Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt
Chris Lemmons <alficles@gmail.com> Thu, 11 November 2021 01:42 UTC
Return-Path: <alficles@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC74C3A156B for <cdni@ietfa.amsl.com>; Wed, 10 Nov 2021 17:42:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MhXsjjTtTyRm for <cdni@ietfa.amsl.com>; Wed, 10 Nov 2021 17:42:44 -0800 (PST)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3FA83A156C for <cdni@ietf.org>; Wed, 10 Nov 2021 17:42:44 -0800 (PST)
Received: by mail-ua1-x932.google.com with SMTP id b17so8910752uas.0 for <cdni@ietf.org>; Wed, 10 Nov 2021 17:42:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=pH1YkjiSY1yXRfuXwp+0qor/Ggt6zF3MUKQnyzc+Br0=; b=nmR8D/pAaY+L/Q0riT2CihbKKd87w1yorjH2lIuUGuTPfAwqXGwuejD6gPiaqNWtTF GUvUEummYAIefvPvPprOMyYOAK3MQPybtKOQlfFMsuLdnCQyvW6CX3PoEq7tVFnGP3C8 M0Fw9YvGRn1/SgDgsXFAdKo+MhZPGid1eRqeL52Vb9HjwpAV+/rDuZ0tNuLwL96LHgga trTruvUZYlvmd0c5I5DnW2yeVFg1il0xb8EZhju6VMvp3r/MyAKQcDkv3NqFTQJh4zT5 bjSZbs3zXKiDvv1V5jJfILRa5wr4ivqEtRz8rnfWLtS1bdV7wAsE/0BquQv+NiuJx69r cIGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=pH1YkjiSY1yXRfuXwp+0qor/Ggt6zF3MUKQnyzc+Br0=; b=i2w1hXi6o/sZnlnrqKj7D9MNmZ7DORhTYMU+M1tazj3MJwWl6AynRQAVg218bO8F2M vqnlbFyAslv+tD7cMo3RdVkRFBSQ2PLhoSuTrnkG0rKQZzmHV3IUsHJ7HqrD6ffYH7sK oeJAscagxMc4ygwgp+rYy0j3tE1rlMtKVKb+Lr8FZJUaw1aaX61wPb5wd8ALnuEogn7k 93X9Kv0AHNLk8+yjh7BfIMofGpLD636d+N7f7PhP8Yz8/6TgsmVZ/TVOinWfKx9qsH/P CwX6/q4iVRhP0qD8JaA1v0imlAXF+mq04icUFOoBgqh4O+uarDloc5uCX/AvdjauNyhz iemg==
X-Gm-Message-State: AOAM531y7ed8RBaDWC6m/SLpTIf80L7gQwA8/hFJ/nW2DnbMDZCQB+ZA w3g0wVadym+wKSPEvo1GETcF9gU2sewN+i/SGPg=
X-Google-Smtp-Source: ABdhPJxOndZescOSVxNn+StNPPi4swA4QgOobp8uVq9c6g9JvRXHtk99yCXzqDcH3ivz5X9It7VIN7yMgyhFUp5/fzo=
X-Received: by 2002:a9f:248b:: with SMTP id 11mr635337uar.14.1636594962147; Wed, 10 Nov 2021 17:42:42 -0800 (PST)
MIME-Version: 1.0
References: <163520346940.2076.13669341839825557305@ietfa.amsl.com> <CAMrHYE0tCc8idgi0-Fp+bcykW==Sv-FkqsqNmRMS19jgESqj8g@mail.gmail.com> <CABF6JR1UvFsBTS4EpUnGJ=Frxdvb=PSDqu9BHY9R=RPH3ZPh=Q@mail.gmail.com> <CAJEGKNtajKcuPtHOSdGZXQzTsi4jM50+CDr3GM8vGH=p5Ehg3g@mail.gmail.com> <CABF6JR3R_eOXWJzE_45nkZY+VE6qy7urpr0AigjR1hZQOPBFyQ@mail.gmail.com> <CAJEGKNtUm8bC5R_0yFBM+45uk0yuyyAMRCAD8i1w2qGXy3anig@mail.gmail.com> <CAMrHYE1NsUEuMq1MirkypjToBAq-Ddq8-dUMrk73o9+p39G_=w@mail.gmail.com> <CAMrHYE0QHn6Ag6bqxV3h3WkHe91ypL4P1x7t2Vo2MBNMigQTRQ@mail.gmail.com>
In-Reply-To: <CAMrHYE0QHn6Ag6bqxV3h3WkHe91ypL4P1x7t2Vo2MBNMigQTRQ@mail.gmail.com>
From: Chris Lemmons <alficles@gmail.com>
Date: Wed, 10 Nov 2021 18:42:30 -0700
Message-ID: <CAJEGKNuX=JkYzEOFpau5muA9jLMn4c6kybu-zUKdq3_Q5Sjqjw@mail.gmail.com>
To: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Cc: Phil Sorber <sorber@apache.org>, "<cdni@ietf.org>" <cdni@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/nr3T7dj7STSsoliBbMXky-1r3wI>
Subject: Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 01:42:50 -0000
