Re: [CDNi] Response to Liaison Statement on URI Signing
Kevin Ma J <kevin.j.ma@ericsson.com> Tue, 15 December 2015 17:49 UTC
Return-Path: <kevin.j.ma@ericsson.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38A301A90BD for <cdni@ietfa.amsl.com>; Tue, 15 Dec 2015 09:49:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.201
X-Spam-Level:
X-Spam-Status: No, score=-6.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FXfnLjJWyiUq for <cdni@ietfa.amsl.com>; Tue, 15 Dec 2015 09:49:23 -0800 (PST)
Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D5D01A9114 for <cdni@ietf.org>; Tue, 15 Dec 2015 09:49:23 -0800 (PST)
X-AuditID: c618062d-f79d16d000001b1c-4a-567051e3d0ca
Received: from EUSAAHC006.ericsson.se (Unknown_Domain [147.117.188.90]) by usplmg20.ericsson.net (Symantec Mail Security) with SMTP id 62.FF.06940.3E150765; Tue, 15 Dec 2015 18:46:11 +0100 (CET)
Received: from EUSAAMB103.ericsson.se ([147.117.188.120]) by EUSAAHC006.ericsson.se ([147.117.188.90]) with mapi id 14.03.0248.002; Tue, 15 Dec 2015 12:49:21 -0500
From: Kevin Ma J <kevin.j.ma@ericsson.com>
To: Ben Niven-Jenkins <ben@niven-jenkins.co.uk>
Thread-Topic: [CDNi] Response to Liaison Statement on URI Signing
Thread-Index: AdE2lBu7d05r8E4UT/O4koQZbwRotQA89wyAAApUfdAAFCpUcA==
Date: Tue, 15 Dec 2015 17:49:21 +0000
Message-ID: <A419F67F880AB2468214E154CB8A556206C237A0@eusaamb103.ericsson.se>
References: <A419F67F880AB2468214E154CB8A556206C200FE@eusaamb103.ericsson.se> <EFE4F02E-BA4A-4239-A3D9-5192AA9B74A0@niven-jenkins.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.10]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrLLMWRmVeSWpSXmKPExsUyuXRPlO7jwIIwg+NPLS0WnJvAZvF09h9W ByaPJUt+Mnn8vD6JMYApissmJTUnsyy1SN8ugSvj9cGJrAUrKiu2dB9gbmCcUdbFyMkhIWAi se9zGwuELSZx4d56ti5GLg4hgSOMEt2b9zBCOMsZJXr7vjGDVLEJaEk8/vqXqYuRg0NEQF+i 41gxSJhZQFliS/NeRhBbWMBB4v+JfnaIEkeJNb8jQMIiAk4Sc1csYQKxWQRUJS48WcsKYvMK +EocnruEBWJVN6PE2u+72EASjEAHfT+1hglivrjErSfzmSAOFZBYsuc8M4QtKvHy8T9WCFtJ YtLSc6wge5kFNCXW79KHaFWUmNL9kB1il6DEyZlPWCYwis5CMnUWQscsJB2zkHQsYGRZxchR WlyQk5tuZLCJERgJxyTYdHcw3p/ueYhRgINRiYd3g2B+mBBrYllxZe4hRgkOZiUR3vM+BWFC vCmJlVWpRfnxRaU5qcWHGKU5WJTEeRkZGBiEBNITS1KzU1MLUotgskwcnFINjI2uc8R/T8rQ jam4HSlVfX9aC2f6t3ZtobkX/zst3XJaxl+h89b9cw9uc24INTt+amPORdkNa29zrVt83dXm yyePfx+r1yd03a0pPL5Fqkb6wjqprdO6V/Bkhr+WzlvtZXnkFYv6EYm4Rwuv7Xmfc1gwZjrz /Jqen3knovbZc18rX5a5bEfj0TYlluKMREMt5qLiRABQ0/NRgAIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/cdni/WLqiB4E3mt2WDmYSojH7bealJ7A>
Cc: "cdni@ietf.org" <cdni@ietf.org>
Subject: Re: [CDNi] Response to Liaison Statement on URI Signing
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2015 17:49:26 -0000
I cleaned up the draft language - removed "main" or changed "main" -> "CDNI" in all places - used "extension" to refer to Ray's draft - changed "document" -> "draft" in all places - added references to [draft-ietf-cdni-uri-signing] after all mentions of the draft From: Kevin J. Ma From Group: CDNI To: Watanabe Shinji <watanabe@itscj.ipsj.or.jp> To Group: ISO-IEC-JTC1-SC29 Title: Response to request for information on URI Signing 2015-11-02 Response Contact: Kevin J. Ma <kevin.j.ma@ericsson.com> Technical Contact: Ray van Brandenburg <ray.vanbrandenburg@tno.nl> Purpose: In Response Body: The IETF CDNI working group would like to acknowledge our receipt of the MPEG experts liaison letter and careful consideration during the 94th IETF meeting. Having reviewed the Online Multimedia Authorization Protocol Version 1.0 (OMAPv1) specification [2012_09_28_OATC-OMAP_1-0], we