Re: [CDNi] Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 06 July 2016 15:55 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8CDF12D60C; Wed, 6 Jul 2016 08:55:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VjFVtMwrvnbI; Wed, 6 Jul 2016 08:55:54 -0700 (PDT)
Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEA6212D1AD; Wed, 6 Jul 2016 08:55:54 -0700 (PDT)
Received: by mail-vk0-x233.google.com with SMTP id m127so249956720vkb.3; Wed, 06 Jul 2016 08:55:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pqgBAWLxYEqwCEFCe0IQAc4jYwkR6LAEbDv2qh0gDkE=; b=vv4Nvqrbaz2P0Sh+V8KLT3WLE6dK4IZ7nFEU/QMsYRc6jDDXsOzQ2WWAZsSkwTCoi+ ReDeW6v4g73Re5YXPt9siumlvHgKCKPiMasoYxr2NROvQ7+yfNHX+4t8l1VEEpD0BcGL 0U2xPFC3IuYi0JJ0rYeOBaffoBA+mkrgcvpWih9lSKCN+v3T7i4BjV3hcK3aYREqpJvV xpg5DXky4s0D5YpDMvmuBTPqzFgzny83w5CErTFz+kHcwq5TheR2xyc3Bv1Nooz+OE+W DVCVq6nldf/4/s8i0vpRDJVNiz0k5aFdfV/TlMkNcMNLqKv+3PZOfZKsz1T0PiRHk0PK 18Yw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pqgBAWLxYEqwCEFCe0IQAc4jYwkR6LAEbDv2qh0gDkE=; b=lK1UPH24UOXHqixOhTEd0yVTQn7H8A1itbz2Xc0CJ8JnQLH0lCFrLUTsUpJwlIxAer fbr+Q9FeZzIZPBXCN1M7jxgp5iftlaxmRActy4vfUZjajc+jPA7t6Ce7kLaq4GgCGpIU 282M99zhwElSbIERWxKK6fqbL/eoY/ZYGRcoOE5fS9GmCJyn9b8yQWxUS4+itJPu+WOA O+620ZQI1Vzfrf5o6tN+bm6UO1hNpKnzghWHaXDbAGLXNfH3psIIdjKHe6GqOBFHYnYN 8XC9a9njSUiP446Peg1AAKnGZ9nzDkjV5hnfSPGL0VYvbUSOtvcjSOr5eOVoKyloHvDb 7qNQ==
X-Gm-Message-State: ALyK8tI9FOk+AdLVJXNylc94/lC/O+wrKWI+K27ah3bYRGocaQZNXJtIOiEv9vEWfpMIgyvBoEe9KdOUFOZ+8A==
X-Received: by 10.159.39.193 with SMTP id b59mr8665668uab.109.1467820553801; Wed, 06 Jul 2016 08:55:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.37.104 with HTTP; Wed, 6 Jul 2016 08:55:53 -0700 (PDT)
In-Reply-To: <A419F67F880AB2468214E154CB8A556206E47F1C@eusaamb103.ericsson.se>
References: <20160705200035.22399.13041.idtracker@ietfa.amsl.com> <A419F67F880AB2468214E154CB8A556206E462E8@eusaamb103.ericsson.se> <CAHbuEH4d38vsVfnCFbxj48j=KEJZGFjh7gXJ0bEt4iBvsm4Cag@mail.gmail.com> <A419F67F880AB2468214E154CB8A556206E464A4@eusaamb103.ericsson.se> <CAHbuEH5Bgxr=z_gy_m6_vc4pXVbrHmod_WtRQJLh19hnii=oXw@mail.gmail.com> <A419F67F880AB2468214E154CB8A556206E47F1C@eusaamb103.ericsson.se>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 06 Jul 2016 11:55:53 -0400
Message-ID: <CAHbuEH7AsAV0pRsn_4oW04s-tY1BK1C1vB=opW5RxEb3W7RA6Q@mail.gmail.com>
To: Kevin Ma J <kevin.j.ma@ericsson.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/bqiPXqSh0uZlQl_zjUgwP8hwPKk>
Cc: "flefauch@cisco.com" <flefauch@cisco.com>, "cdni@ietf.org" <cdni@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-cdni-metadata@ietf.org" <draft-ietf-cdni-metadata@ietf.org>, "cdni-chairs@ietf.org" <cdni-chairs@ietf.org>
Subject: Re: [CDNi] Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2016 15:55:59 -0000
On Wed, Jul 6, 2016 at 11:14 AM, Kevin Ma J <kevin.j.ma@ericsson.com> wrote: > Hi Kathleen, > > Will do. Thank you. > > thanx. > > -- Kevin J. Ma > >> -----Original Message----- >> From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com] >> Sent: Wednesday, July 06, 2016 10:13 AM >> To: Kevin Ma J >> Cc: The IESG; draft-ietf-cdni-metadata@ietf.org; cdni-chairs@ietf.org; >> flefauch@cisco.com; cdni@ietf.org >> Subject: Re: Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata- >> 18: (with COMMENT) >> >> Hi Kevin, >> >> These threats sound important enough to include now. Can you add a >> paragraph about these threats? >> >> Thanks, >> Kathleen >> >> On Tue, Jul 5, 2016 at 4:39 PM, Kevin Ma J <kevin.j.ma@ericsson.com> >> wrote: >> > Hi Kathleen, >> > >> > I think that if an attacker could remove any of the ACL metadata, you >> could enable service in different regions, at different times, and to >> different end points, possibly in violation of the content owner's >> distribution rights (and possibly causing the content