IETF Logo Mail Archive

Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt

Kevin Ma <kevin.j.ma.ietf@gmail.com> Wed, 10 November 2021 18:07 UTC

Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 537843A1230 for <cdni@ietfa.amsl.com>; Wed, 10 Nov 2021 10:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z_5KDf7hGxOL for <cdni@ietfa.amsl.com>; Wed, 10 Nov 2021 10:06:57 -0800 (PST)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AE503A122B for <cdni@ietf.org>; Wed, 10 Nov 2021 10:06:57 -0800 (PST)
Received: by mail-pl1-x62a.google.com with SMTP id k4so3655781plx.8 for <cdni@ietf.org>; Wed, 10 Nov 2021 10:06:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DB+MuiXWsWs6rLb5DVxXllbaz11r85OFK/AMkAajxsA=; b=gN8ShOoPOSbym4REaLgzXtKHRpC4ZdzBfwdu5lpZfU+WyZZ280SKEZxqY5dGlM2fnT GVMtvjw5XfLLYNPrcBA6/jKEtBgy4vIZ2Oc8Q4a/0B40yWd5dCfKgBI+C6MZoYNCCcoW LroFsG20lVCupuo3hxwmWshY08W7onpiHW888C4qcvwlzkY+M2bXHDKW9Ncr2e0trT6k L5m8Jn7b2qjKPBzkCKR85JkkD+9z+tQy/CLwVQXTOc7gdCQ0D33mo6KdhQHAwW5nwPl9 jhmUR4V2Tv1UMvez2sdxEKlpvt6rcXkbx/AzrbvlTbwt9rtcoEewW2q61ZKXG1RkTtHk Qo/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DB+MuiXWsWs6rLb5DVxXllbaz11r85OFK/AMkAajxsA=; b=jJ+DLjy57Lkqv671DH2+7jvUXAkgx6RqKy/bC766FiJTtdAjJ/BrXzElxYoglJcTag A+NaAJ5ncBpudegWgAGq1cwKLHd6Z2gcBtOyAGiQjdjs1JmMaC9w8xG20tPX8DIqnmhx D3Z4Qgu1VN4PG4ywGHDw82syLLBrGyLE2/nK//YLWWfGYZ6QgYwrfHBoILgoBHnR6PGp T+knX3aML+T2ybLJS2XuYc9zvuqAJcAGuPXopwOW704Jr4cf/3oRV81koo+mQBgMEpFV xlHWmWHeupQXId3kcdw4vnYXJslSS5BWRyh3AlfHHIHsUPPfrdOGBSt20dOQ+FvUUymn u+hw==
X-Gm-Message-State: AOAM531Vn/w8Xid6L2fqlCw+bRhKS/pYSvqcyXCIRjyfYtzBeOJWtIZu CNfDrgS//BfOZoXDaWO9iCQM1ArOwi1SqizynDk=
X-Google-Smtp-Source: ABdhPJzXgf2Hg8++2KCiAENnCw1Uv5tVk1Z6lOlzl1QKa87ft8Yy7BzvA4oNJTvcLmNTo1zC80i9XBtZWiRZv5+7nT8=
X-Received: by 2002:a17:90b:4a83:: with SMTP id lp3mr19231103pjb.242.1636567615736; Wed, 10 Nov 2021 10:06:55 -0800 (PST)
MIME-Version: 1.0
References: <163520346940.2076.13669341839825557305@ietfa.amsl.com> <CAMrHYE0tCc8idgi0-Fp+bcykW==Sv-FkqsqNmRMS19jgESqj8g@mail.gmail.com> <CABF6JR1UvFsBTS4EpUnGJ=Frxdvb=PSDqu9BHY9R=RPH3ZPh=Q@mail.gmail.com> <CAJEGKNtajKcuPtHOSdGZXQzTsi4jM50+CDr3GM8vGH=p5Ehg3g@mail.gmail.com> <CABF6JR3R_eOXWJzE_45nkZY+VE6qy7urpr0AigjR1hZQOPBFyQ@mail.gmail.com> <CAJEGKNtUm8bC5R_0yFBM+45uk0yuyyAMRCAD8i1w2qGXy3anig@mail.gmail.com> <CAMrHYE1NsUEuMq1MirkypjToBAq-Ddq8-dUMrk73o9+p39G_=w@mail.gmail.com>
In-Reply-To: <CAMrHYE1NsUEuMq1MirkypjToBAq-Ddq8-dUMrk73o9+p39G_=w@mail.gmail.com>
From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Date: Wed, 10 Nov 2021 13:06:44 -0500
Message-ID: <CAMrHYE0QHn6Ag6bqxV3h3WkHe91ypL4P1x7t2Vo2MBNMigQTRQ@mail.gmail.com>
To: Chris Lemmons <alficles@gmail.com>
Cc: Phil Sorber <sorber@apache.org>, "<cdni@ietf.org>" <cdni@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000630d9f05d07317f5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/LcUte1QGXJ0F8ubg0u9AFOxb4cI>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 18:07:02 -0000

