Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-09.txt
Kevin Ma <kevin.j.ma.ietf@gmail.com> Tue, 02 August 2022 05:41 UTC
Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9103C157B4C for <cdni@ietfa.amsl.com>; Mon, 1 Aug 2022 22:41:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ykhvITUHV7a8 for <cdni@ietfa.amsl.com>; Mon, 1 Aug 2022 22:41:27 -0700 (PDT)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12739C157B4A for <cdni@ietf.org>; Mon, 1 Aug 2022 22:41:27 -0700 (PDT)
Received: by mail-pg1-x52d.google.com with SMTP id s206so11488607pgs.3 for <cdni@ietf.org>; Mon, 01 Aug 2022 22:41:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M3T3Sk/EftFo2CDNOpSSj2LApYfUA+/5I8dTxk8mLXg=; b=KHOZ0d7+J+OM19XifG6UkLk/q3EcTOE+X00InF6nKqUnAPXX4QZc+z/VqQbSrDiXO9 jDjhlUyEbOXZ9gp43WWOlrDf0Ydf53SBPGHu+8vdflQ+a2toCg340sAKnXD+w0vAhyoP //OoaiSGrXKmsAFEkNLWnJbX4vMxoPDTc2X2n8TggZv0OT0i548vyWnbt+oIJ7j0phEH uAqaXDpXswPjd7PKRgsk2C683qyujErVNZdWkrSyj+Cz8M3iKvouhfYzu59O14/vpMuh I+Omr3J5m5kgonOQj+av3sMTbbeJJV+gARBMXrD1IAtziYY2phtEuzo8rNYAPyQN7M83 Yf/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M3T3Sk/EftFo2CDNOpSSj2LApYfUA+/5I8dTxk8mLXg=; b=MQ5xyjxdaXARqftuxzEmW6OTUZg09uhRkNb31jLYrP7ORhwWKLjLZhaVw9U1oP56t4 MIUybY3dzeFpGFQON1bnO12PFVpraz34n14relMT8MaeAjz4Jzqizfk1V6ovf5tkG2ks 8Enmg1pTWuPatKLLfu6zQ7Qi2Ij3SBWGe4yi02gXXVFaMQ5K08mextwlmzaQ/P/LWy0d DETXwwa+s6yObfZzv65JnQ0QVnmZjqXag3us5x43HN7JJaH2PSaeTz8g+fHn178b8TsE KLhIbtcDlVOHDRuFpZAHjpHD/wAcbUlGVqO8EELIzeWHFAPZa4WH2eYTsPem4XqUOOLp uE7g==
X-Gm-Message-State: ACgBeo0tippsqh/N+dwKJ/zbIk7et33VVViei7fx9B0FYKKwxkCLgLPq Rngb5OaNKO7LyeM6RB/pM17Sa466mfhlDgffR+QrKx1jAoY=
X-Google-Smtp-Source: AA6agR6aYx9VVBaujc02v4C7y4iOQ0mfV6JYv3MLiSO+I3p2/BpZQASddiGAHUk+Pa08DQfQBvnasJL9v/VzZPf0a/E=
X-Received: by 2002:a63:9042:0:b0:41b:b362:157c with SMTP id a63-20020a639042000000b0041bb362157cmr13415586pge.117.1659418885953; Mon, 01 Aug 2022 22:41:25 -0700 (PDT)
MIME-Version: 1.0
References: <165729427993.39080.17406768534072744732@ietfa.amsl.com> <17832_1657300932_62C867C4_17832_349_1_586565583e6246baa836eb4c2eb508dd@orange.com> <CAMrHYE26xNLh=3Z=QyRL61knd9CP=yQ3P58BJgxbXSB+ce7QXw@mail.gmail.com> <CAMrHYE03mco4+aEfTv-xg9Pn_6F_uug9u=+LpoWA0pKMTj3Hvg@mail.gmail.com> <4975_1659364554_62E7E4CA_4975_149_1_8eb79427d9dc4ceb8c197de3127c68f3@orange.com>
In-Reply-To: <4975_1659364554_62E7E4CA_4975_149_1_8eb79427d9dc4ceb8c197de3127c68f3@orange.com>
From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Date: Tue, 02 Aug 2022 01:41:14 -0400
Message-ID: <CAMrHYE0yrhYqthhur8ZgTX5H4tgfCkp92L5Hj0LJQ0PHGXjeBQ@mail.gmail.com>
To: frederic.fieau@orange.com
Cc: "cdni@ietf.org" <cdni@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003b1ee505e53b9159"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/i22ucn_mkYBaAXhgTpxwK1vn8bs>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-09.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2022 05:41:30 -0000
Hi Frederic, Thanks for the quick turnaround. wrt the comment on section 1, you are adding an entry to an existing registry; you are not proposing a new registry. I still don't think that last sentence is correct. wrt section 3, I still don't think the section is necessary. There's no need to explain how FCI works. (Note: The example is also not correct, "delegation-methods" should be "metadata".) wrt the example in section 4, I don't think you need the HostMatch example, and the ACMEStarDelegationMethod example is still missing the "generic-metadata-type" field, which is critical. wrt the security considerations, it would be helpful to explain what is critical about the contents of the ACMEStarDelegationMethod metadata, and why it should be protected. thanx. -- Kevin J. Ma On Mon, Aug 1, 2022 at 10:35 AM <frederic.fieau@orange.com> wrote: > Hi Kevin, > > > > Just posted the last version taking into account your comments. > > > > Section 1. and 3 > > We removed FCI.SupportedDelegationMethods, > > There is still the MI.AcmeSTarDelegationMEthod object to register. So the > IANA section is not empty. > > > > Section 4.1 > > Removed the explanations of section 4.1 and moved the example at the > bottom of section 4. > > > > Section 6. > > We added a recommendation to protect the critical parts of the objects. > > > > Nits taken into account. > > > > > > Regards, > > Frederic > > > > *De :* Kevin Ma <kevin.j.ma.ietf@gmail.com> > *Envoyé :* vendredi 29 juillet 2022 15:47 > *À :* FIEAU Frédéric INNOV/NET <frederic.fieau@orange.com> > *Cc :* cdni@ietf.org > *Objet :* Re: [CDNi] I-D Action: > draft-ietf-cdni-interfaces-https-delegation-09.txt > > > > Hi Frederic, > > > > Some comments on the updated draft below. > > > > thanx! > > > > -- Kevin J. Ma > > > > section 1: > > remove "Furthermore, it includes a proposal of IANA registry to enable > adding of delegation methods." There is no longer a new registry? > > > > section 3: > > I don't see any need for a new FCI object. RFC8008 already has an FCI.Metadata > object, and MI.AcmeStarDelegationMethod can just be advertised through that > existing object? > > > > section 4.1: > > This section seems to mostly just explain how the Metadata interface > works? I don't think it is necessary. I would just remove this section. > > The final example of what a serialized MI.AcmeStarDelegationMethod > generic metadata object looks like should be in a section 4.2.1 (including > the generic-metadata-type) and referenced from IANA section 5.1 > > > > section 6: > > If the ACME delegation objects were divulged, what would be the impact? > Yes, they should be protected by the proper/mandated encryption and > authentication on the Metadata interface, but I think it is best to > document what is at stake (if anything) > > > > nits: > > - section 1: > "holder of a X.509" -> "a holder of ane X.509" > "on-demand a X.509" -> "on-demand an X.509" (multiple places) > "use of certificate authority" -> "use of the certificate authority" > "an upstream CDN (uCDN) and a downstream CDN (dCDN)" -> "a uCDN and a > dCDN" > "based on mechanism specified" -> "based on the mechanism specified" > > - section 4.1: > "CDNI Delegation metadata" -> "ACMEStarDelegationMethod metadata" ? > "an HostMatch object" -> "a HostMatch object" (multiple places) > "The existence of delegation method in the CDNI metadata Object" -> "The > existence of ACMEStarDelegationMethod in the CDNI metadata" > "set of Host" -> "set of Hosts" > > - section 4.2: > "(i.e. dCDN)" -> "(i.e., the dCDN)" > "end-user client, a short-term" -> "end-user client a short-term" > > - section 5.1: > > "see Section 5" -> "see Section 4.2.1" > > > > > > On Sat, Jul 9, 2022 at 9:55 AM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote: > > Hi Frederic, > > > > (As Chair) Thanks for the updated draft. If we think this is pretty > close to final, I will start my pre-shepherd review. I encourage everyone > to please take a look, as we would like to try and finish up this work by > IETF 115. > > > > I fully support updating the name of the draft to deconflict it from the > subcerts draft. > > > > thanx! > > > > -- Kevin J. Ma > > > > > > On Fri, Jul 8, 2022 at 1:22 PM <frederic.fieau@orange.com> wrote: > > Hi all > > I've submitted the -09 version of > draft-ietf-cdni-interfaces-https-delegation-09. Changes are mainly on the > abstract and introduction. > Also I would suggest to change the title to : "CDNI metadata for HTTPS > delegation using Short-Term Automatically Renewed Certificates". > > Feel free to comment. > > Thank you, > Regards, > Frederic > > > > Orange Restricted > > -----Message d'origine----- > De : CDNi <cdni-bounces@ietf.org> De la part de internet-drafts@ietf.org > Envoyé : vendredi 8 juillet 2022 17:31 > À : i-d-announce@ietf.org > Cc : cdni@ietf.org > Objet : [CDNi] I-D Action: > draft-ietf-cdni-interfaces-https-delegation-09.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Content Delivery Networks Interconnection > WG of the IETF. > > Title : CDNI extensions for HTTPS delegation > Authors : Frederic Fieau > Emile Stephan > Sanjay Mishra > Filename : draft-ietf-cdni-interfaces-https-delegation-09.txt > Pages : 9 > Date : 2022-07-08 > > Abstract: > This document defines a new Footprint and Capabilities metadata > objects to support HTTPS delegation between two or more > interconnected CDNs. Specifically, this document outlines CDNI > Metadata interface objects for delegation method as published in the > ACME-STAR document [RFC9115]. > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-cdni-interfaces-https-delegation/ > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-cdni-interfaces-https-delegation-09.html > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-interfaces-https-delegation-09 > > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > _______________________________________________ > CDNi mailing list > CDNi@ietf.org > https://www.ietf.org/mailman/listinfo/cdni > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez > recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and > delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > > _______________________________________________ > CDNi mailing list > CDNi@ietf.org > https://www.ietf.org/mailman/listinfo/cdni > > > > Orange Restricted > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > >
- [CDNi] I-D Action: draft-ietf-cdni-interfaces-htt… internet-drafts
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… frederic.fieau
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… frederic.fieau
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces… frederic.fieau