IETF Logo Mail Archive

Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-09.txt

Kevin Ma <kevin.j.ma.ietf@gmail.com> Tue, 02 August 2022 05:41 UTC

Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9103C157B4C for <cdni@ietfa.amsl.com>; Mon, 1 Aug 2022 22:41:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ykhvITUHV7a8 for <cdni@ietfa.amsl.com>; Mon, 1 Aug 2022 22:41:27 -0700 (PDT)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12739C157B4A for <cdni@ietf.org>; Mon, 1 Aug 2022 22:41:27 -0700 (PDT)
Received: by mail-pg1-x52d.google.com with SMTP id s206so11488607pgs.3 for <cdni@ietf.org>; Mon, 01 Aug 2022 22:41:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M3T3Sk/EftFo2CDNOpSSj2LApYfUA+/5I8dTxk8mLXg=; b=KHOZ0d7+J+OM19XifG6UkLk/q3EcTOE+X00InF6nKqUnAPXX4QZc+z/VqQbSrDiXO9 jDjhlUyEbOXZ9gp43WWOlrDf0Ydf53SBPGHu+8vdflQ+a2toCg340sAKnXD+w0vAhyoP //OoaiSGrXKmsAFEkNLWnJbX4vMxoPDTc2X2n8TggZv0OT0i548vyWnbt+oIJ7j0phEH uAqaXDpXswPjd7PKRgsk2C683qyujErVNZdWkrSyj+Cz8M3iKvouhfYzu59O14/vpMuh I+Omr3J5m5kgonOQj+av3sMTbbeJJV+gARBMXrD1IAtziYY2phtEuzo8rNYAPyQN7M83 Yf/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M3T3Sk/EftFo2CDNOpSSj2LApYfUA+/5I8dTxk8mLXg=; b=MQ5xyjxdaXARqftuxzEmW6OTUZg09uhRkNb31jLYrP7ORhwWKLjLZhaVw9U1oP56t4 MIUybY3dzeFpGFQON1bnO12PFVpraz34n14relMT8MaeAjz4Jzqizfk1V6ovf5tkG2ks 8Enmg1pTWuPatKLLfu6zQ7Qi2Ij3SBWGe4yi02gXXVFaMQ5K08mextwlmzaQ/P/LWy0d DETXwwa+s6yObfZzv65JnQ0QVnmZjqXag3us5x43HN7JJaH2PSaeTz8g+fHn178b8TsE KLhIbtcDlVOHDRuFpZAHjpHD/wAcbUlGVqO8EELIzeWHFAPZa4WH2eYTsPem4XqUOOLp uE7g==
X-Gm-Message-State: ACgBeo0tippsqh/N+dwKJ/zbIk7et33VVViei7fx9B0FYKKwxkCLgLPq Rngb5OaNKO7LyeM6RB/pM17Sa466mfhlDgffR+QrKx1jAoY=
X-Google-Smtp-Source: AA6agR6aYx9VVBaujc02v4C7y4iOQ0mfV6JYv3MLiSO+I3p2/BpZQASddiGAHUk+Pa08DQfQBvnasJL9v/VzZPf0a/E=
X-Received: by 2002:a63:9042:0:b0:41b:b362:157c with SMTP id a63-20020a639042000000b0041bb362157cmr13415586pge.117.1659418885953; Mon, 01 Aug 2022 22:41:25 -0700 (PDT)
MIME-Version: 1.0
References: <165729427993.39080.17406768534072744732@ietfa.amsl.com> <17832_1657300932_62C867C4_17832_349_1_586565583e6246baa836eb4c2eb508dd@orange.com> <CAMrHYE26xNLh=3Z=QyRL61knd9CP=yQ3P58BJgxbXSB+ce7QXw@mail.gmail.com> <CAMrHYE03mco4+aEfTv-xg9Pn_6F_uug9u=+LpoWA0pKMTj3Hvg@mail.gmail.com> <4975_1659364554_62E7E4CA_4975_149_1_8eb79427d9dc4ceb8c197de3127c68f3@orange.com>
In-Reply-To: <4975_1659364554_62E7E4CA_4975_149_1_8eb79427d9dc4ceb8c197de3127c68f3@orange.com>
From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Date: Tue, 02 Aug 2022 01:41:14 -0400
Message-ID: <CAMrHYE0yrhYqthhur8ZgTX5H4tgfCkp92L5Hj0LJQ0PHGXjeBQ@mail.gmail.com>
To: frederic.fieau@orange.com
Cc: "cdni@ietf.org" <cdni@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003b1ee505e53b9159"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/i22ucn_mkYBaAXhgTpxwK1vn8bs>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-09.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2022 05:41:30 -0000

