Re: [CDNi] Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
Kevin Ma J <kevin.j.ma@ericsson.com> Tue, 05 July 2016 20:46 UTC
Return-Path: <kevin.j.ma@ericsson.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BAF312D555; Tue, 5 Jul 2016 13:46:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id agtCzX1s3sT8; Tue, 5 Jul 2016 13:46:09 -0700 (PDT)
Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D69B012B03C; Tue, 5 Jul 2016 13:39:50 -0700 (PDT)
X-AuditID: c618062d-f79886d000002334-8e-577c107e6e74
Received: from EUSAAHC002.ericsson.se (Unknown_Domain [147.117.188.78]) by usplmg20.ericsson.net (Symantec Mail Security) with SMTP id 1A.0E.09012.E701C775; Tue, 5 Jul 2016 21:54:39 +0200 (CEST)
Received: from EUSAAMB103.ericsson.se ([147.117.188.120]) by EUSAAHC002.ericsson.se ([147.117.188.78]) with mapi id 14.03.0294.000; Tue, 5 Jul 2016 16:39:48 -0400
From: Kevin Ma J <kevin.j.ma@ericsson.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
Thread-Index: AQHR1vfms+qd+Y96XEeTeZbe0McEZaAKQrmwgABGq4D//8ILYA==
Date: Tue, 05 Jul 2016 20:39:47 +0000
Message-ID: <A419F67F880AB2468214E154CB8A556206E464A4@eusaamb103.ericsson.se>
References: <20160705200035.22399.13041.idtracker@ietfa.amsl.com> <A419F67F880AB2468214E154CB8A556206E462E8@eusaamb103.ericsson.se> <CAHbuEH4d38vsVfnCFbxj48j=KEJZGFjh7gXJ0bEt4iBvsm4Cag@mail.gmail.com>
In-Reply-To: <CAHbuEH4d38vsVfnCFbxj48j=KEJZGFjh7gXJ0bEt4iBvsm4Cag@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.9]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIIsWRmVeSWpSXmKPExsUyuXSPn269QE24wdK1vBZHWn8xWjyd/YfV 4vKZiYwW/xacZrKY8Wcis0XDznwHNo8pvzeyeuycdZfdY8mSn0wBzFFcNimpOZllqUX6dglc GbMu7mUpuKBaseRXN0sD4xWVLkZODgkBE4mfjz8yQthiEhfurWfrYuTiEBI4yihx99QxZghn GaPEuRvr2UGq2AS0JB5//csEYosIWEisaf4G1sEs8IxRYtqx42AJYYE4iZefFwIlOICK4iWW LVeAMJ0kru7KB6lgEVCROHb9PQuIzSvgK7Hl0EuoxWcYJdZP/sMEUs8pEChx+30ESA0j0HHf T60Bm84sIC5x68l8JoijBSSW7DnPDGGLSrx8/I8VwlaU2Nc/nR1kDLOApsT6XfoQrYoSU7of skOsFZQ4OfMJywRGsVlIps5C6JiFpGMWko4FjCyrGDlKiwtyctONDDYxAiPqmASb7g7G+9M9 DzEKcDAq8fAu+FodLsSaWFZcmXuIUYKDWUmEd7pETbgQb0piZVVqUX58UWlOavEhRmkOFiVx XrFHiuFCAumJJanZqakFqUUwWSYOTqkGxubFepxP7+v0x4jvzJd3YWJ31XpzfbW24wvPANU8 DrGF+fe5ftlUp73LPnhDInifQpGT87pLFvcUT7h9OzfjAofm4rpnC89ma1Z7+B176ZX2P+ry fGGr6luc5zlnBx2Y7RcfGSA8kWvb0xcfkndqfK+5fb45xSg86tDPS8fvHOw+Y3Ztq9H9JUos xRmJhlrMRcWJAJXKW/OkAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/O4IsiO6v_Dhuk48VG8r3EZQQEh4>
Cc: "flefauch@cisco.com" <flefauch@cisco.com>, "cdni@ietf.org" <cdni@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-cdni-metadata@ietf.org" <draft-ietf-cdni-metadata@ietf.org>, "cdni-chairs@ietf.org" <cdni-chairs@ietf.org>
Subject: Re: [CDNi] Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2016 20:46:10 -0000
Hi Kathleen, I think that if an attacker could remove any of the ACL metadata, you could enable service in different regions, at different times, and to different end points, possibly in violation of the content owner's distribution rights (and possibly causing the content owner to incur excess delivery charges); but I would expect a premium content provider to have a DRM system outside the CDN delivery that enforces licensing restrictions and otherwise prevents hijacking the service as part of a criminal enterprise. We will look at updating the threats in the next revision. thanx! -- Kevin J. Ma > -----Original Message----- > From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com] > Sent: Tuesday, July 05, 2016 4:17 PM > To: Kevin Ma J > Cc: The IESG; draft-ietf-cdni-metadata@ietf.org; cdni-chairs@ietf.org; > flefauch@cisco.com; cdni@ietf.org > Subject: Re: Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata- > 18: (with COMMENT) > > On Tue, Jul 5, 2016 at 4:06 PM, Kevin Ma J <kevin.j.ma@ericsson.com> > wrote: > > Hi Kathleen, > > > > Thanks for the review. Could you expand on your thoughts wrt > billing/theft? I think the idea for billing was that it would be based on > the logging data, not metadata. DoS against metadata could prevent the > content delivery and therefore prevent content owners and CDNs from > recognizing revenue, but I'm not sure if that's the theft angle to which > you refer? > > I was wondering if there were attacks possible other than DoS. I was > surprised I didn't see any related to theft of service if there was a > way to do that with metadata. I didn't realize logging information > was used for billing and had assumed metadata would wind up being > logged and could cause an issue. If that's not possible, that's fine > and that's why I just included this question as a comment. > > Thanks, > Kathleen > > > > > > thanx! > > > > -- Kevin J. Ma > > > >> -----Original Message----- > >> From: Kathleen Moriarty [mailto:Kathleen.Moriarty.ietf@gmail.com] > >> Sent: Tuesday, July 05, 2016 4:01 PM > >> To: The IESG > >> Cc: draft-ietf-cdni-metadata@ietf.org; cdni-chairs@ietf.org; > >> flefauch@cisco.com; cdni@ietf.org > >> Subject: Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata- > 18: > >> (with COMMENT) > >> > >> Kathleen Moriarty has entered the following ballot position for > >> draft-ietf-cdni-metadata-18: No Objection > >> > >> When responding, please keep the subject line intact and reply to all > >> email addresses included in the To and CC lines. (Feel free to cut this > >> introductory paragraph, however.) > >> > >> > >> Please refer to https://www.ietf.org/iesg/statement/discuss- > criteria.html > >> for more information about IESG DISCUSS and COMMENT positions. > >> > >> > >> The document, along with other ballot positions, can be found here: > >> https://datatracker.ietf.org/doc/draft-ietf-cdni-metadata/ > >> > >> > >> > >> ---------------------------------------------------------------------- > >> COMMENT: > >> ---------------------------------------------------------------------- > >> > >> I can see why unauthorized access to content isn't a concern since this > >> draft is just about the metadata, but wouldn't billing/theft be a > >> possible avenue of attack to be listed as a consideration through > >> alterations of the metadata? > >> > > > > > > -- > > Best regards, > Kathleen
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kevin Ma J
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kevin Ma J
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kevin Ma J
- [CDNi] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty