Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-12.txt
Kevin Ma <kevin.j.ma.ietf@gmail.com> Fri, 11 November 2022 04:34 UTC
Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E14FAC1524BE for <cdni@ietfa.amsl.com>; Thu, 10 Nov 2022 20:34:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ABnjoABv0JAy for <cdni@ietfa.amsl.com>; Thu, 10 Nov 2022 20:34:20 -0800 (PST)
Received: from mail-oa1-x2d.google.com (mail-oa1-x2d.google.com [IPv6:2001:4860:4864:20::2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E087C14CF10 for <cdni@ietf.org>; Thu, 10 Nov 2022 20:34:20 -0800 (PST)
Received: by mail-oa1-x2d.google.com with SMTP id 586e51a60fabf-13c2cfd1126so4344009fac.10 for <cdni@ietf.org>; Thu, 10 Nov 2022 20:34:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=1Unl1hpIWDht8VatpGHtL7qXGrdTMiee1pUQAvm5Z2w=; b=j/INVUkFzRemxiXVcuLTz5ktzqECzBvy4F7eqfwc0Ra5iyP6X1srKTy96EtQ7O8S2Z ScScGJ/Rw8Yw4R8d0N+S7OGHo7nRW2E6NEL1MQFO4VPmfPw7wkZ9BBcgoUsEXH3TbL75 CCd/5hbE92JvfsDQlsKG3l+kOfM7itBPvknAN3A8u0Zlk9X0KuYMl/BooRjwfxlVIa0I SiR2NMsaRj2+PNMvQsGxKsiYCpAQVTEHH7BxIc5JeehkIX1yEDeQQEWNprBwuuaueRja mgaT3bNg5YRKJLO/Bp44uwENdCdifKe9liNpR0nQo73mrmtqHMc+y56IEVEI6b7AOmPS 2J2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1Unl1hpIWDht8VatpGHtL7qXGrdTMiee1pUQAvm5Z2w=; b=tAgu4XLAbyt4JCl41Exy3VPGZDr0f+3I/5QwSUF5UY9zys8NAndfT+VK0LebNINJIy 8ZtKIDi735bwEEQiOzkaVtP9ASib2gGcgQRvPQNHdxKnBTPaT2Nsp3JzPraO0lAPGuKR Fs05kQiu2NPar+G/QAzHbwQh6jSz+Sv/W4qmD+BDpl7OouiaKXS6nrqgFHC/gw+7jtuw 7777EW0mUfWM06oSH1iF3jeScvtHv1WgNHfn6o9mk1bPdNc8V0DfBKnkpcH4I3wms/lQ 2bhXr+tXuV/6HBBuJFwWJCmkSZBpTSTj0vh9/j3tM1yiQfeD57dwuwtfkfYth8OEfHNa ExxA==
X-Gm-Message-State: ACrzQf01ZpqJxcx9lXC56qMifOEZnP7jfnqMCcWr6gQ8bTaw5llpM6ux pER0dBUiIFBBtbsAZTsE5XnzGq4StruDD2p1g0XKU9OMryc=
X-Google-Smtp-Source: AMsMyM6YoqAOTrbn2Sd6BfTn1IZYrgwXyhbhmlDX3P7pZIV77c+bxCeCVtc4TCnL5h04qMmUXg4rX8EJd6eC5h9CAiI=
X-Received: by 2002:a05:6871:4399:b0:13b:5ffe:ff70 with SMTP id lv25-20020a056871439900b0013b5ffeff70mr2767962oab.171.1668141258661; Thu, 10 Nov 2022 20:34:18 -0800 (PST)
MIME-Version: 1.0
References: <166653280725.26704.12110287413167260743@ietfa.amsl.com>
In-Reply-To: <166653280725.26704.12110287413167260743@ietfa.amsl.com>
From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Date: Thu, 10 Nov 2022 23:34:07 -0500
Message-ID: <CAMrHYE23-10XUu8giV8HrOTOseRygsMaOY51br5Q60KvgOScnA@mail.gmail.com>
To: cdni@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002865ec05ed2a67f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/fAsFttlWDxs0i3PemY6S90Mqj0c>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-12.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2022 04:34:22 -0000
Hi Frederic, Thanks for updating the draft. I've reviewed it and provided some comments below. Most are nits, but please note the section 3.2 and section 5 comments. thanx! -- Kevin J. Ma Abstract: - "RFC 9115 allows delegating entity" -> "RFC9115 allows delegating entities" section 1: - "In such case" -> "In such cases," section 3: - "uCDN delegates a dCDN" -> "uCDN delegates to a dCDN" section 3.1: - I suggest changing the object name to just "ACMEDelegation" - "STAR and non-STAR delegation objects" -> "STAR and non-STAR delegation" - "several properties as shown below" -> "the properties shown below" - the Source object reference could point to section 4.2.1.1 of RFC8006 - "TimeWindow" property name should be "time-window" - the TimeWindow object reference could point to section 4.2.3.2 of RFC8006 - "TimeWindow is defined by defining \"start\" time of the window, and \"end\" time of the window" -> "TimeWindow is defined by a window \"start\" time and a window \"end\" time" - "In case of" -> "In the case of the" (in both places) - the Time object reference could point to section 4.3.4 of RFC8006 (in both places) - remove "In the case that the delegation is STAR-based, the following properties are mandatory to specify:", this statement is redundant, it's already stated in the Mandatory-to-Specify text section 3.2: - I suggest changing this to be section 3.1.1 to keep it with the metadata object specification - ACME-delegation is defined as a Source object, but this just shows a URL string? A Source object requires "endpoints" and "protocol". - TimeWindow is defined as a TimeWindow object, where the start and end are Time objects (i.e., integer epoch values), but this uses ISO8601 time strings? - The HostMatch/HostMetadata example is superfluous section 4.1: - "Interface: MI" -> "Interface: MI/FCI" section 5: - The security considerations could do a better job explaining the the nature of the data held in the metadata object and what happens if it is compromised. It currently just says the delegation objects are "critical", but I'm not sure what that means. If an attacker get the information, what can they do with it, if anything? I would ultimately expect a reference to section 8.3 of RFC8006, as that is what actually protects CDNI Metadata. - "Section 3are" -> "Section 3 are" On Sun, Oct 23, 2022 at 9:46 AM <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Content Delivery Networks Interconnection > WG of the IETF. > > Title : CDNI extensions for HTTPS delegation > Authors : Frédéric Fieau > Emile Stephan > Sanjay Mishra > Filename : draft-ietf-cdni-interfaces-https-delegation-12.txt > Pages : 11 > Date : 2022-10-23 > > Abstract: > This document defines metadata objects to support delegating the > delivery of HTTPS content between two or more interconnected CDNs. > Specifically, this document defines CDNI Metadata interface objects > to enable delegation of X.509 certificates leveraging delegation > schemes defined in RFC9115. RFC 9115 allows delegating entity to > remain in full control of the delegation and be able to revoke it any > time and avoids the need to share private cryptographic key material > between the involved entities. > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-cdni-interfaces-https-delegation/ > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-cdni-interfaces-https-delegation-12.html > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-interfaces-https-delegation-12 > > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > _______________________________________________ > CDNi mailing list > CDNi@ietf.org > https://www.ietf.org/mailman/listinfo/cdni >
- [CDNi] I-D Action: draft-ietf-cdni-interfaces-htt… internet-drafts
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… frederic.fieau
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… frederic.fieau
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… Kevin Ma