Agreed, and your version uses even fewer words, which I like. And the only reason not to reference 3.2.9 is an error on my part. It should be included. It feels slightly odd to include a normative reference parenthetically, but it's not wrong. It definitely reads better. On Wed, Nov 10, 2021 at 11:06 AM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote: > > note: we could also use direct section references... > > On Wed, Nov 10, 2021 at 1:05 PM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote: >> >> Thanks for the text Chris, >> >> Is there a reason to only reference 3.2.8 and not 3.2.9 for form-style parameters? >> >> There is some redundancy in the MUSTs. What about: >> >> The URI Signing Package will be found by parsing any path-style parameters [RFC6570] and form-style parameters [RFC6570] looking for a key name matching the URI Signing Package Attribute. Both path-style parameters (generated in the form indicated by Section 3.2.7 of [RFC6570]) and form-style parameters (generated in the form indicated by Sections 3.2.8 and 3.2.9 of [RFC6570]) MUST be supported. The first matching parameter SHOULD be taken to provide the signed JWT, though providing more than one matching key is undefined behavior. >> >> thanx! >> >> -- Kevin J. Ma >> >> On Wed, Nov 10, 2021 at 2:38 AM Chris Lemmons <alficles@gmail.com> wrote: >>> >>> To save a click, here's the text: >>> >>> The URI Signing Package will be found by parsing any path-style parameters and >>> form-style parameters looking for a key name matching the URI Signing >>> Package Attribute. >>> Both parameter styles MUST be supported to allow flexibility of operation. >>> The first matching parameter SHOULD be taken to provide the signed >>> JWT, though providing >>> more than one matching key is undefined behavior. Path-style >>> parameters generated in the >>> form indicated by Section 3.2.7 of [RFC6570] MUST be supported. >>> Form-style parameters generated in the form indicated by Section 3.2.8 >>> of [RFC6570] >>> MUST be supported. >>> >>> The last two sentences are what I'm proposing we add. This was the >>> simplest variation I could come up with that doesn't add a whole bunch >>> of construction rules to this document, but provides at least one >>> clear MUST-accept implementation for each style that allows a dCDN to >>> be certain that it knows how to find the URIs. >>> >>> On Tue, Nov 9, 2021 at 8:46 AM Phil Sorber <sorber@apache.org> wrote: >>> > >>> > Thanks, I merged two of these, but I think we should have a little more time to think on #72 before we merge it, just because it's been so debated and I don't want to keep changing it. >>> > >>> > On Tue, Nov 9, 2021 at 1:01 AM Chris Lemmons <alficles@gmail.com> wrote: >>> >> >>> >> Fixes for nits, regrettably also including the same ones you just >>> >> fixed in 69: https://github.com/PSUdaemon/URISigningSpec/pull/70 >>> >> >>> >> Updates that I _think_ fix the weird figure text? I'm not certain this >>> >> is the best way to do it, but the existing way looks odd. Look at the >>> >> diff linked earlier and check out the figure titles. >>> >> https://github.com/PSUdaemon/URISigningSpec/pull/71 >>> >> >>> >> The much-belated text I promised a while back on 6570: >>> >> https://github.com/PSUdaemon/URISigningSpec/pull/72 >>> >> >>> >> On Mon, Nov 8, 2021 at 7:55 PM Phil Sorber <sorber@apache.org> wrote: >>> >> > >>> >> > https://github.com/PSUdaemon/URISigningSpec/pull/69 >>> >> > >>> >> > On Sat, Nov 6, 2021 at 10:02 PM Kevin Ma <kevin.j.ma.ietf@gmail.com> wrote: >>> >> >> >>> >> >> Hi Phil, >>> >> >> >>> >> >> Thanks for getting the updated draft out. A couple typos/nits: >>> >> >> >>> >> >> - section 2.1.10: "for example in" -> "for example, in" >>> >> >> - section 3.2.1: "MAY bt" -> "MAY be" >>> >> >> - section 4: "after and access" -> "after an access" >>> >> >> - section 4.4: remove "against the key issuer with" >>> >> >> - section 5.2: "Sigbned" -> "Signed" >>> >> >> >>> >> >> -- Kevin J. Ma >>> >> >> >>> >> >> >>> >> >> On Mon, Oct 25, 2021 at 7:12 PM <internet-drafts@ietf.org> wrote: >>> >> >>> >>> >> >>> >>> >> >>> A New Internet-Draft is available from the on-line Internet-Drafts directories. >>> >> >>> This draft is a work item of the Content Delivery Networks Interconnection WG of the IETF. >>> >> >>> >>> >> >>> Title : URI Signing for Content Delivery Network Interconnection (CDNI) >>> >> >>> Authors : Ray van Brandenburg >>> >> >>> Kent Leung >>> >> >>> Phil Sorber >>> >> >>> Filename : draft-ietf-cdni-uri-signing-22.txt >>> >> >>> Pages : 42 >>> >> >>> Date : 2021-10-25 >>> >> >>> >>> >> >>> Abstract: >>> >> >>> This document describes how the concept of URI Signing supports the >>> >> >>> content access control requirements of Content Delivery Network >>> >> >>> Interconnection (CDNI) and proposes a URI Signing method as a JSON >>> >> >>> Web Token (JWT) profile. >>> >> >>> >>> >> >>> The proposed URI Signing method specifies the information needed to >>> >> >>> be included in the URI to transmit the signed JWT, as well as the >>> >> >>> claims needed by the signed JWT to authorize a User Agent (UA). The >>> >> >>> mechanism described can be used both in CDNI and single Content >>> >> >>> Delivery Network (CDN) scenarios. >>> >> >>> >>> >> >>> >>> >> >>> The IETF datatracker status page for this draft is: >>> >> >>> https://datatracker.ietf.org/doc/draft-ietf-cdni-uri-signing/ >>> >> >>> >>> >> >>> There is also an htmlized version available at: >>> >> >>> https://datatracker.ietf.org/doc/html/draft-ietf-cdni-uri-signing-22 >>> >> >>> >>> >> >>> A diff from the previous version is available at: >>> >> >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-cdni-uri-signing-22 >>> >> >>> >>> >> >>> >>> >> >>> Internet-Drafts are also available by anonymous FTP at: >>> >> >>> ftp://ftp.ietf.org/internet-drafts/ >>> >> >>> >>> >> >>> >>> >> >>> _______________________________________________ >>> >> >>> CDNi mailing list >>> >> >>> CDNi@ietf.org >>> >> >>> https://www.ietf.org/mailman/listinfo/cdni >>> >> > >>> >> > _______________________________________________ >>> >> > CDNi mailing list >>> >> > CDNi@ietf.org >>> >> > https://www.ietf.org/mailman/listinfo/cdni
- [CDNi] I-D Action: draft-ietf-cdni-uri-signing-22… internet-drafts
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Phil Sorber
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Chris Lemmons
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Phil Sorber
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Chris Lemmons
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Kevin Ma
- Re: [CDNi] I-D Action: draft-ietf-cdni-uri-signin… Chris Lemmons