Hi Frederic,

  Thanks for the quick turnaround.

  wrt the comment on section 1, you are adding an entry to an existing
registry; you are not proposing a new registry.  I still don't think that
last sentence is correct.

  wrt section 3, I still don't think the section is necessary.  There's no
need to explain how FCI works.  (Note: The example is also not correct,
"delegation-methods" should be "metadata".)

  wrt the example in section 4, I don't think you need the HostMatch
example, and the ACMEStarDelegationMethod example is still missing the
"generic-metadata-type"
field, which is critical.

  wrt the security considerations, it would be helpful to explain what is
critical about the contents of the ACMEStarDelegationMethod metadata, and
why it should be protected.

thanx.

--  Kevin J. Ma


On Mon, Aug 1, 2022 at 10:35 AM <frederic.fieau@orange.com> wrote:

> Hi Kevin,
>
>
>
> Just posted the last version taking into account your comments.
>
>
>
> Section 1. and 3
>
> We removed FCI.SupportedDelegationMethods,
>
> There is still the MI.AcmeSTarDelegationMEthod object to register. So the
> IANA section is not empty.
>
>
>
> Section 4.1
>
> Removed the explanations of section 4.1 and moved the example at the
> bottom of section 4.
>
>
>
> Section 6.
>
> We added a recommendation  to protect the critical parts of the objects.
>
>
>
> Nits taken into account.
>
>
>
>
>
> Regards,
>
> Frederic
>
>
>
> *De :* Kevin Ma <kevin.j.ma.ietf@gmail.com>
> *Envoyé :* vendredi 29 juillet 2022 15:47
> *À :* FIEAU Frédéric INNOV/NET <frederic.fieau@orange.com>
> *Cc :* cdni@ietf.org
> *Objet :* Re: [CDNi] I-D Action:
> draft-ietf-cdni-interfaces-https-delegation-09.txt
>
>
>
> Hi Frederic,
>
>
>
>   Some comments on the updated draft below.
>
>
>
> thanx!
>
>
>
> --  Kevin J. Ma
>
>
>
> section 1:
>
>   remove "Furthermore, it includes a proposal of IANA registry to enable
> adding of delegation methods."  There is no longer a new registry?
>
>
>
> section 3:
>
>   I don't see any need for a new FCI object.  RFC8008 already has an FCI.Metadata
> object, and MI.AcmeStarDelegationMethod can just be advertised through that
> existing object?
>
>
>
> section 4.1:
>
>   This section seems to mostly just explain how the Metadata interface
> works?  I don't think it is necessary.  I would just remove this section.
>
>   The final example of what a serialized MI.AcmeStarDelegationMethod
> generic metadata object looks like should be in a section 4.2.1 (including
> the generic-metadata-type) and referenced from IANA section 5.1
>
>
>
> section 6:
>
>   If the ACME delegation objects were divulged, what would be the impact?
> Yes, they should be protected by the proper/mandated encryption and
> authentication on the Metadata interface, but I think it is best to
> document what is at stake (if anything)
>
>
>
> nits:
>
> - section 1:
>   "holder of a X.509" -> "a holder of ane X.509"
>   "on-demand a X.509" -> "on-demand an X.509" (multiple places)
>   "use of certificate authority" -> "use of the certificate authority"
>   "an upstream CDN (uCDN) and a downstream CDN (dCDN)" -> "a uCDN and a
> dCDN"
>   "based on mechanism specified" -> "based on the mechanism specified"
>
> - section 4.1:
>   "CDNI Delegation metadata" -> "ACMEStarDelegationMethod metadata" ?
>   "an HostMatch object" -> "a HostMatch object" (multiple places)
>   "The existence of delegation method in the CDNI metadata Object" -> "The
> existence of ACMEStarDelegationMethod in the CDNI metadata"
>   "set of Host" -> "set of Hosts"
>
> - section 4.2:
