IETF Logo Mail Archive

Re: [CDNi] URI Signing Signed Token Chaining refactor

"Kevin J. Ma" <kevin.j.ma.ietf@gmail.com> Wed, 19 July 2017 14:35 UTC

Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D1051318A3 for <cdni@ietfa.amsl.com>; Wed, 19 Jul 2017 07:35:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vvf35QlNQrTq for <cdni@ietfa.amsl.com>; Wed, 19 Jul 2017 07:35:28 -0700 (PDT)
Received: from mail-qt0-x244.google.com (mail-qt0-x244.google.com [IPv6:2607:f8b0:400d:c0d::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E24A131B8F for <cdni@ietf.org>; Wed, 19 Jul 2017 07:35:28 -0700 (PDT)
Received: by mail-qt0-x244.google.com with SMTP id l55so481514qtl.3 for <cdni@ietf.org>; Wed, 19 Jul 2017 07:35:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=XSIbWrS5RMPHgNK919krANe0dK5VqZ37OXKumOInm5Q=; b=b6C5JODTH/7ybryrTyC1BZwMqH114SUnElUUtdJ0QhZ8f6h/5fGKKBfmpDNQDuY9uX YGJSqYjv70kJgEElPd3BdVIsKLMAq/4NM2mUPKNHG0VhzSpgU/y8vZptaI7JwnjkHhRf hbRJR/yjr5nmiCsrFedSSjXAw0Xf7V3zrYmJrUX1eH0kA4KONBTFnqorEAYBGMNhaJBj oGU5a4tnCTnx7fvYHZ95DwfkdnoY8KouRda9eVIJNb9d2+Pz3QnxiZxlno1bpoDNRTfO 0n2qydca/PzVNyn3vewl6ZR1bXkZHSWFOaf6gCEa+fjwNQkfpG65mWdmyToikHvvIAbe 3g5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=XSIbWrS5RMPHgNK919krANe0dK5VqZ37OXKumOInm5Q=; b=XTGy/Nh8D7G5JCfbNzWsDiM+KMTNCpp3mgG5iIN0YEzdlGJcuPazuRLUOPjUGRE/sT QgAyKb0Gd4sH2X3Uc8CxPOQY0Ws1h8IBAY8DvQDWAugMqItbIh+0sIe9Ny8rzgn0mFA2 rIANSZ87DYGCudphRPjsd8bt77z5XXvxVDkPwYjbyqd0ujYD1GFJgeFTBFOinVLzxtzX CFfflFXNa3nezTyi2vxFF64japvhIHSYwonLJESHGTSPODWrfU63ZF2lWAQewY834dTn /5UoMgFN86a0WsH4Pzhsy+FqDSgqf6YyrOg6KGJ1WsPbiBQxlstSdwXKidNbpPNy6AHK IZ8g==
X-Gm-Message-State: AIVw113HFyJSpzaFPZE1ncLga9/OpEMRIb48xtk+CxWkmVLDYFLoV1Du er5mBwXHYHjRyg==
X-Received: by 10.237.56.135 with SMTP id k7mr475572qte.134.1500474927554; Wed, 19 Jul 2017 07:35:27 -0700 (PDT)
Received: from [172.20.20.20] ([73.61.19.153]) by smtp.gmail.com with ESMTPSA id c55sm154397qta.8.2017.07.19.07.35.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Jul 2017 07:35:26 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: "Kevin J. Ma" <kevin.j.ma.ietf@gmail.com>
X-Mailer: iPhone Mail (14F89)
In-Reply-To: <f56a1478-2457-6179-619f-b0f38700eaa6@outer-planes.net>
Date: Wed, 19 Jul 2017 10:35:25 -0400
Cc: Ray van Brandenburg <ray@tiledmedia.com>, Phil Sorber <sorber@apache.org>, "cdni@ietf.org" <cdni@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <10AF9851-D7DA-42F8-A8E7-B70D4795E0E1@gmail.com>
References: <CABF6JR3wEfUoCSJ29xQ3n56Ah1EqPnCvkZ4x6W5_cTW8V35Hwg@mail.gmail.com> <7CEB7DDD-7C33-4FD9-93BC-75E5E78AB3C2@gmail.com> <A2FBEA85-BF95-44A4-8E11-97D39C8DCF76@tiledmedia.com> <f56a1478-2457-6179-619f-b0f38700eaa6@outer-planes.net>
To: "Matthew A. Miller" <linuxwolf@outer-planes.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/ffzYWrUcj4CcyCKmL0sh-abGfI4>
Subject: Re: [CDNi] URI Signing Signed Token Chaining refactor
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 14:35:32 -0000

how do you feel about "short-lived token renewal"?

--  Kevin J. Ma

Sent from my iPhone

> On Jul 19, 2017, at 10:27 AM, Matthew A. Miller <linuxwolf@outer-planes.net> wrote:
> 
> Making it (a little bit) more generic makes sense.
> 
> I'm not sure about the name 'Signed Token Chain', but I don't have a
> better one.  In cryptographic circles, "chain" has certain implications
> that this document is not expressing.  The "next" item in the chain is
> supposed to be cryptographically tied to the "previous" item in the
> chain by using (a hash of, or the exact value of) the previous token
> when generating the next token.
> 
> I don't know that that binding property is required here, so I'm not
> suggesting a change in the protocol.  I do worry, however, that the
> language may potentially confuse (or worse, mislead) people about the
> security properties this document is providing.
> 
> 
> - m&m
> 
> Matthew A. Miller
> < http://goo.gl/LM55L >
> 
>> On 7/19/17 4:14 PM, Ray van Brandenburg wrote:
>> Yes, good point!
>> 
>> Although I can’t think of another use case from the top of my head, I don’t see a good reason to limit it to HAS either.
>> 
>> Ray
>> 
>> 
>>> On 19 Jul 2017, at 15:51, Kevin J. Ma <kevin.j.ma.ietf@gmail.com> wrote:
>>> 
>>> (as an individual) I agree with making the section more generic and citing HAS as a use case for token chaining.
>>> 
>>> Sent from my iPhone
>>> 
>>>> On Jul 19, 2017, at 9:43 AM, Phil Sorber <sorber@apache.org> wrote:
>>>> 
>>>> Since we have added the HAS content I have been thinking about how specific we have made it. Perhaps just specifying a method for token chaining, and then citing HAS as a use case makes more sense. I wanted to get some opinions on it before I make those changes. It shouldn't be that big of a change, just taking the HAS specific stuff and putting it in a lower "Use Case" sub-section at the bottom and leaving everything else as a "Signed Token Chaining" section.
>>>> 
>>>> Thoughts?
>>>> 
>>>> Thanks.
>>>> _______________________________________________
>>>> CDNi mailing list
>>>> CDNi@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/cdni
>> 
>

v2.23.0 | Report a Bug | By Email