IETF Logo Mail Archive

Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt

Chris Lemmons <alficles@gmail.com> Thu, 11 November 2021 01:42 UTC

Return-Path: <alficles@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC74C3A156B for <cdni@ietfa.amsl.com>; Wed, 10 Nov 2021 17:42:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MhXsjjTtTyRm for <cdni@ietfa.amsl.com>; Wed, 10 Nov 2021 17:42:44 -0800 (PST)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3FA83A156C for <cdni@ietf.org>; Wed, 10 Nov 2021 17:42:44 -0800 (PST)
Received: by mail-ua1-x932.google.com with SMTP id b17so8910752uas.0 for <cdni@ietf.org>; Wed, 10 Nov 2021 17:42:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=pH1YkjiSY1yXRfuXwp+0qor/Ggt6zF3MUKQnyzc+Br0=; b=nmR8D/pAaY+L/Q0riT2CihbKKd87w1yorjH2lIuUGuTPfAwqXGwuejD6gPiaqNWtTF GUvUEummYAIefvPvPprOMyYOAK3MQPybtKOQlfFMsuLdnCQyvW6CX3PoEq7tVFnGP3C8 M0Fw9YvGRn1/SgDgsXFAdKo+MhZPGid1eRqeL52Vb9HjwpAV+/rDuZ0tNuLwL96LHgga trTruvUZYlvmd0c5I5DnW2yeVFg1il0xb8EZhju6VMvp3r/MyAKQcDkv3NqFTQJh4zT5 bjSZbs3zXKiDvv1V5jJfILRa5wr4ivqEtRz8rnfWLtS1bdV7wAsE/0BquQv+NiuJx69r cIGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=pH1YkjiSY1yXRfuXwp+0qor/Ggt6zF3MUKQnyzc+Br0=; b=i2w1hXi6o/sZnlnrqKj7D9MNmZ7DORhTYMU+M1tazj3MJwWl6AynRQAVg218bO8F2M vqnlbFyAslv+tD7cMo3RdVkRFBSQ2PLhoSuTrnkG0rKQZzmHV3IUsHJ7HqrD6ffYH7sK oeJAscagxMc4ygwgp+rYy0j3tE1rlMtKVKb+Lr8FZJUaw1aaX61wPb5wd8ALnuEogn7k 93X9Kv0AHNLk8+yjh7BfIMofGpLD636d+N7f7PhP8Yz8/6TgsmVZ/TVOinWfKx9qsH/P CwX6/q4iVRhP0qD8JaA1v0imlAXF+mq04icUFOoBgqh4O+uarDloc5uCX/AvdjauNyhz iemg==
X-Gm-Message-State: AOAM531y7ed8RBaDWC6m/SLpTIf80L7gQwA8/hFJ/nW2DnbMDZCQB+ZA w3g0wVadym+wKSPEvo1GETcF9gU2sewN+i/SGPg=
X-Google-Smtp-Source: ABdhPJxOndZescOSVxNn+StNPPi4swA4QgOobp8uVq9c6g9JvRXHtk99yCXzqDcH3ivz5X9It7VIN7yMgyhFUp5/fzo=
X-Received: by 2002:a9f:248b:: with SMTP id 11mr635337uar.14.1636594962147; Wed, 10 Nov 2021 17:42:42 -0800 (PST)
MIME-Version: 1.0
References: <163520346940.2076.13669341839825557305@ietfa.amsl.com> <CAMrHYE0tCc8idgi0-Fp+bcykW==Sv-FkqsqNmRMS19jgESqj8g@mail.gmail.com> <CABF6JR1UvFsBTS4EpUnGJ=Frxdvb=PSDqu9BHY9R=RPH3ZPh=Q@mail.gmail.com> <CAJEGKNtajKcuPtHOSdGZXQzTsi4jM50+CDr3GM8vGH=p5Ehg3g@mail.gmail.com> <CABF6JR3R_eOXWJzE_45nkZY+VE6qy7urpr0AigjR1hZQOPBFyQ@mail.gmail.com> <CAJEGKNtUm8bC5R_0yFBM+45uk0yuyyAMRCAD8i1w2qGXy3anig@mail.gmail.com> <CAMrHYE1NsUEuMq1MirkypjToBAq-Ddq8-dUMrk73o9+p39G_=w@mail.gmail.com> <CAMrHYE0QHn6Ag6bqxV3h3WkHe91ypL4P1x7t2Vo2MBNMigQTRQ@mail.gmail.com>
In-Reply-To: <CAMrHYE0QHn6Ag6bqxV3h3WkHe91ypL4P1x7t2Vo2MBNMigQTRQ@mail.gmail.com>
From: Chris Lemmons <alficles@gmail.com>
Date: Wed, 10 Nov 2021 18:42:30 -0700
Message-ID: <CAJEGKNuX=JkYzEOFpau5muA9jLMn4c6kybu-zUKdq3_Q5Sjqjw@mail.gmail.com>
To: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Cc: Phil Sorber <sorber@apache.org>, "<cdni@ietf.org>" <cdni@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/nr3T7dj7STSsoliBbMXky-1r3wI>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 01:42:50 -0000

