IETF Logo Mail Archive

Re: [CDNi] Request for feedback on the 3 SVTA drafts presented at IETF116

Kevin Ma <kevin.j.ma.ietf@gmail.com> Tue, 05 September 2023 02:27 UTC

Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF9EDC14CE22 for <cdni@ietfa.amsl.com>; Mon, 4 Sep 2023 19:27:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Equm0Nxv7pN1 for <cdni@ietfa.amsl.com>; Mon, 4 Sep 2023 19:27:27 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CB12C14CF17 for <cdni@ietf.org>; Mon, 4 Sep 2023 19:27:27 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id 2adb3069b0e04-4ff09632194so3417695e87.2 for <cdni@ietf.org>; Mon, 04 Sep 2023 19:27:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1693880845; x=1694485645; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=irOldvKP1sOhSqILoYOxprcJwyTmKigNDAmbbyLDtyM=; b=WeFFVjh/HTLVpz6e/em8mZWk9uuRQvW7G9DwCo1KP2rlK7dR/GUWmMCNa5LW0POOw1 8P4hLQU7flQaMbT0xoARrs2VoOEHCui0ATsAVvb/E+rEizkneFpY/MgiIgpRJejIlBxf EKzg3nAQC4zk6nf44hkh6vyW3u2wrEIqzpiVoFCmQ7LU8kiUtfP+vHkU8kB07nwHslhi bonvld+jdjcy5Nn7Injb6HEX5+LYGQI4qUaGCTvNLmKBSwidCnKHVsO4vMOKZsm36wSc 5TntkOaOr46l7hsHKvhmK8wrS9K608Q72wQkHN8pLtb6bxSp5yHUDSw9losV7TGRxanR rrRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693880845; x=1694485645; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=irOldvKP1sOhSqILoYOxprcJwyTmKigNDAmbbyLDtyM=; b=VO8LgcNcJFZpaG9h6/QlmEyyPn5+hi6MXE/P7TdBtCWXUG/qBIHNTRoyoeNPLt89FC 2GiGxsiF+2wShGah5eRgCYl2webuJPVnganQPfuZ8DFJSxwJcMBsJ40gmpcv8r+2Nfmb zM17AP/2j50/XCgzqL/5l+OdQTJ8iwPjQSe18jthekdFjU8ub5IRRy4UTTR0WpfJmphZ aEkabcvZ5MWpvQdFcSpWIU76WkZL1SlSsHh6bBdITBPqJEofvZght9H/ztlJpsgT+uGh Xhe2BFpKgWmKvexzPKwLGh1RVdF0Y1r1WDxzLmX7t+frxWEF+hV6/AsJulr6TRqdgwfu 4Vkg==
X-Gm-Message-State: AOJu0YxW0lOt0O8Tz5swhxMy7lr0EY8dQcg7z/XXGs+ofqTIE17wY4cP jmFu3Cm270gjD/LCRhgukMecnXeN6uflLhafRohHENTzOTQ=
X-Google-Smtp-Source: AGHT+IEfTDUTu7S5wIkXK48fI24+7u4a2LAlR7F1y1z8wj5yxwUtdWihaLmANSJPKChT1hCNhSFYiQBZKd53taE/o+o=
X-Received: by 2002:a19:5005:0:b0:500:d8d6:fbe4 with SMTP id e5-20020a195005000000b00500d8d6fbe4mr7000541lfb.49.1693880844972; Mon, 04 Sep 2023 19:27:24 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR02MB70867C5B19194F6DA6C3CD3AEF6A9@MN2PR02MB7086.namprd02.prod.outlook.com>
In-Reply-To: <MN2PR02MB70867C5B19194F6DA6C3CD3AEF6A9@MN2PR02MB7086.namprd02.prod.outlook.com>
From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Date: Mon, 04 Sep 2023 22:27:13 -0400
Message-ID: <CAMrHYE1gUUfx7ga23eaCuVfX=nP7jo-gK1+QoQNgx-5PFqhhdg@mail.gmail.com>
To: "Goldstein, Glenn" <Glenn.Goldstein=40lumen.com@dmarc.ietf.org>
Cc: "cdni@ietf.org" <cdni@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000e76cb0604935e07"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/lLgCraM5c0oHLU-aMSq77enM2i4>
Subject: Re: [CDNi] Request for feedback on the 3 SVTA drafts presented at IETF116
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Sep 2023 02:27:28 -0000

Hi All,

  (as an individual) I read through the protected secrets draft and have
included some comments below.

thanx!

--  Kevin J. Ma

- abstract: "for ... that may be embedded" -> "to embed ..."

- section 1: "in both the FCI and MI" -> "in both the CDNI FCI and MI"

- section 1: "(support defined in this draft is specifically for HashiCorp
Vault), which are accessed via a specified path and a key ID. Refer to
HashiCorp Vault documentation for details." -> "(e.g., HashCorp Vault
[reference])."  -- i'm not sure if we should really make a reference to a
specific implementation here; could we describe it more generically as "and
external key management system"?  counter argument: if we're going to
create a registry and register HashCorp Vault, then it's probably fine.

- section 1: remove duplicate "uCDN issues a GET to receive an
advertisement with FCI.SecretStore and FCI.SecretCertificate. As the uCDN
has not yet provided a certificate, any embedded secret values in the
advertisement are omitted."

- section 1: "uCDN issues a GET to receive an advertisement" -> "The uCDN
receives an advertisement" - CDNI FCI (currently) is a push interface via
ALTO.

