IETF Logo Mail Archive

Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-12.txt

frederic.fieau@orange.com Fri, 11 November 2022 11:05 UTC

Return-Path: <frederic.fieau@orange.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94503C1522AB for <cdni@ietfa.amsl.com>; Fri, 11 Nov 2022 03:05:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d7uGto7GzKDq for <cdni@ietfa.amsl.com>; Fri, 11 Nov 2022 03:05:42 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.34]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEB0EC14F738 for <cdni@ietf.org>; Fri, 11 Nov 2022 03:05:41 -0800 (PST)
Received: from opfednr02.francetelecom.fr (unknown [xx.xx.xx.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr20.francetelecom.fr (ESMTP service) with ESMTPS id 4N7wq756vjz1ybd; Fri, 11 Nov 2022 12:05:39 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1668164739; bh=Gd46gFgojjT62TQx+aJXBd4peev2lurOlCKINT+n/N8=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=ZbuEIlfMEGJS++LS08+KtMNy07986EQqa3TdNkjzNI5dxHylEdjDGCvgdD5ZMYVdP hs4pxDilmuBWo3HrZ2voHWld59zipjMfE6ZgpJV0296IdCkO6xQkbkSyHnRG+mG3OD InR3O8m5tv2k9+HLCO4y3FjpJQvJCRU8faiBg7PN9+9U0eaprxk9154mrdzPQcf4pM QVKrY1SLPjLipG+wUe9UP19/LVOtlPQN/hx9oUp1qcTzBKxDfz1i5fx0pHmjTl0jYF ia1Y0yhWzbg/MLCrTBVy6ihGY9YKFiI2o4FhGelyVv9/Dq5WSLVvACUdEKuhy3Hmmi qI3XtJlFRN4Ig==
From: frederic.fieau@orange.com
To: Kevin Ma <kevin.j.ma.ietf@gmail.com>, "cdni@ietf.org" <cdni@ietf.org>
Thread-Topic: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-12.txt
Thread-Index: AQHY5uXopFFvZiJjH0Kzb7MxyoHQ6a45LxyAgAB993A=
Content-Class:
Date: Fri, 11 Nov 2022 11:05:39 +0000
Message-ID: <30253_1668164739_636E2C83_30253_101_1_ef27644aa1084033be0cf8be2d23b7b1@orange.com>
References: <166653280725.26704.12110287413167260743@ietfa.amsl.com> <CAMrHYE23-10XUu8giV8HrOTOseRygsMaOY51br5Q60KvgOScnA@mail.gmail.com>
In-Reply-To: <CAMrHYE23-10XUu8giV8HrOTOseRygsMaOY51br5Q60KvgOScnA@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_SetDate=2022-11-11T11:05:37Z; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Method=Standard; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Name=Orange_restricted_external.2; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ActionId=bea96c8c-30ae-4b54-b7c0-f0678ce05c95; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ContentBits=2
x-originating-ip: [10.115.26.50]
Content-Type: multipart/alternative; boundary="_000_ef27644aa1084033be0cf8be2d23b7b1orangecom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/m4Haf2ThhN7IHZKzsV5qeyMfoL0>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-12.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2022 11:05:46 -0000

Hi Kevin,

Thanks for the review, I'll take into account.

Regards,
Frederic

De : CDNi <cdni-bounces@ietf.org> De la part de Kevin Ma
Envoyé : vendredi 11 novembre 2022 05:34
À : cdni@ietf.org
Objet : Re: [CDNi] I-D Action: draft-ietf-cdni-interfaces-https-delegation-12.txt

Hi Frederic,

  Thanks for updating the draft.  I've reviewed it and provided some comments below.  Most are nits, but please note the section 3.2 and section 5 comments.

thanx!

--  Kevin J. Ma

Abstract:
- "RFC 9115 allows delegating entity" -> "RFC9115 allows delegating entities"

section 1:
- "In such case" -> "In such cases,"

section 3:
- "uCDN delegates a dCDN" -> "uCDN delegates to a dCDN"

section 3.1:
- I suggest changing the object name to just "ACMEDelegation"
- "STAR and non-STAR delegation objects" -> "STAR and non-STAR delegation"
- "several properties as shown below" -> "the properties shown below"
- the Source object reference could point to section 4.2.1.1 of RFC8006
- "TimeWindow" property name should be "time-window"
- the TimeWindow object reference could point to section 4.2.3.2 of RFC8006
- "TimeWindow is defined by defining \"start\" time of the window, and \"end\" time of the window" -> "TimeWindow is defined by a window \"start\" time and a window \"end\" time"
- "In case of" -> "In the case of the" (in both places)
- the Time object reference could point to section 4.3.4 of RFC8006 (in both places)
- remove "In the case that the delegation is STAR-based, the following properties are mandatory to specify:", this statement is redundant, it's already stated in the Mandatory-to-Specify text

section 3.2:
- I suggest changing this to be section 3.1.1 to keep it with the metadata object specification
- ACME-delegation is defined as a Source object, but this just shows a URL string?  A Source object requires "endpoints" and "protocol".
- TimeWindow is defined as a TimeWindow object, where the start and end are Time objects (i.e., integer epoch values), but this uses ISO8601 time strings?
- The HostMatch/HostMetadata example is superfluous

section 4.1:
- "Interface: MI" -> "Interface: MI/FCI"

section 5:
- The security considerations could do a better job explaining the the nature of the data held in the metadata object and what happens if it is compromised.  It currently just says the delegation objects are "critical", but I'm not sure what that means.  If an attacker get the information, what can they do with it, if anything?  I would ultimately expect a reference to section 8.3 of RFC8006, as that is what actually protects CDNI Metadata.
- "Section 3are" -> "Section 3 are"

On Sun, Oct 23, 2022 at 9:46 AM <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Content Delivery Networks Interconnection WG of the IETF.

        Title           : CDNI extensions for HTTPS delegation
        Authors         : Frédéric Fieau
                          Emile Stephan
                          Sanjay Mishra
  Filename        : draft-ietf-cdni-interfaces-https-delegation-12.txt
  Pages           : 11
  Date            : 2022-10-23

Abstract:
   This document defines metadata objects to support delegating the
   delivery of HTTPS content between two or more interconnected CDNs.
   Specifically, this document defines CDNI Metadata interface objects
   to enable delegation of X.509 certificates leveraging delegation
   schemes defined in RFC9115.  RFC 9115 allows delegating entity to
   remain in full control of the delegation and be able to revoke it any
   time and avoids the need to share private cryptographic key material
   between the involved entities.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-cdni-interfaces-https-delegation/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-cdni-interfaces-https-delegation-12.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-interfaces-https-delegation-12


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
CDNi mailing list
CDNi@ietf.org<mailto:CDNi@ietf.org>
https://www.ietf.org/mailman/listinfo/cdni


Orange Restricted

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email