Agreed, and your version uses even fewer words, which I like. And the
only reason not to reference 3.2.9 is an error on my part. It should
be included. It feels slightly odd to include a normative reference
parenthetically, but it's not wrong. It definitely reads better.

On Wed, Nov 10, 2021 at 11:06 AM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote:
>
> note: we could also use direct section references...
>
> On Wed, Nov 10, 2021 at 1:05 PM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote:
>>
>> Thanks for the text Chris,
>>
>>   Is there a reason to only reference 3.2.8 and not 3.2.9 for form-style parameters?
>>
>>   There is some redundancy in the MUSTs.  What about:
>>
>> The URI Signing Package will be found by parsing any path-style parameters [RFC6570] and form-style parameters [RFC6570] looking for a key name matching the URI Signing Package Attribute.  Both path-style parameters (generated in the form indicated by Section 3.2.7 of [RFC6570]) and form-style parameters (generated in the form indicated by Sections 3.2.8 and 3.2.9 of [RFC6570]) MUST be supported.  The first matching parameter SHOULD be taken to provide the signed JWT, though providing more than one matching key is undefined behavior.
>>
>> thanx!
>>
>> --  Kevin J. Ma
>>
>> On Wed, Nov 10, 2021 at 2:38 AM Chris Lemmons <alficles@gmail.com> wrote:
>>>
>>> To save a click, here's the text:
>>>
>>> The URI Signing Package will be found by parsing any path-style parameters and
>>> form-style parameters looking for a key name matching the URI Signing
>>> Package Attribute.
>>> Both parameter styles MUST be supported to allow flexibility of operation.
>>> The first matching parameter SHOULD be taken to provide the signed
>>> JWT, though providing
>>> more than one matching key is undefined behavior. Path-style
>>> parameters generated in the
>>> form indicated by Section 3.2.7 of [RFC6570] MUST be supported.
>>> Form-style parameters generated in the form indicated by Section 3.2.8
>>> of [RFC6570]
>>> MUST be supported.
>>>
>>> The last two sentences are what I'm proposing we add. This was the
>>> simplest variation I could come up with that doesn't add a whole bunch
>>> of construction rules to this document, but provides at least one
>>> clear MUST-accept implementation for each style that allows a dCDN to
>>> be certain that it knows how to find the URIs.
>>>
>>> On Tue, Nov 9, 2021 at 8:46 AM Phil Sorber <sorber@apache.org> wrote:
>>> >
>>> > Thanks, I merged two of these, but I think we should have a little more time to think on #72 before we merge it, just because it's been so debated and I don't want to keep changing it.
>>> >
>>> > On Tue, Nov 9, 2021 at 1:01 AM Chris Lemmons <alficles@gmail.com> wrote:
>>> >>
>>> >> Fixes for nits, regrettably also including the same ones you just
>>> >> fixed in 69: https://github.com/PSUdaemon/URISigningSpec/pull/70
>>> >>
>>> >> Updates that I _think_ fix the weird figure text? I'm not certain this
>>> >> is the best way to do it, but the existing way looks odd. Look at the
>>> >> diff linked earlier and check out the figure titles.
>>> >> https://github.com/PSUdaemon/URISigningSpec/pull/71
>>> >>
