Re: [CDNi] Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
Kevin Ma J <kevin.j.ma@ericsson.com> Wed, 06 July 2016 15:29 UTC
Return-Path: <kevin.j.ma@ericsson.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E0B312D592; Wed, 6 Jul 2016 08:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C6bd3rVNxPCB; Wed, 6 Jul 2016 08:29:06 -0700 (PDT)
Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4A9712D1EA; Wed, 6 Jul 2016 08:29:05 -0700 (PDT)
X-AuditID: c618062d-f79886d000002334-6d-577d159c49b3
Received: from EUSAAHC006.ericsson.se (Unknown_Domain [147.117.188.90]) by usplmg20.ericsson.net (Symantec Mail Security) with SMTP id D9.29.09012.C951D775; Wed, 6 Jul 2016 16:28:44 +0200 (CEST)
Received: from EUSAAMB103.ericsson.se ([147.117.188.120]) by EUSAAHC006.ericsson.se ([147.117.188.90]) with mapi id 14.03.0294.000; Wed, 6 Jul 2016 11:14:04 -0400
From: Kevin Ma J <kevin.j.ma@ericsson.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
Thread-Index: AQHR1vfms+qd+Y96XEeTeZbe0McEZaAKQrmwgABGq4D//8ILYIABapUA///NMsA=
Date: Wed, 06 Jul 2016 15:14:04 +0000
Message-ID: <A419F67F880AB2468214E154CB8A556206E47F1C@eusaamb103.ericsson.se>
References: <20160705200035.22399.13041.idtracker@ietfa.amsl.com> <A419F67F880AB2468214E154CB8A556206E462E8@eusaamb103.ericsson.se> <CAHbuEH4d38vsVfnCFbxj48j=KEJZGFjh7gXJ0bEt4iBvsm4Cag@mail.gmail.com> <A419F67F880AB2468214E154CB8A556206E464A4@eusaamb103.ericsson.se> <CAHbuEH5Bgxr=z_gy_m6_vc4pXVbrHmod_WtRQJLh19hnii=oXw@mail.gmail.com>
In-Reply-To: <CAHbuEH5Bgxr=z_gy_m6_vc4pXVbrHmod_WtRQJLh19hnii=oXw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.11]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprEIsWRmVeSWpSXmKPExsUyuXRPlO4c0dpwg+ZVxhZHWn8xWjyd/YfV 4vKZiYwW/xacZrKY8Wcis0XDznwHNo8pvzeyeuycdZfdY8mSn0wBzFFcNimpOZllqUX6dglc GWcmrmMsuGNQcW9aE3MD4x79LkYODgkBE4kHq8S7GDmBTDGJC/fWs3UxcnEICRxllNh85QMj hLOMUeJ3wz82kCo2AS2Jx1//MoHYIgIWEmuav4F1MAs8Y5SYduw4WEJYIE7i5eeFbCAbRATi JZYtV4Co95P49u0aC4jNIqAisebkREYQm1fAV+LXvj9Qy64zSdzYvwgswSkQKLHk4F9WEJsR 6Lzvp9aAzWcWEJe49WQ+E8TZAhJL9pxnhrBFJV4+/scKYStJfPw9nx3kBmYBTYn1u/QhWhUl pnQ/ZIfYKyhxcuYTlgmMYrOQTJ2F0DELSccsJB0LGFlWMXKUFhfk5KYbGWxiBMbUMQk23R2M 96d7HmIU4GBU4uFd8LU6XIg1say4MvcQowQHs5II7xTp2nAh3pTEyqrUovz4otKc1OJDjNIc LErivGKPFMOFBNITS1KzU1MLUotgskwcnFINjLrL3y0uYZ1v8OyVQK1y/sekS4HOy5nusrel CU59YcnjXleWrfu77N0nG0OBC+vn7ZjO3TD1QOSPHxtcVF9tcpTfktO0ulPWt+/Wvqsr3D/v Mnxobu1m+TxIacWsGjGzJ/O6V9p15Jn/sd7flDhv5ZbPIcsiXV7vSOtQeN806VC05tmKlABW ASWW4oxEQy3mouJEALu8ywulAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/mY50xvfcErzSRbk_ZlA5os_eIWk>
Cc: "flefauch@cisco.com" <flefauch@cisco.com>, "cdni@ietf.org" <cdni@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-cdni-metadata@ietf.org" <draft-ietf-cdni-metadata@ietf.org>, "cdni-chairs@ietf.org" <cdni-chairs@ietf.org>
Subject: Re: [CDNi] Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata-18: (with COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2016 15:29:09 -0000
Hi Kathleen, Will do. thanx. -- Kevin J. Ma > -----Original Message----- > From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com] > Sent: Wednesday, July 06, 2016 10:13 AM > To: Kevin Ma J > Cc: The IESG; draft-ietf-cdni-metadata@ietf.org; cdni-chairs@ietf.org; > flefauch@cisco.com; cdni@ietf.org > Subject: Re: Kathleen Moriarty's No Objection on draft-ietf-cdni-metadata- > 18: (with COMMENT) > > Hi Kevin, > > These threats sound important enough to include now. Can you add a > paragraph about these threats? > > Thanks, > Kathleen > > On Tue, Jul 5, 2016 at 4:39 PM, Kevin Ma J <kevin.j.ma@ericsson.com> > wrote: > > Hi Kathleen, > > > > I think that if an attacker could remove any of the ACL metadata, you > could enable service in different regions, at different times, and to > different end points, possibly in violation of the content owner's > distribution rights (and possibly causing the content owner to incur > excess delivery charges); but I would expect a premium content provider to > have a DRM system outside the CDN delivery that enforces licensing > restrictions and otherwise prevents hijacking the service as part of a > criminal enterprise. We will look at updating the threats in the next > revision. > > > > thanx! > > > > -- Kevin J. Ma > > > >> -----Original Message----- > >> From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com] > >> Sent: Tuesday, July 05, 2016 4:17 PM > >> To: Kevin Ma J > >> Cc: The IESG; draft-ietf-cdni-metadata@ietf.org; cdni-chairs@ietf.org; > >> flefauch@cisco.com; cdni@ietf.org > >> Subject: Re: Kathleen Moriarty's No Objection on draft-ietf-cdni- > metadata- > >> 18: (with COMMENT) > >> > >> On Tue, Jul 5, 2016 at 4:06 PM, Kevin Ma J <kevin.j.ma@ericsson.com> > >> wrote: > >> > Hi Kathleen, > >> > > >> > Thanks for the review. Could you expand on your thoughts wrt > >> billing/theft? I think the idea for billing was that it would be based > on > >> the logging data, not metadata. DoS against metadata could prevent the > >> content delivery and therefore prevent content owners and CDNs from > >> recognizing revenue, but I'm not sure if that's the theft angle to > which > >> you refer? > >> > >> I was wondering if there were attacks possible other than DoS. I was > >> surprised I didn't see any related to theft of service if there was a > >> way to do that with metadata. I didn't realize logging information > >> was used for billing and had assumed metadata would wind up being > >> logged and could cause an issue. If that's not possible, that's fine > >> and that's why I just included this question as a comment. > >> > >> Thanks, > >> Kathleen > >> > >> > >> > > >> > thanx! > >> > > >> > -- Kevin J. Ma > >> > > >> >> -----Original Message----- > >> >> From: Kathleen Moriarty [mailto:Kathleen.Moriarty.ietf@gmail.com] > >> >> Sent: Tuesday, July 05, 2016 4:01 PM > >> >> To: The IESG > >> >> Cc: draft-ietf-cdni-metadata@ietf.org; cdni-chairs@ietf.org; > >> >> flefauch@cisco.com; cdni@ietf.org > >> >> Subject: Kathleen Moriarty's No Objection on draft-ietf-cdni- > metadata- > >> 18: > >> >> (with COMMENT) > >> >> > >> >> Kathleen Moriarty has entered the following ballot position for > >> >> draft-ietf-cdni-metadata-18: No Objection > >> >> > >> >> When responding, please keep the subject line intact and reply to > all > >> >> email addresses included in the To and CC lines. (Feel free to cut > this > >> >> introductory paragraph, however.) > >> >> > >> >> > >> >> Please refer to https://www.ietf.org/iesg/statement/discuss- > >> criteria.html > >> >> for more information about IESG DISCUSS and COMMENT positions. > >> >> > >> >> > >> >> The document, along with other ballot positions, can be found here: > >> >> https://datatracker.ietf.org/doc/draft-ietf-cdni-metadata/ > >> >> > >> >> > >> >> > >> >> -------------------------------------------------------------------- > -- > >> >> COMMENT: > >> >> -------------------------------------------------------------------- > -- > >> >> > >> >> I can see why unauthorized access to content isn't a concern since > this > >> >> draft is just about the metadata, but wouldn't billing/theft be a > >> >> possible avenue of attack to be listed as a consideration through > >> >> alterations of the metadata? > >> >> > >> > > >> > >> > >> > >> -- > >> > >> Best regards, > >> Kathleen > > > > -- > > Best regards, > Kathleen
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kevin Ma J
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kevin Ma J
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [CDNi] Kathleen Moriarty's No Objection on dr… Kevin Ma J
- [CDNi] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty