Re: [CDNi] FW: New Version Notification for draft-fieau-interfaces-https-delegation-subcerts-01.txt
Kevin Ma <kevin.j.ma.ietf@gmail.com> Fri, 11 February 2022 06:04 UTC
Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8F883A10A7 for <cdni@ietfa.amsl.com>; Thu, 10 Feb 2022 22:04:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KsjoACdg4w9a for <cdni@ietfa.amsl.com>; Thu, 10 Feb 2022 22:04:22 -0800 (PST)
Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7A8C3A10A3 for <cdni@ietf.org>; Thu, 10 Feb 2022 22:04:13 -0800 (PST)
Received: by mail-pf1-x432.google.com with SMTP id 9so11551113pfx.12 for <cdni@ietf.org>; Thu, 10 Feb 2022 22:04:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UMqWlsnbomHo62rLsh9a0+65py+pyQt+Jiij9IzZSQo=; b=EJGxozvpQcEEmgA7hi0c2L4mA52R9vfa1Gt83A/GAnGZjHi1rg6+BLNEIoPyyXGb1S 0dpKdYrnOHdY1AdcirGRFxFfLB5GPaujeiSv/p7vVqkP0lf8N1rP8AQ5nty2uCmyIGMu ZVJXLfRt3dS/3eF0/LVdRZ1MLVoXRr4z7E/sMh1wXuD/w3CN3taLbiE4ja6rMkHomCnP 6YpzQ2OOLdbyHv4q9MQwtCtm5gRHmMj2ZmJnLgZjP4QKsRZuoYkBMPSJs8SPVlvML0bO TWzzYeTHyMPQvoqAsXQ3zOorNQmTbxs3v/0yYU64pGEtDKK8Ji+WPYY8zg+IO45wIvm3 522A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UMqWlsnbomHo62rLsh9a0+65py+pyQt+Jiij9IzZSQo=; b=auFmTeRDG4rG87ZVdz9oLD3vMtj8euBaU0uwUK8P7uQb1tZ+RXXI+HORO/IFvi4X1a BPbeToaq+YL6ZJFToI0cr4TwAgr50MSYIM7nvPHP8BBtUBJtRtPVFpuKjU8lKw5z3rWz NH/hUsCrGYkKMmA2sOMa5ow1tDxcZR2I92a6bfL5cLOFaeccE2OKnt/RCSn4QhtesjV/ W27H15j+/q9xzkF22UcMSdUwVnsTkZk5oy2nGo8J+DDdRFI1cbhQfn/cInTAxqZa/kPz EwVIBnxmwXnDwFxBNuL7DUqevgBt+GeclqTh3yKsMLkUoeARrfZJBVQdFdlJkBZc4DNL CsXA==
X-Gm-Message-State: AOAM531ozozN8cTnbKOz9m8seW0rVra0eprQVHGN1MLRdmpg4t1lSPcQ sv8pgMAnAPYgsw77woEqwO6NdbzN/lrUaMHGg+EGOOpVW4s=
X-Google-Smtp-Source: ABdhPJxUJ4zsS9+lQ8wcMUCK8ELzpGvwsSAa7I9BgmHu+XNf82691pHznuoR/onG8vdczVwCIG1IiUlalpKcxOdRQWA=
X-Received: by 2002:a63:2a11:: with SMTP id q17mr103646pgq.91.1644559452131; Thu, 10 Feb 2022 22:04:12 -0800 (PST)
MIME-Version: 1.0
References: <164321280803.8419.9611477208216008922@ietfa.amsl.com> <PRAPR10MB5273E44C9F88EBE2882AEBC08F209@PRAPR10MB5273.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <PRAPR10MB5273E44C9F88EBE2882AEBC08F209@PRAPR10MB5273.EURPRD10.PROD.OUTLOOK.COM>
From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Date: Fri, 11 Feb 2022 01:04:01 -0500
Message-ID: <CAMrHYE0TaHxBD7PH7Gc36T6zJWHo4kWQxHCDR4s_mWw0C2Ss1A@mail.gmail.com>
To: Christoph Neumann <Christoph.Neumann@broadpeak.tv>
Cc: "cdni@ietf.org" <cdni@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f4d36f05d7b7d595"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/XRcp4UKha7WBWfA4yL5ddoDjt1E>
Subject: Re: [CDNi] FW: New Version Notification for draft-fieau-interfaces-https-delegation-subcerts-01.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Feb 2022 06:04:32 -0000
Hi Christoph, (As Chair) I think it is fair to call for adoption of the draft, since it was just a split, though I think it would be good to reaffirm that the WG has an appetite for this work, since it has been a while since we agreed to adopt the original draft. If folks could please confirm on the list that they believe TLS subcerts are still useful to support in CDNI, that would be great. (As an Individual) The actual requirements to support TLS subcerts seem pretty minimal (see my comments on the draft below). Assuming the TLS subcerts draft is on track to be published (I see that the AD recently requested a revision), I am in favor of adopting the draft. thanx! -- Kevin J. Ma comments: --------- - does "MI.DelegatedCredentials" need to be defined in this draft? It is not transferred via the MI? is "MI.ConfDelegatedCredentials" sufficient for CDNI's purposes? - in the call flows, it looks like only steps 3 and 4 for "MI.ConfDelegatedCredentials" are related to CDNI? perhaps we could make that even more clear, so that there aren't a lot of questions about the security of what's being proposed? - the draft