IETF Logo Mail Archive

Re: [CDNi] AD review of draft-ietf-cdni-uri-signing-19

Phil Sorber <sorber@apple.com> Thu, 23 July 2020 21:02 UTC

Return-Path: <sorber@apple.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77EDB3A0DE3; Thu, 23 Jul 2020 14:02:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RMfHt95QUxS5; Thu, 23 Jul 2020 14:02:38 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp01.apple.com (ma1-aaemail-dr-lapp01.apple.com [17.171.2.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C92C3A0DE4; Thu, 23 Jul 2020 14:02:37 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp01.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp01.apple.com (8.16.0.42/8.16.0.42) with SMTP id 06NKrV8Y059247; Thu, 23 Jul 2020 14:02:36 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=XVSxGTrWTIMzH+tATcbKnd/uVsK9LuplhNI1I7Sls0Y=; b=mgNJ2wG4Nnt9Syu/9nWZEZm6deG+8qmeFk+1f0U5udCHxsz7/y330LC5QNuNFtmOAqI2 xPY5+ttri/pVwy+1AbkGi3yuk1KsicR4oUmEeibzsWo8jlHLjD5YYoXPz/gH0b3cdo1+ v6sqqAL320u1fdEP9wmO597MJNq+Dn0BD9hvMDqcxyPXFwnjAtTQm92VG0H2CfxYJ8Wr ZNVZVL9bjkZ/9HA1IJ2QwbuH9t8yU1WpaTwuBoxt3QM9TIQk503IrgepnXcBIsHfJOUd YjIsuxOJefXVcmZPGJxHWwmb1FwZ0r7owXdSugeSB8fiQa4FKeOOzQwwltI9jlmsbtJl cQ==
Received: from ma-mailsvcp-mta-lapp01.corp.apple.com (ma-mailsvcp-mta-lapp01.corp.apple.com [10.226.18.133]) by ma1-aaemail-dr-lapp01.apple.com with ESMTP id 32byr43b8e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 23 Jul 2020 14:02:36 -0700
Received: from ma-mailsvcp-mmp-lapp02.apple.com (ma-mailsvcp-mmp-lapp02.apple.com [17.32.222.15]) by ma-mailsvcp-mta-lapp01.corp.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) with ESMTPS id <0QDX00ZGLX4C8B20@ma-mailsvcp-mta-lapp01.corp.apple.com>; Thu, 23 Jul 2020 14:02:36 -0700 (PDT)
Received: from process_milters-daemon.ma-mailsvcp-mmp-lapp02.apple.com by ma-mailsvcp-mmp-lapp02.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) id <0QDX00700WRFS500@ma-mailsvcp-mmp-lapp02.apple.com>; Thu, 23 Jul 2020 14:02:36 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 5e0758ac758adaea6a44b8b32ea89e72
X-Va-E-CD: 996e75b414d13ba3b8e0002b1fe3be0d
X-Va-R-CD: 4e45050f1583f837acc5d0335f88301e
X-Va-CD: 0
X-Va-ID: c62fd9b7-02c1-4a24-b248-dea19ce8bb0f
X-V-A:
X-V-T-CD: 5e0758ac758adaea6a44b8b32ea89e72
X-V-E-CD: 996e75b414d13ba3b8e0002b1fe3be0d
X-V-R-CD: 4e45050f1583f837acc5d0335f88301e
X-V-CD: 0
X-V-ID: 6adc24ed-d551-438b-9acf-7040b73e3435
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-23_09:2020-07-23, 2020-07-23 signatures=0
Received: from [17.235.117.76] (unknown [17.235.117.76]) by ma-mailsvcp-mmp-lapp02.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) with ESMTPSA id <0QDX00C6CX4A6A00@ma-mailsvcp-mmp-lapp02.apple.com>; Thu, 23 Jul 2020 14:02:36 -0700 (PDT)
From: Phil Sorber <sorber@apple.com>
Message-id: <22DF373A-A2C4-447B-AD47-30CD04476245@apple.com>
Content-type: multipart/signed; boundary="Apple-Mail=_811DC638-8631-4EFB-B4C9-E4282B1DC540"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Thu, 23 Jul 2020 15:02:33 -0600
In-reply-to: <CALaySJL9R-cQHogD+psMD0pd6HpB+3y4o5KqC=b1i63+OOzYtw@mail.gmail.com>
Cc: "draft-ietf-cdni-uri-signing.all@ietf.org" <draft-ietf-cdni-uri-signing.all@ietf.org>, "<cdni@ietf.org>" <cdni@ietf.org>
To: Barry Leiba <barryleiba@computer.org>
References: <CALaySJJkZiRYx16cUYDtD2LU+3qAKMtMB_qY7cwkpQnWMnVMpg@mail.gmail.com> <CALaySJL9R-cQHogD+psMD0pd6HpB+3y4o5KqC=b1i63+OOzYtw@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-23_09:2020-07-23, 2020-07-23 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/MhZP_FszY_I2X9B31JMFZvlkdsg>
Subject: Re: [CDNi] AD review of draft-ietf-cdni-uri-signing-19
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 21:02:46 -0000

Hi,

Sorry for the long delay. I started working through your requested changes, but haven’t had time to finish. Things have been a little weird…

Thank you for following up. I will try to get back to this very shortly.

Thanks.

