IETF Logo Mail Archive

Re: [CDNi] [E] Re: I-D Action: draft-ietf-cdni-https-delegation-subcerts-05.txt

"Mishra, Sanjay" <sanjay.mishra@verizon.com> Mon, 06 November 2023 16:11 UTC

Return-Path: <sanjay.mishra@verizon.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3B30C1B0320 for <cdni@ietfa.amsl.com>; Mon, 6 Nov 2023 08:11:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.923
X-Spam-Level:
X-Spam-Status: No, score=-3.923 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FUZZY_CREDIT=1.678, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SORBS_WEB=1.5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verizon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BcY18mh8ustu for <cdni@ietfa.amsl.com>; Mon, 6 Nov 2023 08:11:24 -0800 (PST)
Received: from mx0a-0024a201.pphosted.com (mx0a-0024a201.pphosted.com [148.163.149.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5DCCC18FCAF for <cdni@ietf.org>; Mon, 6 Nov 2023 08:11:19 -0800 (PST)
Received: from pps.filterd (m0098392.ppops.net [127.0.0.1]) by mx0a-0024a201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3A6CxcHe021401 for <cdni@ietf.org>; Mon, 6 Nov 2023 11:11:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=prodmail; bh=jjIeZTcvt7rQDK+BCb+QYnE/bkLhf6Al2laKHLudozs=; b=nYVe1EIKXwbnQPWIjSkPmwBrsB86+mpecWsPWreAjpCj9TFI88wqdQOSSR+7jEX3jTmy g9RQk0ZiFlMf6JljzOD39hr2+8OAg49tJWb8/tBZzeQAqO0UNrhMJFv49Pcdxmegwajk FtzGE3fzsHwiLGcUO17gE/4pysnNhfQ34l25SygCfpWLTQPjk7Di1jI5YWG1KIfcjDw5 HKsguetLCbEA+BWLund0orM5+XTMyksG5RvoQGXVxZeItlI+sUtjUEYbhX2fRetgppAg ux8B8n7BfyYkAlEU+oMsAmp9NCsHx01LF659OuNBtdQ1DE2Fry6hfonO+ANgxaB/vODE Eg==
Received: from mail-vs1-f71.google.com (mail-vs1-f71.google.com [209.85.217.71]) by mx0a-0024a201.pphosted.com (PPS) with ESMTPS id 3u5hh88wn5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <cdni@ietf.org>; Mon, 06 Nov 2023 11:11:18 -0500
