[CDNi] Stephen Farrell's Discuss on draft-ietf-cdni-metadata-18: (with DISCUSS and COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Wed, 06 July 2016 12:10 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cdni@ietf.org
Delivered-To: cdni@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CDFB12D5C2; Wed, 6 Jul 2016 05:10:28 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.25.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160706121028.7876.62515.idtracker@ietfa.amsl.com>
Date: Wed, 06 Jul 2016 05:10:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/aoU5LRB7mK5MZxe-YZ3Dd4Xs1ho>
Cc: flefauch@cisco.com, cdni@ietf.org, draft-ietf-cdni-metadata@ietf.org, cdni-chairs@ietf.org
Subject: [CDNi] Stephen Farrell's Discuss on draft-ietf-cdni-metadata-18: (with DISCUSS and COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2016 12:10:28 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-cdni-metadata-18: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cdni-metadata/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (1) I don't get the model for telling a dCDN that the user agent has to have authenticated or that some authorization is needed before content is to be delivered. Can you explain? For example, neither 4.2.5 nor 4.2.7 tell me how to do anything but allow open-access, and the relevant IANA registry (section 7.4) is empty, so I'm puzzled. (2) 6.5: I think you're missing a MUST in the list here. I'd suggest something like: "5. Describe the security and privacy (for the person/user-agent, not only xCDN) consequences of the extension." I'm assuming that we agree that it'd be a bad idea if e.g. some extension were defined that allowed a uCDN tell a dCDN to try to track and report on all of a user's activities. (Or at least, that'd need to be documented/justified.) ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - general: I agree with Ben's discuss about use of TLS. I also wonder if IPsec is really going to be used here. And even if so, you might be better off to say that TLS with mutual-auth SHOULD be used in all cases. - general: Don't you need some guidance for the dCDN to say when to stop following (what might be circular) links? - general: I think it'd be better if the examples given used https in all cases, assuming we do think that'd be better. And if it'd not be better, saying why would I think be good. - 1.2, last para: I don't get what this is saying. What additional things need specifying? If all you mean is that the dCDN and uCDN need to be able to setup TLS sessions, and hence need to agree on what CAs and ciphersuites to use, then maybe just say that. (You do already refer to RFC7525 so most of that is covered there I think.) - 4.1.1: I don't think I-JSON requires that order be preserved, but you seem to need that here, e.g. if a tCDN decodes and re-encodes, or if a uCDN round-trips a data structure. Is there a missing "MUST preserve order" somewhere? - 4.1.x, 4.2.x, 4.3.x: I wonder if the specification is a bit too loose in places here, e.g. what does "$$" mean in 4.1.5 and why is that special? In the same section I also wasn't clear if "/movies/" is the same as "/movies/*" or not, nor if you consider that "/movies/*" does or doesn't match "/movies/1/2/3". Isn't a reference needed in 4.3.4? I'd guess that a lot of this is close enough that implementations will likely get a lot, but not all, of this right, and that that might lead to corner-cases where interop isn't so good. Improving that would seem like a good idea, but perhaps it's better to wait and see what deployments do and then tidy this up? Not sure. In reading I spotted a number of places where such things occurred to me (but didn't write them all down, sorry;-). - 6.8: I didn't follow this, sorry;-) I assume it's considered clear enough for implementers, so feel free to ignore me, but I didn't get how to know whether or not e.g. ".v2.2.2" is newer than ".v2" or ".fixed-v1". - 8.3: did the WG consider (possibly future) uses of JOSE to provide e2e security from uCDN to dCDN even via tCDN? I'm ok that you don't define that now, but wondered, as it seems like a fairly obvious thing to want. (To this security nerd anyway:-) I also wondered the same for 8.4, but I get that that'd be less likely of widespread utility. If using IPsec to security inter-CDN links, something like JOSE would seem to me to add quite a bit of value, if the CDNs insist on not using TLS.
- Re: [CDNi] Stephen Farrell's Discuss on draft-iet… Ben Niven-Jenkins
- Re: [CDNi] Stephen Farrell's Discuss on draft-iet… Kevin Ma J
- Re: [CDNi] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [CDNi] Stephen Farrell's Discuss on draft-iet… Kevin Ma J
- [CDNi] Stephen Farrell's Discuss on draft-ietf-cd… Stephen Farrell