note: we could also use direct section references...

On Wed, Nov 10, 2021 at 1:05 PM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote:

> Thanks for the text Chris,
>
>   Is there a reason to only reference 3.2.8 and not 3.2.9 for form-style
> parameters?
>
>   There is some redundancy in the MUSTs.  What about:
>
> The URI Signing Package will be found by parsing any path-style parameters
> [RFC6570] and form-style parameters [RFC6570] looking for a key name
> matching the URI Signing Package Attribute.  Both path-style parameters
> (generated in the form indicated by Section 3.2.7 of [RFC6570]) and
> form-style parameters (generated in the form indicated by Sections 3.2.8
> and 3.2.9 of [RFC6570]) MUST be supported.  The first matching parameter
> SHOULD be taken to provide the signed JWT, though providing more than one
> matching key is undefined behavior.
>
> thanx!
>
> --  Kevin J. Ma
>
> On Wed, Nov 10, 2021 at 2:38 AM Chris Lemmons <alficles@gmail.com> wrote:
>
>> To save a click, here's the text:
>>
>> The URI Signing Package will be found by parsing any path-style
>> parameters and
>> form-style parameters looking for a key name matching the URI Signing
>> Package Attribute.
>> Both parameter styles MUST be supported to allow flexibility of operation.
>> The first matching parameter SHOULD be taken to provide the signed
>> JWT, though providing
>> more than one matching key is undefined behavior. Path-style
>> parameters generated in the
>> form indicated by Section 3.2.7 of [RFC6570] MUST be supported.
>> Form-style parameters generated in the form indicated by Section 3.2.8
>> of [RFC6570]
>> MUST be supported.
>>
>> The last two sentences are what I'm proposing we add. This was the
>> simplest variation I could come up with that doesn't add a whole bunch
>> of construction rules to this document, but provides at least one
>> clear MUST-accept implementation for each style that allows a dCDN to
>> be certain that it knows how to find the URIs.
>>
>> On Tue, Nov 9, 2021 at 8:46 AM Phil Sorber <sorber@apache.org> wrote:
>> >
>> > Thanks, I merged two of these, but I think we should have a little more
>> time to think on #72 before we merge it, just because it's been so debated
>> and I don't want to keep changing it.
>> >
>> > On Tue, Nov 9, 2021 at 1:01 AM Chris Lemmons <alficles@gmail.com>
>> wrote:
>> >>
>> >> Fixes for nits, regrettably also including the same ones you just
>> >> fixed in 69: https://github.com/PSUdaemon/URISigningSpec/pull/70
>> >>
>> >> Updates that I _think_ fix the weird figure text? I'm not certain this
>> >> is the best way to do it, but the existing way looks odd. Look at the
>> >> diff linked earlier and check out the figure titles.
>> >> https://github.com/PSUdaemon/URISigningSpec/pull/71
>> >>
>> >> The much-belated text I promised a while back on 6570:
>> >> https://github.com/PSUdaemon/URISigningSpec/pull/72
>> >>
>> >> On Mon, Nov 8, 2021 at 7:55 PM Phil Sorber <sorber@apache.org> wrote:
>> >> >
>> >> > https://github.com/PSUdaemon/URISigningSpec/pull/69
>> >> >
>> >> > On Sat, Nov 6, 2021 at 10:02 PM Kevin Ma <kevin.j.ma.ietf@gmail.com>
>> wrote:
>> >> >>
>> >> >> Hi Phil,
>> >> >>
>> >> >>   Thanks for getting the updated draft out.  A couple typos/nits:
>> >> >>
>> >> >>   - section 2.1.10: "for example in" -> "for example, in"
>> >> >>   - section 3.2.1: "MAY bt" -> "MAY be"
>> >> >>   - section 4: "after and access" -> "after an access"
>> >> >>   - section 4.4: remove "against the key issuer with"
>> >> >>   - section 5.2: "Sigbned" -> "Signed"
>> >> >>
>> >> >> --  Kevin J. Ma
>> >> >>
>> >> >>
>> >> >> On Mon, Oct 25, 2021 at 7:12 PM <internet-drafts@ietf.org> wrote:
>> >> >>>
>> >> >>>
>> >> >>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>> >> >>> This draft is a work item of the Content Delivery Networks
>> Interconnection WG of the IETF.
>> >> >>>
>> >> >>>         Title           : URI Signing for Content Delivery Network
>> Interconnection (CDNI)
>> >> >>>         Authors         : Ray van Brandenburg
>> >> >>>                           Kent Leung
>> >> >>>                           Phil Sorber
>> >> >>>         Filename        : draft-ietf-cdni-uri-signing-22.txt
>> >> >>>         Pages           : 42
>> >> >>>         Date            : 2021-10-25
>> >> >>>
>> >> >>> Abstract:
>> >> >>>    This document describes how the concept of URI Signing supports
>> the
>> >> >>>    content access control requirements of Content Delivery Network
>> >> >>>    Interconnection (CDNI) and proposes a URI Signing method as a
>> JSON
>> >> >>>    Web Token (JWT) profile.
>> >> >>>
>> >> >>>    The proposed URI Signing method specifies the information
>> needed to
>> >> >>>    be included in the URI to transmit the signed JWT, as well as
>> the
>> >> >>>    claims needed by the signed JWT to authorize a User Agent
>> (UA).  The
>> >> >>>    mechanism described can be used both in CDNI and single Content
>> >> >>>    Delivery Network (CDN) scenarios.
>> >> >>>
>> >> >>>
>> >> >>> The IETF datatracker status page for this draft is:
>> >> >>> https://datatracker.ietf.org/doc/draft-ietf-cdni-uri-signing/
>> >> >>>
>> >> >>> There is also an htmlized version available at:
>> >> >>>
>> https://datatracker.ietf.org/doc/html/draft-ietf-cdni-uri-signing-22
>> >> >>>
>> >> >>> A diff from the previous version is available at:
>> >> >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-uri-signing-22
>> >> >>>
>> >> >>>
>> >> >>> Internet-Drafts are also available by anonymous FTP at:
>> >> >>> ftp://ftp.ietf.org/internet-drafts/
>> >> >>>
>> >> >>>
>> >> >>> _______________________________________________
>> >> >>> CDNi mailing list
>> >> >>> CDNi@ietf.org
>> >> >>> https://www.ietf.org/mailman/listinfo/cdni
>> >> >
>> >> > _______________________________________________
>> >> > CDNi mailing list
>> >> > CDNi@ietf.org
>> >> > https://www.ietf.org/mailman/listinfo/cdni
>>
>

v2.23.0 | Report a Bug | By Email