owner to incur >> excess delivery charges); but I would expect a premium content provider to >> have a DRM system outside the CDN delivery that enforces licensing >> restrictions and otherwise prevents hijacking the service as part of a >> criminal enterprise. We will look at updating the threats in the next >> revision. >> > >> > thanx! >> > >> > -- Kevin J. Ma >> > >> >> -----Original Message----- >> >> From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com] >> >> Sent: Tuesday, July 05, 2016 4:17 PM >> >> To: Kevin Ma J >> >> Cc: The IESG; draft-ietf-cdni-metadata@ietf.org; cdni-chairs@ietf.org; >> >> flefauch@cisco.com; cdni@ietf.org >> >> Subject: Re: Kathleen Moriarty's No Objection on draft-ietf-cdni- >> metadata- >> >> 18: (with COMMENT) >> >> >> >> On Tue, Jul 5, 2016 at 4:06 PM, Kevin Ma J <kevin.j.ma@ericsson.com> >> >> wrote: >> >> > Hi Kathleen, >> >> > >> >> > Thanks for the review. Could you expand on your thoughts wrt >> >> billing/theft? I think the idea for billing was that it would be based >> on >> >> the logging data, not metadata. DoS against metadata could prevent the >> >> content delivery and therefore prevent content owners and CDNs from >> >> recognizing revenue, but I'm not sure if that's the theft angle to >> which >> >> you refer? >> >> >> >> I was wondering if there were attacks possible other than DoS. I was >> >> surprised I didn't see any related to theft of service if there was a >> >> way to do that with metadata. I didn't realize logging information >> >> was used for billing and had assumed metadata would wind up being >> >> logged and could cause an issue. If that's not possible, that's fine >> >> and that's why I just included this question as a comment. >> >> >> >> Thanks, >> >> Kathleen >> >> >> >> >> >> > >> >> > thanx! >> >> > >> >> > -- Kevin J. Ma >> >> > >> >> >> -----Original Message----- >> >> >> From: Kathleen Moriarty [mailto:Kathleen.Moriarty.ietf@gmail.com] >> >> >> Sent: Tuesday, July 05, 2016 4:01 PM >> >> >> To: The IESG >> >> >> Cc: draft-ietf-cdni-metadata@ietf.org; cdni-chairs@ietf.org; >> >> >> flefauch@cisco.com; cdni@ietf.org >> >> >> Subject: Kathleen Moriarty's No Objection on draft-ietf-cdni- >> metadata- >> >> 18: >> >> >> (with COMMENT) >> >> >> >> >> >> Kathleen Moriarty has entered the following ballot position for >> >> >> draft-ietf-cdni-metadata-18: No Objection >> >> >> >> >> >> When responding, please keep the subject line intact and reply to >> all >> >> >> email addresses included in the To and CC lines. (Feel free to cut >> this >> >> >> introductory paragraph, however.) >> >> >> >> >> >> >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss- >> >> criteria.html >> >> >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> >> >> >> >> >> >> The document, along with other ballot positions, can be found here: >> >> >> https://datatracker.ietf.org/doc/draft-ietf-cdni-metadata/ >> >> >> >> >> >> >> >> >> >> >> >> -------------------------------------------------------------------- >> -- >> >> >> COMMENT: >> >> >> -------------------------------------------------------------------- >> -- >> >> >> >> >> >> I can see why unauthorized access to content isn't a concern since >> this >> >> >> draft is just about the metadata, but wouldn't billing/theft be a >> >> >> possible avenue of attack to be listed as a consideration through >> >> >> alterations of the metadata? >> >> >> >> >> > >> >> >> >> >> >> >> >> -- >> >> >> >> Best regards, >> >> Kathleen >> >> >> >> -- >> >> Best regards, >> Kathleen -- Best regards, Kathleen
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kevin Ma J
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kevin Ma J
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kevin Ma J
- [CDNi] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty