Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt
Kevin Ma <kevin.j.ma.ietf@gmail.com> Wed, 10 November 2021 18:07 UTC
Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 537843A1230 for <cdni@ietfa.amsl.com>; Wed, 10 Nov 2021 10:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z_5KDf7hGxOL for <cdni@ietfa.amsl.com>; Wed, 10 Nov 2021 10:06:57 -0800 (PST)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AE503A122B for <cdni@ietf.org>; Wed, 10 Nov 2021 10:06:57 -0800 (PST)
Received: by mail-pl1-x62a.google.com with SMTP id k4so3655781plx.8 for <cdni@ietf.org>; Wed, 10 Nov 2021 10:06:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DB+MuiXWsWs6rLb5DVxXllbaz11r85OFK/AMkAajxsA=; b=gN8ShOoPOSbym4REaLgzXtKHRpC4ZdzBfwdu5lpZfU+WyZZ280SKEZxqY5dGlM2fnT GVMtvjw5XfLLYNPrcBA6/jKEtBgy4vIZ2Oc8Q4a/0B40yWd5dCfKgBI+C6MZoYNCCcoW LroFsG20lVCupuo3hxwmWshY08W7onpiHW888C4qcvwlzkY+M2bXHDKW9Ncr2e0trT6k L5m8Jn7b2qjKPBzkCKR85JkkD+9z+tQy/CLwVQXTOc7gdCQ0D33mo6KdhQHAwW5nwPl9 jhmUR4V2Tv1UMvez2sdxEKlpvt6rcXkbx/AzrbvlTbwt9rtcoEewW2q61ZKXG1RkTtHk Qo/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DB+MuiXWsWs6rLb5DVxXllbaz11r85OFK/AMkAajxsA=; b=jJ+DLjy57Lkqv671DH2+7jvUXAkgx6RqKy/bC766FiJTtdAjJ/BrXzElxYoglJcTag A+NaAJ5ncBpudegWgAGq1cwKLHd6Z2gcBtOyAGiQjdjs1JmMaC9w8xG20tPX8DIqnmhx D3Z4Qgu1VN4PG4ywGHDw82syLLBrGyLE2/nK//YLWWfGYZ6QgYwrfHBoILgoBHnR6PGp T+knX3aML+T2ybLJS2XuYc9zvuqAJcAGuPXopwOW704Jr4cf/3oRV81koo+mQBgMEpFV xlHWmWHeupQXId3kcdw4vnYXJslSS5BWRyh3AlfHHIHsUPPfrdOGBSt20dOQ+FvUUymn u+hw==
X-Gm-Message-State: AOAM531Vn/w8Xid6L2fqlCw+bRhKS/pYSvqcyXCIRjyfYtzBeOJWtIZu CNfDrgS//BfOZoXDaWO9iCQM1ArOwi1SqizynDk=
X-Google-Smtp-Source: ABdhPJzXgf2Hg8++2KCiAENnCw1Uv5tVk1Z6lOlzl1QKa87ft8Yy7BzvA4oNJTvcLmNTo1zC80i9XBtZWiRZv5+7nT8=
X-Received: by 2002:a17:90b:4a83:: with SMTP id lp3mr19231103pjb.242.1636567615736; Wed, 10 Nov 2021 10:06:55 -0800 (PST)
MIME-Version: 1.0
References: <163520346940.2076.13669341839825557305@ietfa.amsl.com> <CAMrHYE0tCc8idgi0-Fp+bcykW==Sv-FkqsqNmRMS19jgESqj8g@mail.gmail.com> <CABF6JR1UvFsBTS4EpUnGJ=Frxdvb=PSDqu9BHY9R=RPH3ZPh=Q@mail.gmail.com> <CAJEGKNtajKcuPtHOSdGZXQzTsi4jM50+CDr3GM8vGH=p5Ehg3g@mail.gmail.com> <CABF6JR3R_eOXWJzE_45nkZY+VE6qy7urpr0AigjR1hZQOPBFyQ@mail.gmail.com> <CAJEGKNtUm8bC5R_0yFBM+45uk0yuyyAMRCAD8i1w2qGXy3anig@mail.gmail.com> <CAMrHYE1NsUEuMq1MirkypjToBAq-Ddq8-dUMrk73o9+p39G_=w@mail.gmail.com>
In-Reply-To: <CAMrHYE1NsUEuMq1MirkypjToBAq-Ddq8-dUMrk73o9+p39G_=w@mail.gmail.com>
From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Date: Wed, 10 Nov 2021 13:06:44 -0500
Message-ID: <CAMrHYE0QHn6Ag6bqxV3h3WkHe91ypL4P1x7t2Vo2MBNMigQTRQ@mail.gmail.com>
To: Chris Lemmons <alficles@gmail.com>
Cc: Phil Sorber <sorber@apache.org>, "<cdni@ietf.org>" <cdni@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000630d9f05d07317f5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/LcUte1QGXJ0F8ubg0u9AFOxb4cI>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 18:07:02 -0000
note: we could also use direct section references... On Wed, Nov 10, 2021 at 1:05 PM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote: > Thanks for the text Chris, > > Is there a reason to only reference 3.2.8 and not 3.2.9 for form-style > parameters? > > There is some redundancy in the MUSTs. What about: > > The URI Signing Package will be found by parsing any path-style parameters > [RFC6570] and form-style parameters [RFC6570] looking for a key name > matching the URI Signing Package Attribute. Both path-style parameters > (generated in the form indicated by Section 3.2.7 of [RFC6570]) and > form-style parameters (generated in the form indicated by Sections 3.2.8 > and 3.2.9 of [RFC6570]) MUST be supported. The first matching parameter > SHOULD be taken to provide the signed JWT, though providing more than one > matching key is undefined behavior. > > thanx! > > -- Kevin J. Ma > > On Wed, Nov 10, 2021 at 2:38 AM Chris Lemmons <alficles@gmail.com> wrote: > >> To save a click, here's the text: >> >> The URI Signing Package will be found by parsing any path-style >> parameters and >> form-style parameters looking for a key name matching the URI Signing >> Package Attribute. >> Both parameter styles MUST be supported to allow flexibility of operation. >> The first matching parameter SHOULD be taken to provide the signed >> JWT, though providing >> more than one matching key is undefined behavior. Path-style >> parameters generated in the >> form indicated by Section 3.2.7 of [RFC6570] MUST be supported. >> Form-style parameters generated in the form indicated by Section 