understand the proposed scope of usage for CDNI URI Signing to be the only as the Access Token, as returned by the authorization server in step (E) of sections 2.3 and 2.4 of the OMAPv1 specification, to be use solely for authorizing requests to the resource server (i.e., the CDN), as described in steps (F) and (G) of sections 2.3 and 2.4 of the OMAPv1 specification. We agree that this is an exemplary use case for CDNI URI Signing with the Path Pattern Information Element. At the 93rd IETF, the CDNI working group decided to remove text related to signing of segmented content URIs from the CDNI URI Signing draft [draft-ietf-cdni-uri-signing] in response to an IPR disclosure made after the 92nd IETF [minutes-93-cdni]. The removed sections are currently documented in a separate draft [draft-brandenburg-cdni-uri-signing-for-has], as an extension to the CDNI URI signing draft [draft-ietf-cdni-uri-signing]. It should be noted that at this point, that document is regarded as an independent submission and IETF has not made a decision regarding its future status. At the 94th IETF, it was agreed that the Path Pattern Information element was not covered by the IPR disclosure and would be a useful feature for a number of URI Signing use cases, including segmented content [minutes-94-cdni]. Path Pattern support will be reinstated in a future revision of the CDNI URI signing draft [draft-ietf-cdni-uri-signing]. With respect to long-lived tokens, as mentioned in the Security Considerations section (9) of the CDNI URI Signing draft, increasing the token validity period increases the potential for replay attacks, including DoS attacks; however, nothing in the protocol prevents the use of long-lived tokens. With respect to CDNs refreshing tokens, the CDNI working group discussed mechanisms for signaling token refresh between CDNs and felt that the required additional complexity of such a mechanism outweighed the cost of regenerating the tokens. Note: Signaling between CDNs and clients is out-of-scope for CDNI. As mentioned above, chained token support was removed from the CDNI URI Signing draft [draft-ietf-cdni-uri-signing] and there is no plan to reinstate it in the CDNI URI signing draft [draft-ietf-cdni-uri-signing] due to IPR issues. As such, the topic of token regeneration is limited to the extension draft [draft-brandenburg-cdni-uri-signing-for-has]. With respect to name collisions, the current version of the CDNI URI Signing draft [draft-ietf-cdni-uri-signing] only supports query-string-based conveyance of the token. The metadata element "package-attribute" was introduced to allow content service providers (CSPs) to select any query string parameter name they wanted, assuming that CSPs would be in the best position to select a low-collision-probability name; URISigningPackage is only the default name. With respect to consecutive tokens, the CDNI URI Signing mechanism was designed to be stateless, so that consecutive tokens can be retrieved from different delivery nodes. As such, there is no relationship between consecutive tokens and token invalidation is solely based on the Expiry Time information element. The CDNI working group appreciates the MPEG experts' thoughtful input and looks forward to continued collaboration with MPEG experts on URI Signing. Our next meeting: IETF 95, April 3-8 2016, Buenos Aires, Argentina [2012_09_28_OATC-OMAP_1-0] http://www.oatc.us/Portals/_default/Knowledgebase/1/2012_09_28_OATC-OMAP_1-0.pdf [draft-ietf-cdni-uri-signing] https://datatracker.ietf.org/doc/draft-ietf-cdni-uri-signing/ [draft-brandenburg-cdni-uri-signing-for-has] https://datatracker.ietf.org/doc/draft-brandenburg-cdni-uri-signing-for-has/ [minutes-93-cdni] https://www.ietf.org/proceedings/93/minutes/minutes-93-cdni [minutes-94-cdni] https://www.ietf.org/proceedings/94/minutes/minutes-94-cdni > -----Original Message----- > From: Kevin Ma J > Sent: Tuesday, December 15, 2015 12:33 PM > To: 'Ben Niven-Jenkins' > Cc: cdni@ietf.org > Subject: RE: [CDNi] Response to Liaison Statement on URI Signing > > Hi Ben, > > will do. > > thanx! > > -- Kevin J. Ma > > > -----Original Message----- > > From: Ben Niven-Jenkins [mailto:ben@niven-jenkins.co.uk] > > Sent: Tuesday, December 15, 2015 12:29 PM > > To: Kevin Ma J > > Cc: cdni@ietf.org > > Subject: Re: [CDNi] Response to Liaison Statement on URI Signing > > > > Kevin, > > > > Looks fine to me. > > > > Only minor comment I have: At the end of the 3rd paragraph include a > > reference to [draft-ietf-cdni-uri-signing] to make really clear which > > document is the "main URI signing draft”. > > > > Ben > > > > > On 14 Dec 2015, at 20:07, Kevin Ma J <kevin.j.ma@ericsson.com> wrote: > > > > > > Hi All, > > > > > > (as a chair) As per the Open Discussion action item from Yokohama > [1], > > the chairs have worked with Ray to draft a response to the MPEG liaison > > statement on URI Signing [2]. Please find the response below, and feel > > free to send comments to the list. If there are no objections or > > unaddressed comments by December 30th, we will send the official > response > > to MPEG. > > > > > > thanx! > > > > > > -- Kevin J. Ma > > > > > > [1] https://www.ietf.org/proceedings/94/minutes/minutes-94-cdni > > > [2] https://datatracker.ietf.org/liaison/1434/ > > > > > > ----- > > > > > > From: Kevin J. Ma > > >> From Group: CDNI > > > To: Watanabe Shinji <watanabe@itscj.ipsj.or.jp> > > > To Group: ISO-IEC-JTC1-SC29 > > > Title: Response to request for information on URI Signing 2015-11-02 > > > Response Contact: Kevin J. Ma <kevin.j.ma@ericsson.com> > > > Technical Contact: Ray van Brandenburg <ray.vanbrandenburg@tno.nl> > > > Purpose: In Response > > > Body: > > > > > > The IETF CDNI working group would like to acknowledge our receipt of > the > > MPEG experts liaison letter and careful consideration during the 94th > IETF > > meeting. > > > > > > Having reviewed the Online Multimedia Authorization Protocol Version > 1.0 > > (OMAPv1) specification [2012_09_28_OATC-OMAP_1-0], we understand the > > proposed scope of usage for CDNI URI Signing to be the only as the > Access > > Token, as returned by the authorization server in step (E) of sections > 2.3 > > and 2.4 of the OMAPv1 specification, to be use solely for authorizing > > requests to the resource server (i.e., the CDN), as described in steps > (F) > > and (G) of sections 2.3 and 2.4 of the OMAPv1 specification. We agree > > that this is an exemplary use case for CDNI URI Signing with the Path > > Pattern Information Element. > > > > > > At the 93rd IETF, the CDNI working group decided to remove text > related > > to signing of segmented content URIs from the CDNI URI Signing draft > > [draft-ietf-cdni-uri-signing] in response to an IPR disclosure made > after > > the 92nd IETF [minutes-93-cdni]. The removed sections are currently > > documented in a separate draft [draft-brandenburg-cdni-uri-signing-for- > > has], as an extension to the main URI signing document. It should be > noted > > that at this point, that document is regarded as an independent > submission > > and IETF has not made a decision regarding its future status. At the > 94th > > IETF, it was agreed that the Path Pattern Information element was not > > covered by the IPR disclosure and would be a useful feature for a number > > of URI Signing use cases, including segmented content [minutes-94-cdni]. > > Path Pattern support will be reinstated in a future revision of the main > > URI signing draft. > > > > > > With respect to long-lived tokens, as mentioned in the Security > > Considerations section (9) of the CDNI URI Signing draft, increasing the > > token validity period increases the potential for replay attacks, > > including DoS attacks; however, nothing in the protocol prevents the use > > of long-lived tokens. > > > > > > With respect to CDNs refreshing tokens, the CDNI working group > discussed > > mechanisms for signaling token refresh between CDNs and felt that the > > required additional complexity of such a mechanism outweighed the cost > of > > regenerating the tokens. Note: Signaling between CDNs and clients is > out- > > of-scope for CDNI. As mentioned above, chained token support was removed > > from the current CDNI URI Signing draft and there is no plan to > reinstate > > it in the main URI signing document due to IPR issues. As such, the > topic > > of token regeneration is limited to [draft-brandenburg-cdni-uri-signing- > > for-has]. > > > > > > With respect to name collisions, the current version of the CDNI URI > > Signing draft only supports query-string-based conveyance of the token. > > The metadata element "package-attribute" was introduced to allow content > > service providers (CSPs) to select any query string parameter name they > > wanted, assuming that CSPs would be in the best position to select a > low- > > collision-probability name; URISigningPackage is only the default name. > > > > > > With respect to consecutive tokens, the CDNI URI Signing mechanism was > > designed to be stateless, so that consecutive tokens can be retrieved > from > > different delivery nodes. As such, there is no relationship between > > consecutive tokens and token invalidation is solely based on the Expiry > > Time information element. > > > > > > The CDNI working group appreciates the MPEG experts' thoughtful input > > and looks forward to continued collaboration with MPEG experts on URI > > Signing. > > > > > > Our next meeting: IETF 95, April 3-8 2016, Buenos Aires, Argentina > > > > > > [2012_09_28_OATC-OMAP_1-0] > > http://www.oatc.us/Portals/_default/Knowledgebase/1/2012_09_28_OATC- > > OMAP_1-0.pdf > > > [draft-ietf-cdni-uri-signing] https://datatracker.ietf.org/doc/draft- > > ietf-cdni-uri-signing/ > > > [draft-brandenburg-cdni-uri-signing-for-has] > > https://datatracker.ietf.org/doc/draft-brandenburg-cdni-uri-signing-for- > > has/ > > > [minutes-93-cdni] https://www.ietf.org/proceedings/93/minutes/minutes- > > 93-cdni > > > [minutes-94-cdni] https://www.ietf.org/proceedings/94/minutes/minutes- > > 94-cdni > > > > > > > > > > > > _______________________________________________ > > > CDNi mailing list > > > CDNi@ietf.org > > > https://www.ietf.org/mailman/listinfo/cdni
- [CDNi] Response to Liaison Statement on URI Signi… Kevin Ma J
- Re: [CDNi] Response to Liaison Statement on URI S… Ben Niven-Jenkins
- Re: [CDNi] Response to Liaison Statement on URI S… Kevin Ma J
- Re: [CDNi] Response to Liaison Statement on URI S… Kevin Ma J
- Re: [CDNi] Response to Liaison Statement on URI S… Kevin Ma J