>>> >> The much-belated text I promised a while back on 6570:
>>> >> https://github.com/PSUdaemon/URISigningSpec/pull/72
>>> >>
>>> >> On Mon, Nov 8, 2021 at 7:55 PM Phil Sorber <sorber@apache.org> wrote:
>>> >> >
>>> >> > https://github.com/PSUdaemon/URISigningSpec/pull/69
>>> >> >
>>> >> > On Sat, Nov 6, 2021 at 10:02 PM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote:
>>> >> >>
>>> >> >> Hi Phil,
>>> >> >>
>>> >> >>   Thanks for getting the updated draft out.  A couple typos/nits:
>>> >> >>
>>> >> >>   - section 2.1.10: "for example in" -> "for example, in"
>>> >> >>   - section 3.2.1: "MAY bt" -> "MAY be"
>>> >> >>   - section 4: "after and access" -> "after an access"
>>> >> >>   - section 4.4: remove "against the key issuer with"
>>> >> >>   - section 5.2: "Sigbned" -> "Signed"
>>> >> >>
>>> >> >> --  Kevin J. Ma
>>> >> >>
>>> >> >>
>>> >> >> On Mon, Oct 25, 2021 at 7:12 PM <internet-drafts@ietf.org> wrote:
>>> >> >>>
>>> >> >>>
>>> >> >>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> >> >>> This draft is a work item of the Content Delivery Networks Interconnection WG of the IETF.
>>> >> >>>
>>> >> >>>         Title           : URI Signing for Content Delivery Network Interconnection (CDNI)
>>> >> >>>         Authors         : Ray van Brandenburg
>>> >> >>>                           Kent Leung
>>> >> >>>                           Phil Sorber
>>> >> >>>         Filename        : draft-ietf-cdni-uri-signing-22.txt
>>> >> >>>         Pages           : 42
>>> >> >>>         Date            : 2021-10-25
>>> >> >>>
>>> >> >>> Abstract:
>>> >> >>>    This document describes how the concept of URI Signing supports the
>>> >> >>>    content access control requirements of Content Delivery Network
>>> >> >>>    Interconnection (CDNI) and proposes a URI Signing method as a JSON
>>> >> >>>    Web Token (JWT) profile.
>>> >> >>>
>>> >> >>>    The proposed URI Signing method specifies the information needed to
>>> >> >>>    be included in the URI to transmit the signed JWT, as well as the
>>> >> >>>    claims needed by the signed JWT to authorize a User Agent (UA).  The
>>> >> >>>    mechanism described can be used both in CDNI and single Content
>>> >> >>>    Delivery Network (CDN) scenarios.
>>> >> >>>
>>> >> >>>
>>> >> >>> The IETF datatracker status page for this draft is:
>>> >> >>> https://datatracker.ietf.org/doc/draft-ietf-cdni-uri-signing/
>>> >> >>>
>>> >> >>> There is also an htmlized version available at:
>>> >> >>> https://datatracker.ietf.org/doc/html/draft-ietf-cdni-uri-signing-22
>>> >> >>>
>>> >> >>> A diff from the previous version is available at:
>>> >> >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-uri-signing-22
>>> >> >>>
>>> >> >>>
>>> >> >>> Internet-Drafts are also available by anonymous FTP at:
>>> >> >>> ftp://ftp.ietf.org/internet-drafts/
>>> >> >>>
>>> >> >>>
>>> >> >>> _______________________________________________
>>> >> >>> CDNi mailing list
>>> >> >>> CDNi@ietf.org
>>> >> >>> https://www.ietf.org/mailman/listinfo/cdni
>>> >> >
>>> >> > _______________________________________________
>>> >> > CDNi mailing list
>>> >> > CDNi@ietf.org
>>> >> > https://www.ietf.org/mailman/listinfo/cdni

v2.23.0 | Report a Bug | By Email