3.2.8 >> of [RFC6570] >> MUST be supported. >> >> The last two sentences are what I'm proposing we add. This was the >> simplest variation I could come up with that doesn't add a whole bunch >> of construction rules to this document, but provides at least one >> clear MUST-accept implementation for each style that allows a dCDN to >> be certain that it knows how to find the URIs. >> >> On Tue, Nov 9, 2021 at 8:46 AM Phil Sorber <sorber@apache.org> wrote: >> > >> > Thanks, I merged two of these, but I think we should have a little more >> time to think on #72 before we merge it, just because it's been so debated >> and I don't want to keep changing it. >> > >> > On Tue, Nov 9, 2021 at 1:01 AM Chris Lemmons <alficles@gmail.com> >> wrote: >> >> >> >> Fixes for nits, regrettably also including the same ones you just >> >> fixed in 69: https://github.com/PSUdaemon/URISigningSpec/pull/70 >> >> >> >> Updates that I _think_ fix the weird figure text? I'm not certain this >> >> is the best way to do it, but the existing way looks odd. Look at the >> >> diff linked earlier and check out the figure titles. >> >> https://github.com/PSUdaemon/URISigningSpec/pull/71 >> >> >> >> The much-belated text I promised a while back on 6570: >> >> https://github.com/PSUdaemon/URISigningSpec/pull/72 >> >> >> >> On Mon, Nov 8, 2021 at 7:55 PM Phil Sorber <sorber@apache.org> wrote: >> >> > >> >> > https://github.com/PSUdaemon/URISigningSpec/pull/69 >> >> > >> >> > On Sat, Nov 6, 2021 at 10:02 PM Kevin Ma <kevin.j.ma.ietf@gmail.com> >> wrote: >> >> >> >> >> >> Hi Phil, >> >> >> >> >> >> Thanks for getting the updated draft out. A couple typos/nits: >> >> >> >> >> >> - section 2.1.10: "for example in" -> "for example, in" >> >> >> - section 3.2.1: "MAY bt" -> "MAY be" >> >> >> - section 4: "after and access" -> "after an access" >> >> >> - section 4.4: remove "against the key issuer with" >> >> >> - section 5.2: "Sigbned" -> "Signed" >> >> >> >> >> >> -- Kevin J. Ma >> >> >> >> >> >> >> >> >> On Mon, Oct 25, 2021 at 7:12 PM <internet-drafts@ietf.org> wrote: >> >> >>> >> >> >>> >> >> >>> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> >> >>> This draft is a work item of the Content Delivery Networks >> Interconnection WG of the IETF. >> >> >>> >> >> >>> Title : URI Signing for Content Delivery Network >> Interconnection (CDNI) >> >> >>> Authors : Ray van Brandenburg >> >> >>> Kent Leung >> >> >>> Phil Sorber >> >> >>> Filename : draft-ietf-cdni-uri-signing-22.txt >> >> >>> Pages : 42 >> >> >>> Date : 2021-10-25 >> >> >>> >> >> >>> Abstract: >> >> >>> This document describes how the concept of URI Signing supports >> the >> >> >>> content access control requirements of Content Delivery Network >> >> >>> Interconnection (CDNI) and proposes a URI Signing method as a >> JSON >> >> >>> Web Token (JWT) profile. >> >> >>> >> >> >>> The proposed URI Signing method specifies the information >> needed to >> >> >>> be included in the URI to transmit the signed JWT, as well as >> the >> >> >>> claims needed by the signed JWT to authorize a User Agent >> (UA). The >> >> >>> mechanism described can be used both in CDNI and single Content >> >> >>> Delivery Network (CDN) scenarios. >> >> >>> >> >> >>> >> >> >>> The IETF datatracker status page for this draft is: >> >> >>> https://datatracker.ietf.org/doc/draft-ietf-cdni-uri-signing/ >> >> >>> >> >> >>> There is also an htmlized version available at: >> >> >>> >> https://datatracker.ietf.org/doc/html/draft-ietf-cdni-uri-signing-22 >> >> >>> >> >> >>> A diff from the previous version is available at: >> >> >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-uri-signing-22 >> >> >>> >> >> >>> >> >> >>> Internet-Drafts are also available by anonymous FTP at: >> >> >>> ftp://ftp.ietf.org/internet-drafts/ >> >> >>> >> >> >>> >> >> >>> _______________________________________________ >> >> >>> CDNi mailing list >> >> >>> CDNi@ietf.org >> >> >>> https://www.ietf.org/mailman/listinfo/cdni >> >> > >> >> > _______________________________________________ >> >> > CDNi mailing list >> >> > CDNi@ietf.org >> >> > https://www.ietf.org/mailman/listinfo/cdni >> >
- [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22… internet-drafts
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Phil Sorber
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Chris Lemmons
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Phil Sorber
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Chris Lemmons
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Chris Lemmons