> On Jul 23, 2020, at 14:59, Barry Leiba <barryleiba@computer.org> wrote:
> 
> What's the status of this document?  It's been about four months since
> my AD review, in "revised I-D needed" substate.
> 
> Barry
> 
> On Fri, Mar 13, 2020 at 1:05 AM Barry Leiba <barryleiba@computer.org> wrote:
>> 
>> Here is my AD review of draft-ietf-cdni-uri-signing-19.  My apologies for taking a couple of weeks to get to this: the IESG has, as you can imagine, been swamped with both heavy telechat schedules because of the impending AD changeover and unexpected craziness with IETF 107 planning and decisions related to the meeting cancellation.
>> 
>> Kevin, thanks so much for a very thorough and excellent shepherd writeup!
>> 
>> A couple of these comments are substantive, so I would like to discuss and resolve them before last call.  I’m going to set the draft’s substate to “revised I-D needed”.
>> 
>> Please expand “CDNI” in the abstract... and possibly in the title as well, though you could wait for the RPC to do that if you prefer.  Please also fully expand “CDN” on its first use in the introduction.
>> 
>> Please replace “UA” in the abstract with “user agent”.
>> 
>>   This document uses the terminology defined in the CDNI Problem
>>   Statement [RFC6707].
>> 
>> I believe that terminology definitions are normative references, so I believe this makes 6707 normative.  Happily, normative downrefs such as this are accepted now, so please make the reference normative and I will make sure it’s called out in the last call notice.
>> 
>> — Section 1.3 —
>> 
>>   With symmetric keys, the same key is
>>   used by both the signing entity for signing the URI as well as by the
>>   verifying entity for verifying the Signed URI.
>> 
>> Nit: Think of “both” as an open parenthesis (and the end of he sentence as the closing one here).  The first “by” is outside the parens (before “both”), but the second is inside, and that’s not parallel.  Make it either “by both the signing entity [...] and the verifying entity” or “both by the signing entity [...] and by the verifying entity”.
>> 
>>   distributed openly (because they cannot be used to sign URIs) and
>>   private keys are kept secret by the URI signer.
>> 
>> I would say “and the corresponding private keys”.
>> 
>> — Section 1.4 —
>> 
>>   While the URI signing method defined in this document was primarily
>>   created for the purpose of allowing URI Signing in CDNI scenarios,
>>   i.e., between a uCDN and a dCDN, there is nothing in the defined URI
>>   Signing method that precludes it from being used in a non-CDNI
>> 
>> As you see here, you capitalize “URI Signing” inconsistently,even in this one paragraph.  Please check the document for consistency in the capitalization: pick one and use it throughout.
>> 
>> — Section 2 —
>> 
>>   HTTP or HTTPS URI [RFC7230] (Section 2.7).
>> 
>> This is a quirk of the tools and not a fault in the draft, but this results in the html version having a clickable link to RFC 7230, and then another clickable link to Section 2.7 of this document (which, of course, isn’t there).  I think if you change this to “HTTP or HTTPS URI (see [RFC7230] Section 2.7)” the generated link will work better.
>> 
>>   o  a reserved character (as defined in [RFC3986] Section 2.2),
>> 
>> Any reserved character?  And the three reserved characters in bullets 1, 3, and 5 can be any three different ones?  I think I know what you mean, but it seems that an implementer who doesn’t could go quite wrong.  Maybe some more words along with these bullets would be better?
>> 
>> [For example, in the URI < http://example.com/content?sign=jwtdatahere&other >, I think that if I strictly implement what you have here I would interpret “example.com/” as the attribute name (because “/“ is a reserved character), “content” as the JWT package, and “?” as the terminating special character.  But you’re looking for something more like “sign” as the attribute name and “jwtdatahere” as the JWT package, yes?]
>> 
>> Also, I don’t see any examples in the draft of a Signed URI, and I think an example or two here of a couple of variations would also help.
>> 
>> — Section 2.1 —
>> Several of the subsections that deal with time values repeat this text exactly:
>> 
>>   Note: The time
>>   on the entities that generate and verify the signed URI SHOULD be in
>>   sync.  In the CDNI case, this means that CSP, uCDN, and dCDN servers
>>   need to be time-synchronized.  It is RECOMMENDED to use NTP [RFC5905]
>>   for time synchronization.
>> 
>> I suggest cleaning this up by moving that note up here to the end of Section 2.1, saying, “Note: When claims related to time are used, the time on the entities...”
>> 
>> — Section 2.1.7 —
>> 
>>   previously seen the nonce used in a request for the same content
>> 
>> This is the only spot where you don’t capitalize “Nonce”.
>> 
>> — Section 2.1.9 —
>> 
>>   This claim MUST be understood and processed by
>>   all implementations.
>> 
>> Section 2.1 already said this about all claims, so why say it here about this one in particular?
>> 
>> — Section 2.1.10 —
>> 
>>   Client IP (cdniip) [optional] - The Client IP (cdniip) claim hold an
>> 
>> Nit: “holds”
>> 
>> — Section 2.1.15 —
>> 
>>   The URI Container (cdniuc) claim takes one of the following forms
>> 
>> This is the only claim definition that doesn’t say “[optional]”.  Should it?
>> 
>> — Section 3.2 —
>> 
>>   the following section defines a mechanism using HTTP Cookies
>> 
>> Please use a specific section xref instead.
>> 
>> — Section 6.7 —
>> Thanks for including advice to the experts.
>> 
>>   Expert Reviewers should be empowered to pass judgements
>>   as they see fit
>> 
>> This is very vague and, to me, implies more capriciousness than I think you really intend.  Can you come up with another way to word this that gives a bit more guidance?  What sorts of judgments are they likely to make?
>> 
>> — Section 7 —
>> 
>>      seconds to prevent a sudden network issues from denying legitimate
>> 
>> Nit: either remove “a” or make it “issue”

v2.23.0 | Report a Bug | By Email