Re: [CDNi] Alissa Cooper's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
Ben Niven-Jenkins <ben@niven-jenkins.co.uk> Tue, 12 July 2016 21:37 UTC
Return-Path: <ben@niven-jenkins.co.uk>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DC7B12D9B6; Tue, 12 Jul 2016 14:37:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FcBXEVU3bYpQ; Tue, 12 Jul 2016 14:37:33 -0700 (PDT)
Received: from mailex.mailcore.me (smtp.123-reg.co.uk [94.136.40.63]) by ietfa.amsl.com (Postfix) with ESMTP id 7A4B012D9B4; Tue, 12 Jul 2016 14:37:33 -0700 (PDT)
Received: from [217.155.121.38] (helo=[172.16.16.31]) by smtp04.mailcore.me with esmtpa (Exim 4.80.1) (envelope-from <ben@niven-jenkins.co.uk>) id 1bN5Mx-0007U1-RT; Tue, 12 Jul 2016 22:37:32 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Ben Niven-Jenkins <ben@niven-jenkins.co.uk>
In-Reply-To: <A419F67F880AB2468214E154CB8A556206E4BA35@eusaamb103.ericsson.se>
Date: Tue, 12 Jul 2016 22:37:29 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <02B8B269-CE61-4196-A93D-7ECDF72BC6DE@niven-jenkins.co.uk>
References: <20160706215244.26808.95926.idtracker@ietfa.amsl.com> <A419F67F880AB2468214E154CB8A556206E4BA35@eusaamb103.ericsson.se>
To: Kevin Ma J <kevin.j.ma@ericsson.com>
X-Mailer: Apple Mail (2.2098)
X-Mailcore-Auth: 9600544
X-Mailcore-Domain: 172912
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/UWRZ37TyneAUnhi2zDvpqnJ6F6o>
Cc: "cdni@ietf.org" <cdni@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-cdni-metadata@ietf.org" <draft-ietf-cdni-metadata@ietf.org>, "cdni-chairs@ietf.org" <cdni-chairs@ietf.org>
Subject: Re: [CDNi] Alissa Cooper's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2016 21:37:35 -0000
Alissa, Kevin, > On 7 Jul 2016, at 20:52, Kevin Ma J <kevin.j.ma@ericsson.com> wrote: >> From: Alissa Cooper [mailto:alissa@cooperw.in] >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> - Sec 4.2.2.1: It seems odd to me that deny is the default given that >> footprints are mandatory to specify. It seems like if footprints are >> going to be specified, the more common case would be to specify >> footprints where access is allowed, rather than where access is not >> allowed. > > This is a fair point. I believe the thinking was that, anyone who wants to set a restriction (LocationACL, TimeWindowACL, or ProtocolACL) is concerned about making sure that content does not go out under certain conditions, so the safest thing to do is have a default deny and require an explicit allow (so that an errant omission does not violate any license agreement). From a message verbosity perspective, you are probably correct that a default of allow would be more efficient. I could be persuaded either way. LocationRules (within LocationACLs) align with TimeWindowRules and ProtocolRules with a default of deny. I’d like to keep them aligned as having different semantics for different ACL rules based on type of ACL is bound to lead to implementations getting it wrong. I think the best choice is to fail closed (default deny). As software will be producing the on the wire format, failing closed IMO gives a higher chance of the buggy implementation being caught & fixed. I don’t consider verbosity to be a worthwhile goal to optimise for in this case, the difference is minimal and if response size is a concern compress over the wire with Accept-Encoding: gzip Ben
- Re: [CDNi] Alissa Cooper's No Objection on draft-… Kevin Ma J
- [CDNi] Alissa Cooper's No Objection on draft-ietf… Alissa Cooper
- Re: [CDNi] Alissa Cooper's No Objection on draft-… Ben Niven-Jenkins