Received: by mail-vs1-f71.google.com with SMTP id ada2fe7eead31-45efa2242d4so1654730137.0 for <cdni@ietf.org>; Mon, 06 Nov 2023 08:11:17 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699287076; x=1699891876; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jjIeZTcvt7rQDK+BCb+QYnE/bkLhf6Al2laKHLudozs=; b=kMk9yaxWRP5Ntbof0iK8DKf1HvJD3Ob2p5DucgMcLV9S/gItoSvLyg5f4kXzx67Xnd l4nmT36t5PG0NWcNZJqDrqYpvMHMttGnoAVD8/i74hOLXWulJdwZtEKx0ZEVao+PjBT/ frhtjX3l1BoV7xXYwniYpwkTo8dog/sZsGd8ifLRZxH1dAMCaYuPIOTMpdpvRhmpTW2f FpeJgWgP63c5RNXZ3mE5eX7BUeSc7/ePEGmPCOc1+4RZGkw/0k+MSI8UV0+hGMav3o/b KyiwUmkWhKvs68Zb34MI79WpBTG2TAt4NEJ2iinspRpDLsFW/hMUo0XTIqlliwBNaDiR peUw==
X-Gm-Message-State: AOJu0YyxHg5A654PR4pK5xdIAR//z4CYJEK9u9ePncvftVCeIbQZVjS1 TUOfV+QBej9yxaP+lVs+Ya15dWkdVmOYQ1FgBZYcIV57Tv2HwOd+6DkkTBDba0rM7m7wVoHWPOF /Kxu23DGOg40Yb/pAN5OfaNfwHUpj/BxEVBU=
X-Received: by 2002:a05:6102:1522:b0:457:c2e1:64c5 with SMTP id f34-20020a056102152200b00457c2e164c5mr6301656vsv.7.1699287075830; Mon, 06 Nov 2023 08:11:15 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFoRpaUSnzIXK0zEjL7yWEtUgo4jMevB6SnnwgBbiLIco2wEUAcyQqcSoXOTvSARuN5A6kmH2G0LbJSeNPjYKs=
X-Received: by 2002:a05:6102:1522:b0:457:c2e1:64c5 with SMTP id f34-20020a056102152200b00457c2e164c5mr6301610vsv.7.1699287075251; Mon, 06 Nov 2023 08:11:15 -0800 (PST)
MIME-Version: 1.0
References: <169649242443.52233.18268073416166429524@ietfa.amsl.com> <PR3PR10MB415744B1DDE36FADA94A69D58FCAA@PR3PR10MB4157.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <PR3PR10MB415744B1DDE36FADA94A69D58FCAA@PR3PR10MB4157.EURPRD10.PROD.OUTLOOK.COM>
From: "Mishra, Sanjay" <sanjay.mishra@verizon.com>
Date: Mon, 06 Nov 2023 17:11:02 +0100
Message-ID: <CA+EbDtBaL3AVCnMc2Z=yOSMU9FOjOZrqS0W8YDef72a5vzpKWg@mail.gmail.com>
To: Christoph Neumann <Christoph.Neumann@broadpeak.tv>
Cc: "cdni@ietf.org" <cdni@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007e00bd06097e1a8b"
X-mailroute: internal
X-Proofpoint-GUID: cVqpRMC_E9dH-iXrkuBeQpDiMw4mCVjG
X-Proofpoint-ORIG-GUID: cVqpRMC_E9dH-iXrkuBeQpDiMw4mCVjG
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/oNfgLdLSVs-SMqlyWn0T9d0ZhWs>
Subject: Re: [CDNi] [E] Re: I-D Action: draft-ietf-cdni-https-delegation-subcerts-05.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2023 16:11:28 -0000

