communicate the delegated credentials (i.e. private key +  DelegatedCredential) via an array of MI objects. I.e, MI.ConfDelegatedCredentials would be defines as:
Property: array of MI.DelegatedCredentials objects.

The MI.ConfDelegatedCredentials object would have to be updated/communicated by the uCDN each time any or all of the delegated credential's validity is going to expired and/or each time a new FCI.delegatedCredentials object is updated/created.  With that way to do we stay compatible with the RFC 8006 spirit, do not need an extra CDNi interface and provides a complete/coherent mechanism for configuring the dCDN with the delegated credentials.

Any thoughts on this latter proposal?

Christoph


From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Sent: vendredi 11 février 2022 07:04
To: Christoph Neumann <Christoph.Neumann@broadpeak.tv>
Cc: cdni@ietf.org
Subject: Re: [CDNi] FW: New Version Notification for draft-fieau-interfaces-https-delegation-subcerts-01.txt

Hi Christoph,

  (As Chair) I think it is fair to call for adoption of the draft, since it was just a split, though I think it would be good to reaffirm that the WG has an appetite for this work, since it has been a while since we agreed to adopt the original draft.  If folks could please confirm on the list that they believe TLS subcerts are still useful to support in CDNI, that would be great.

  (As an Individual) The actual requirements to support TLS subcerts seem pretty minimal (see my comments on the draft below).  Assuming the TLS subcerts draft is on track to be published (I see that the AD recently requested a revision), I am in favor of adopting the draft.

thanx!

--  Kevin J. Ma

comments:
---------

- does "MI.DelegatedCredentials" need to be defined in this draft?  It is not transferred via the MI?  is "MI.ConfDelegatedCredentials" sufficient for CDNI's purposes?
- in the call flows, it looks like only steps 3 and 4 for "MI.ConfDelegatedCredentials" are related to CDNI?  perhaps we could make that even more clear, so that there aren't a lot of questions about the security of what's being proposed?
- the draft needs security and privacy sections (the security section gets easier if we are clear that the draft only really defines the "MI.ConfDelegatedCredentials" object which is a simple link and subcerts does all the heavy security lifting; the privacy section gets easier if we remove MI.DelegatedCredentials and let the subvert draft deal with passing around a "private key")



On Wed, Jan 26, 2022 at 11:33 AM Christoph Neumann <Christoph.Neumann@broadpeak.tv<mailto:Christoph.Neumann@broadpeak.tv>> wrote:
Dear all,

I submitted a new version of the draft on CDNI Metadata for Delegated Credentials (see below).

As discussed and agreed in the CDNi working group, this draft resulted from splitting the original CDNi extensions for HTTPS delegation draft (draft-ietf-cdni-interfaces-https-delegation) into two:
- one that handles STAR/ACME type delegation, which remained in draft-ietf-cdni-interfaces-https-delegation
- one that handles delegated credentials, described in draft-fieau-interfaces-https-delegation-subcerts

The delegated credentials draft is currently handled as an individual submission, and I would like to ask for adoption of this draft in the CDNi working group.

Further, feel free to comment the draft on the mailing list.

Best regards,
Christoph

-----Original Message-----
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Sent: mercredi 26 janvier 2022 17:00
To: Christoph Neumann <christoph.neumann@broadpeak.tv<mailto:christoph.neumann@broadpeak.tv>>; Emile Stephan <emile.stephan@orange.com<mailto:emile.stephan@orange.com>>; Frederic Fieau <frederic.fieau@orange.com<mailto:frederic.fieau@orange.com>>; Guillaume Bichot <guillaume.bichot@broadpeak.tv<mailto:guillaume.bichot@broadpeak.tv>>; Stephan Emile <emile.stephan@orange.com<mailto:emile.stephan@orange.com>>
Subject: New Version Notification for draft-fieau-interfaces-https-delegation-subcerts-01.txt


A new version of I-D, draft-fieau-interfaces-https-delegation-subcerts-01.txt
has been successfully submitted by Christoph Neumann and posted to the IETF repository.

Name:           draft-fieau-interfaces-https-delegation-subcerts
Revision:       01
Title:          CDNI Metadata for Delegated Credentials
Document date:  2022-01-26
Group:          Individual Submission
Pages:          9
URL:            https://www.ietf.org/archive/id/draft-fieau-interfaces-https-delegation-subcerts-01.txt<https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-fieau-interfaces-https-delegation-subcerts-01.txt&data=04%7C01%7CChristoph.Neumann%40broadpeak.tv%7C31b30e046460458449b208d9ed24543b%7C0ebe44eac9c9438da0407e699f358ed4%7C0%7C0%7C637801562557792088%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=QFaHDtkpfYfrjAYDDoIXmSdxmjt04eywDjttAdk4FLo%3D&reserved=0>
Status:            https://datatracker.ietf.org/doc/draft-fieau-interfaces-https-delegation-subcerts/<https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-fieau-interfaces-https-delegation-subcerts%2F&data=04%7C01%7CChristoph.Neumann%40broadpeak.tv%7C31b30e046460458449b208d9ed24543b%7C0ebe44eac9c9438da0407e699f358ed4%7C0%7C0%7C637801562557792088%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=%2FPtgxFHH9o8Ze%2FwpdzoY%2FMRfUKqGhnA%2FcKNEmp7a5%2F4%3D&reserved=0>
Htmlized:            https://datatracker.ietf.org/doc/html/draft-fieau-interfaces-https-delegation-subcerts<https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-fieau-interfaces-https-delegation-subcerts&data=04%7C01%7CChristoph.Neumann%40broadpeak.tv%7C31b30e046460458449b208d9ed24543b%7C0ebe44eac9c9438da0407e699f358ed4%7C0%7C0%7C637801562557792088%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Wn1%2B4HCdvDzpfYTK3ZEyXnS3Rwi%2BKn6hvusuA02hkqA%3D&reserved=0>
Diff:            https://www.ietf.org/rfcdiff?url2=draft-fieau-interfaces-https-delegation-subcerts-01<https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-fieau-interfaces-https-delegation-subcerts-01&data=04%7C01%7CChristoph.Neumann%40broadpeak.tv%7C31b30e046460458449b208d9ed24543b%7C0ebe44eac9c9438da0407e699f358ed4%7C0%7C0%7C637801562557792088%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=cG1nvUUcogl7El1rhkA14b1Lltcca%2FpDazw8JTSj6PA%3D&reserved=0>

Abstract:
   The delivery of content over HTTPS involving multiple CDNs raises
   credential management issues.  This document defines metadata in CDNI
   Control and Metadata interface to setup HTTPS delegation using
   Delegated Credentials from an Upstream CDN (uCDN) to a Downstream CDN
   (dCDN).





The IETF Secretariat


_______________________________________________
CDNi mailing list
CDNi@ietf.org<mailto:CDNi@ietf.org>
https://www.ietf.org/mailman/listinfo/cdni<https://fra01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fcdni&data=04%7C01%7CChristoph.Neumann%40broadpeak.tv%7C31b30e046460458449b208d9ed24543b%7C0ebe44eac9c9438da0407e699f358ed4%7C0%7C0%7C637801562557792088%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=b1aEa%2FVaj%2Fkyzf8zUJGCX8cUwfWKezIdQLWHA41uMlE%3D&reserved=0>

v2.23.0 | Report a Bug | By Email