needs security and privacy sections (the security section gets easier if we are clear that the draft only really defines the " MI.ConfDelegatedCredentials" object which is a simple link and subcerts does all the heavy security lifting; the privacy section gets easier if we remove MI.DelegatedCredentials and let the subvert draft deal with passing around a "private key") On Wed, Jan 26, 2022 at 11:33 AM Christoph Neumann < Christoph.Neumann@broadpeak.tv> wrote: > Dear all, > > I submitted a new version of the draft on CDNI Metadata for Delegated > Credentials (see below). > > As discussed and agreed in the CDNi working group, this draft resulted > from splitting the original CDNi extensions for HTTPS delegation draft > (draft-ietf-cdni-interfaces-https-delegation) into two: > - one that handles STAR/ACME type delegation, which remained in > draft-ietf-cdni-interfaces-https-delegation > - one that handles delegated credentials, described in > draft-fieau-interfaces-https-delegation-subcerts > > The delegated credentials draft is currently handled as an individual > submission, and I would like to ask for adoption of this draft in the CDNi > working group. > > Further, feel free to comment the draft on the mailing list. > > Best regards, > Christoph > > -----Original Message----- > From: internet-drafts@ietf.org <internet-drafts@ietf.org> > Sent: mercredi 26 janvier 2022 17:00 > To: Christoph Neumann <christoph.neumann@broadpeak.tv>; Emile Stephan < > emile.stephan@orange.com>; Frederic Fieau <frederic.fieau@orange.com>; > Guillaume Bichot <guillaume.bichot@broadpeak.tv>; Stephan Emile < > emile.stephan@orange.com> > Subject: New Version Notification for > draft-fieau-interfaces-https-delegation-subcerts-01.txt > > > A new version of I-D, > draft-fieau-interfaces-https-delegation-subcerts-01.txt > has been successfully submitted by Christoph Neumann and posted to the > IETF repository. > > Name: draft-fieau-interfaces-https-delegation-subcerts > Revision: 01 > Title: CDNI Metadata for Delegated Credentials > Document date: 2022-01-26 > Group: Individual Submission > Pages: 9 > URL: > https://www.ietf.org/archive/id/draft-fieau-interfaces-https-delegation-subcerts-01.txt > Status: > https://datatracker.ietf.org/doc/draft-fieau-interfaces-https-delegation-subcerts/ > Htmlized: > https://datatracker.ietf.org/doc/html/draft-fieau-interfaces-https-delegation-subcerts > Diff: > https://www.ietf.org/rfcdiff?url2=draft-fieau-interfaces-https-delegation-subcerts-01 > > Abstract: > The delivery of content over HTTPS involving multiple CDNs raises > credential management issues. This document defines metadata in CDNI > Control and Metadata interface to setup HTTPS delegation using > Delegated Credentials from an Upstream CDN (uCDN) to a Downstream CDN > (dCDN). > > > > > > The IETF Secretariat > > > _______________________________________________ > CDNi mailing list > CDNi@ietf.org > https://www.ietf.org/mailman/listinfo/cdni >
- [CDNi] FW: New Version Notification for draft-fie… Christoph Neumann
- Re: [CDNi] FW: New Version Notification for draft… Kevin Ma
- Re: [CDNi] FW: New Version Notification for draft… Christoph Neumann
- Re: [CDNi] [E] Re: FW: New Version Notification f… Mishra, Sanjay
- Re: [CDNi] FW: New Version Notification for draft… Kevin Ma
- Re: [CDNi] FW: New Version Notification for draft… Christoph Neumann
- Re: [CDNi] FW: New Version Notification for draft… Kevin Ma
- Re: [CDNi] [E] Re: FW: New Version Notification f… Mishra, Sanjay
- Re: [CDNi] FW: New Version Notification for draft… Kevin Ma
- Re: [CDNi] [E] Re: FW: New Version Notification f… Kevin Ma
- Re: [CDNi] FW: New Version Notification for draft… Christoph Neumann
- Re: [CDNi] FW: New Version Notification for draft… Kevin Ma
- Re: [CDNi] FW: New Version Notification for draft… Christoph Neumann
- Re: [CDNi] FW: New Version Notification for draft… Kevin J. Ma