Hi Christoph - Thank you for submitting an updated version 5. I have
reviewed the document and I have following comments:


   1. Section 2 Terminology. Reference to RFC8174 is missing, i.e.
   something like "...in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here....". If needed, you can refer to BCP14 (
   https://www.rfc-editor.org/info/bcp14).
   2. This document when referring to RFC8008 refers it as "CDNI Footprint
   and Capabilities interface", however, the RFC 8008, defines the document as
   "Footprint & Capabilities Advertisement interface (FCI)", suggest to make
   it consistent with the referred document
   3. General: Document sometime refers to "Delegated Credentials" and
   sometime "Delegated Credential", suggest to use former throughout the
   document
   4. Also check what is the correct usage you want to use throughout the
   document for lower case "delegated credentials" and "delegated credential"
   (In sec 7 both are used in the same context)
   5. Sec 3: Use hyperlink for reference to RFC8008
   6. Sec 3: "as shown in below example" -> "as shown in the example below:"
   7. For the following text "There is also a need to announce additional
   parameters related to the number of credentials supported by the dCDN. For
   that purpose we introduce the FCI object FCI.DelegationCredentials." would
   it be helpful to give some context, for example, say something like, "This
   document also defines an object that announces to the delegating entity how
   many delegated credentials the downstream supports such that the delegating
   entity can provide corresponding number of delegated credentials".
   8. Sec 3.1: Instead of using "linked with the number of servers in the
   dCDN", suggest something like, "corresponding to the number of servers
   designated by the dCDN to support delegated credentials"
   9. Sec 3.1: "if ever such private keys are transmitted" -> "whenever the
   private keys are transmitted
   10. Sec 3.2: Typo in the header "Expected usage of the propert number of
   supported delegated credentials"
   11. Sec 3.2: "The dCDN uses the FCI.DelegatedCredentials object to
   announce the number of endpoints as the number of supported delegated
   credentials" -> The dCDN uses the FCI.DelegatedCredentials object to
   announce the number of servers that support   delegated credentials".
   12. Sec 3.2: "it can provide..." -> "it can issue...."
   13. Sec 3.2: "of the dCDN" -> "to the dCDN"
   14. Sec 3.2: The statement says "Once the uCDN has provided delegated
   credentials via the MI, uCDN SHOULD monitor the provided credentials and
   their expiry times. The uCDN SHOULD timely refresh dCDN credentials via the
   MI."
      - Since this is a SHOULD for the issuer of delegated credentials"
      (DC), how would dCDN handle when serving midstream the DC expires because
      the uCDN did not follow through?
      - Also suggest to use "MI object" rather than just MI
   15. Sec 4: Suggest to maintain uniformity of naming the "designator",
   here is the document for the first time refers the designator or the uCDN
   issuing delegated credentials is "origin", and this term may be ambiguous
   as the "origin" can be other than the issuer of DC
   16. Sec 4: "cred"? Typo?
   17. Sec 4: "follows." -> "follows:"
   18. Sec 4: "find an example" -> "see an example" & " object." ->
   "Object:"
   19. Sec 5: "in CDNI" is not required in the sentence
   20. Sec 5: Elsewhere this draft refers to "User Agent", but this section
   describes it as a "Client", suggesting use the same naming convention when
   identifying it
   21. Sec 5: "This document requests the registration" -> "This document
   requests IANA the registration..."
   22. Sec 6.1 "MI objects" or "MI Objects"?
   23. Sec 7: "in the present document" -> "in the document"
   24. Sec 7: "enable" -> "enables"
   25. Sec 7: Where is this established that "The delegated credentials and
   associated private keys are short-lived"?
   26. Sec 7: "Still, it is NOT RECOMMENDED to send private keys through
   the MI as omitting the private key" Suggest to add a "." after MI and then
   start a new sentence without "as".

Thanks
Sanjay

On Thu, Oct 5, 2023 at 9:57 AM Christoph Neumann <
Christoph.Neumann@broadpeak.tv> wrote:

> Hi all,
>
> I submitted a new version of the internet draft related to delegated
> credentials.
> This update takes into account the secdir reviews of the previous draft.
> The draft now specifies that, if used, the private key must be encrypted
> using JWE, whereas the public key used for encryption can be announced in
> the FCI.DelegatedCredentials.
>
> Christoph
>
> -----Original Message-----
> From: CDNi <cdni-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
> Sent: Thursday, October 5, 2023 9:54 AM
> To: i-d-announce@ietf.org
> Cc: cdni@ietf.org
> Subject: [CDNi] I-D Action:
> draft-ietf-cdni-https-delegation-subcerts-05.txt
>
> Internet-Draft draft-ietf-cdni-https-delegation-subcerts-05.txt is now
> available. It is a work item of the Content Delivery Networks
> Interconnection
> (CDNI) WG of the IETF.
>
>    Title:   CDNI Metadata for Delegated Credentials
>    Authors: Frederic Fieau
>             Emile Stephan
>             Guillaume Bichot
>             Christoph Neumann
>    Name:    draft-ietf-cdni-https-delegation-subcerts-05.txt
>    Pages:   12
>    Dates:   2023-10-05
>
> Abstract:
>
>    The delivery of content over HTTPS involving multiple CDNs raises
>    credential management issues.  This document defines metadata in the
>    CDNI Control and Metadata interface to setup HTTPS delegation using
>    Delegated Credentials from an Upstream CDN (uCDN) to a Downstream CDN
>    (dCDN).
>
> The IETF datatracker status page for this Internet-Draft is:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dcdni-2Dhttps-2Ddelegation-2Dsubcerts_&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=2OE4Zo9YZweaSYyOlNecmOEeHpfeRxtXKHAZ03MvTWa28qwZlDIcNgLItOTRAWYi&s=QjgYpkSYwF018CGQdB5D6OgaPA6JvV--xLnPG8AX5zs&e=
>
> There is also an HTMLized version available at:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dietf-2Dcdni-2Dhttps-2Ddelegation-2Dsubcerts-2D05&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=2OE4Zo9YZweaSYyOlNecmOEeHpfeRxtXKHAZ03MvTWa28qwZlDIcNgLItOTRAWYi&s=NnHNfxiTuAjX152dgmDVvSb59WYeZul6ahF7z3rHsn8&e=
>
> A diff from the previous version is available at:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__author-2Dtools.ietf.org_iddiff-3Furl2-3Ddraft-2Dietf-2Dcdni-2Dhttps-2Ddelegation-2Dsubcerts-2D05&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=2OE4Zo9YZweaSYyOlNecmOEeHpfeRxtXKHAZ03MvTWa28qwZlDIcNgLItOTRAWYi&s=GSFYIUydwTDMwna16Fo6Ye56N0By16N71f3Zj3KoVv4&e=
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> CDNi mailing list
> CDNi@ietf.org
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_cdni&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=2OE4Zo9YZweaSYyOlNecmOEeHpfeRxtXKHAZ03MvTWa28qwZlDIcNgLItOTRAWYi&s=FP0OVV1i-_EID9-3MAV-RDon2JT7oXWeuJxpBAq58Yg&e=
> Broadpeak, S.A. Registered offices at 15 rue Claude Chappe, Zone des
> Champs Blancs, 35510 Cesson-Sévigné, France | Rennes
> Trade Register: 524 473 063
> This e-mail and its attachments contain confidential information from
> Broadpeak S.A. and/or its affiliates (Broadpeak), which is intended only
> for the person to whom it is addressed.
> If you are not the intended recipient of this email, please notify
> immediately the sender by phone or email and delete it. Any use of the
> information contained herein in any way, including, but not limited to,
> total or partial disclosure, reproduction, or dissemination, by persons
> other than the intended recipient(s) is prohibited, unless expressly
> authorized by Broadpeak. Broadpeak, S.A. and its affiliates respect privacy
> laws, and is committed to the protection of personal data. Emails and/or
> attachments thereof exchanged between us may include your personal data
> which may be processed by Broadpeak and/or its affiliates according to
> applicable privacy laws & regulations.
> In compliance with Regulation (EU) 2016/679 (GDPR) and applicable
> implementation in local legislations, you can exercise at any time your
> rights of access, rectification or erasure of your personal data, as well
> as your rights to restriction, portability or object to the processing.
> For such purpose, or to know more about how Broadpeak processes your
> personal data, you may contact Broadpeak by email privacy@broadpeak.tv.
> Local authority : Commission Nationale Informatique et Libertés (CNIL): 3
> Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 or
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cnil.fr_&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=2OE4Zo9YZweaSYyOlNecmOEeHpfeRxtXKHAZ03MvTWa28qwZlDIcNgLItOTRAWYi&s=rdM_eAM3u6idUBvqMtTIEdfhkoC5KGA1ygkVZZ45ce0&e=
> _______________________________________________
> CDNi mailing list
> CDNi@ietf.org
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_cdni&d=DwIGaQ&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=XniVbishGiO2Ao9hKqSc-hTVIWCi3T-x6GdHR4ZTgoM&m=2OE4Zo9YZweaSYyOlNecmOEeHpfeRxtXKHAZ03MvTWa28qwZlDIcNgLItOTRAWYi&s=FP0OVV1i-_EID9-3MAV-RDon2JT7oXWeuJxpBAq58Yg&e=
>

v2.23.0 | Report a Bug | By Email