>   "(i.e. dCDN)" -> "(i.e., the dCDN)"
>   "end-user client, a short-term" -> "end-user client a short-term"
>
> - section 5.1:
>
>   "see Section 5" -> "see Section 4.2.1"
>
>
>
>
>
> On Sat, Jul 9, 2022 at 9:55 AM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote:
>
> Hi Frederic,
>
>
>
>   (As Chair) Thanks for the updated draft.  If we think this is pretty
> close to final, I will start my pre-shepherd review.  I encourage everyone
> to please take a look, as we would like to try and finish up this work by
> IETF 115.
>
>
>
>   I fully support updating the name of the draft to deconflict it from the
> subcerts draft.
>
>
>
> thanx!
>
>
>
> --  Kevin J. Ma
>
>
>
>
>
> On Fri, Jul 8, 2022 at 1:22 PM <frederic.fieau@orange.com> wrote:
>
> Hi all
>
> I've submitted the -09 version of
> draft-ietf-cdni-interfaces-https-delegation-09. Changes are mainly on the
> abstract and introduction.
> Also I would suggest to change the title to : "CDNI metadata for HTTPS
> delegation using Short-Term Automatically Renewed Certificates".
>
> Feel free to comment.
>
> Thank you,
> Regards,
> Frederic
>
>
>
> Orange Restricted
>
> -----Message d'origine-----
> De : CDNi <cdni-bounces@ietf.org> De la part de internet-drafts@ietf.org
> Envoyé : vendredi 8 juillet 2022 17:31
> À : i-d-announce@ietf.org
> Cc : cdni@ietf.org
> Objet : [CDNi] I-D Action:
> draft-ietf-cdni-interfaces-https-delegation-09.txt
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Content Delivery Networks Interconnection
> WG of the IETF.
>
>         Title           : CDNI extensions for HTTPS delegation
>         Authors         : Frederic Fieau
>                           Emile Stephan
>                           Sanjay Mishra
>   Filename        : draft-ietf-cdni-interfaces-https-delegation-09.txt
>   Pages           : 9
>   Date            : 2022-07-08
>
> Abstract:
>    This document defines a new Footprint and Capabilities metadata
>    objects to support HTTPS delegation between two or more
>    interconnected CDNs.  Specifically, this document outlines CDNI
>    Metadata interface objects for delegation method as published in the
>    ACME-STAR document [RFC9115].
>
>
> The IETF datatracker status page for this draft is:
>
> https://datatracker.ietf.org/doc/draft-ietf-cdni-interfaces-https-delegation/
>
> There is also an HTML version available at:
>
> https://www.ietf.org/archive/id/draft-ietf-cdni-interfaces-https-delegation-09.html
>
> A diff from the previous version is available at:
>
> https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-interfaces-https-delegation-09
>
>
> Internet-Drafts are also available by rsync at rsync.ietf.org:
> :internet-drafts
>
>
> _______________________________________________
> CDNi mailing list
> CDNi@ietf.org
> https://www.ietf.org/mailman/listinfo/cdni
>
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations
> confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez
> recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
> electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou
> falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged
> information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and
> delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been
> modified, changed or falsified.
> Thank you.
>
> _______________________________________________
> CDNi mailing list
> CDNi@ietf.org
> https://www.ietf.org/mailman/listinfo/cdni
>
>
>
> Orange Restricted
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
>

v2.23.0 | Report a Bug | By Email