- section 1: "any embedded secret values in the advertisement are omitted"
- i think this could use a little bit more explicit explanation, e.g., the
dCDN is not yet able to encrypt the secrets, so no secrets are provided.

- section 1: "uCDN issues a PUT to publish a configuration" -> "The uCDN
publishes a configuration" - CDNI MI (currently) is a pull interface;
alternately, this could be an invalidation/prepositioning trigger?

- section 1: remove " The configuration also contains MI.SecretStore and
MI.SecretCertificate." ?

- section 1: "uCDN issues a GET to receive" -> "The uCDN receives"

- section 1: "the advertisement SHOULD now contain populated MI.SecretValue
objects where necessary" - again, i think some addition context would help
here, bothas to why secrets "SHOULD" now be populated, and why the
qualifier "where necessary" is necessary

- section 1: a sequence diagram might help here.

- section 1: is "MI.LoggingTransportS3API" in a separate, yet to be adopted
draft?  we may want to remove this to remove the forward reference.

- section 3.1, "secret-store-type" type: should probably quote
"MI.SecretStoreTypeEmbedded" and "MI.SecretStoreTypeVault"

- section 3.1: should there be a registry for secret-store-types?

- section 3.1: why is "secret-certificate-id" in the MI.SecretStore object
and not in the MI.SecretStoreTypeEmbedded object if it is
MI.SecretStoreTypeEmbedded-specific?

- section 3.1: the example is duplicated in 3.2; can probably remove this
one

- section 3.2: should there be a registry for formats?

- section 3.2: there is probably going to need to be must stronger wording
around the usage (or prohibition thereof) of "cleartext"

- section 3.3: is "MI.SecretStoreTypeVault" HashiCorp Vault specific?  is
there a way to make it generic to support AWS KMS, GCP KMS, and/or Azure
Key Vault?  alternately, should the object name be made HashiCorp-specific?

- section 3.3: is there a reference for the definition of "namespace" and
"version"?

- section 3.4, "secret-store-id" description: "The linked" -> "The ID of
the"

- section 3.4: should we have separate objects for embedded secrets and
HashiCorp Vault?  it seems odd to mix "secret-value" and "secret-path" in
the same object.

- section 3.4, does one of either "secret-value" or "secret-path" have to
be specified?  the MtSs both say no, but it doesn't make sense to let them
both be blank?

- section 3.4, "timeout" description: "the specified duration" -> "this
timeout"

- section 3.4, "timeout" description: "should be discarded" -> "MUST be
discarded" or "SHOULD be discarded" ?

- section 3.5: "(CA)and" -> "(CA) and"

- section 4: I don't think we need to register separate types for FCI.  If
the "FCI.*" object is identical to the corresponding "MI.*" object, this is
just registry bloat?  there's nothing that says a "capability-type" must
start with "FCI."; you can just use the MI payload types, as long as it is
clear how to deserialize it.

- section 5: the SVTA2038 reference gives a 404.  again, i'm wondering if
there is a way to make the proposed metadata objects extensible to other
methods/services.

- section 5: remove duplicate "When the recipient of a secret provides an
updated configuration that no longer contains an MI.SecretCertificate with
an ID referenced in MI.SecretStore used by MI.SecretValue objects, those
MI.SecretValue objects SHOULD be reduced to an object with no contained
secret-value property as they would be in the initial state before any
certificate had been provided."

- section 5: "in MI.SecretStore" -> "in an MI.SecretStore"

- section 5: a sequence diagram might help

- section 5.1: remove duplicate "The uCDN advertises FCI.SecretStore with a
store-type of MI.SecretStoreTypeEmbedded; other FCI objects may contain
MI.SecretValue objects that reference the store-id. MI.SecretValue objects
that do not presently contain a secret-value property."

- section 5.1: "MI.SecretValue objects that do not presently contain a
secret-value property" - this is an incomplete sentence?

- section 5.1: a sequence diagram might help

- section 5.2: remove duplicate "The uCDN advertises an
FCI.SecretCertificate."

- section 5.2: a sequence diagram might help

- section 5.3: remove duplicate "An MI.SecretStoreTypeEmbedded has a
defined format of "cleartext"."

- section 5.3: a sequence diagram might help

- section 5.4: the uCDN should use MI to provide config to a dCDN?

- section 5.4: the dCDN should use FCI to advertise to a uCDN?

- section 7.1: this obviously needs to be filled out.



On Thu, Apr 27, 2023 at 1:16 PM Goldstein, Glenn <Glenn.Goldstein=
40lumen.com@dmarc.ietf.org> wrote:

> We received a good chunk of comments from Kevin on the Cache Control
> Metadata draft (
> https://datatracker.ietf.org/doc/draft-power-cdni-cache-control-metadata/),
> and have addressed all the issues for the update that we will submit prior
> to IETF117.
>
>
>
> It would be very helpful if we could also get some feedback from the CDNI
> WG on the other 2 drafts:
>
>
> https://datatracker.ietf.org/doc/draft-rosenblum-cdni-protected-secrets-metadata/
>
> https://datatracker.ietf.org/doc/draft-siloniz-cdni-edge-control-metadata/
>
>
>
> thanks,
>
> Glenn
>
>
> This communication is the property of Lumen Technologies and may contain
> confidential or privileged information. Unauthorized use of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please immediately notify the sender
> by reply e-mail and destroy all copies of the communication and any
> attachments.
> _______________________________________________
> CDNi mailing list
> CDNi@ietf.org
> https://www.ietf.org/mailman/listinfo/cdni
>

v2.23.0 | Report a Bug | By Email