Re: [CDNi] [EXTERNAL] Re: I-D Action: draft-ietf-cdni-https-delegation-subcerts-05.txt
"Kevin J. Ma" <kevin.j.ma.ietf@gmail.com> Tue, 02 January 2024 21:57 UTC
Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28F6CC18DBB1; Tue, 2 Jan 2024 13:57:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.111
X-Spam-Level:
X-Spam-Status: No, score=-1.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ih9XjAPWHvxz; Tue, 2 Jan 2024 13:57:20 -0800 (PST)
Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A78BBC18DBB0; Tue, 2 Jan 2024 13:57:20 -0800 (PST)
Received: by mail-qk1-x72a.google.com with SMTP id af79cd13be357-78109a21144so820396585a.0; Tue, 02 Jan 2024 13:57:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704232639; x=1704837439; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=IYSPT+OULuK+g/HYVqe0o9CNvkOPkrQMzPfAwOjWrT0=; b=ilS7esbr+vSifkH3/d/sL4ebEcMy0ePWZy9vcJbfVoOAqYURuLTI+zmuABoyhW1fLL AAtOAhZ7Wztv+p70K74nNC7xqj8AtIqbbn4QpsR7IlgOm4Bwk63HnCwHyK8/D3SwSz/W 2hJNEGrRHQCpCoHWBJHlZiR/WSNHy4sX4TQ5I2jPOz0JbLZaSrNvvWRvR+LKCzx7lK/D uuXoJE4xP84Y8/kKmxq0JVty2r+GVFlqaNDm1zPiz58nZyHoGeFCoqbWjZv+pR9kFusM fmLF/4VD5mfm0eqr26AiH/oZjnIa2jMan2jD6a4prBfDkZbD1GpJh6y/PhwObYvYGqdM 0Bbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704232639; x=1704837439; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IYSPT+OULuK+g/HYVqe0o9CNvkOPkrQMzPfAwOjWrT0=; b=GlPcROByTqEC9QfwW2EYp+bOuznOUJ1bA4LAtC2z9C7JOH9EcO0ycrTPh+sIfhR8Eh TOx5tbDYTiX0MsctwAMypwdX+iWomN6KxxCwAOlIqKkHXBxhYnf5RwbMFE6WrEX4LnPf 75tZASFDJAtVf8AomQ5lhAtYwMA19gPTnNTyPd6CRzi/o290kyNhGvPXk8VXZDMrlGmN m+nj5KThdjsMuhfpsWInLt+MEQ7BV+Td4auikH/ODjhfqSll5dm8Ua2FmSlEKXgwWj76 Pv5UKQ3FWoIxFyPRDeK5E6mKqfQczaJ7G/0e5hjG/ksigFFd0NzryoOMBacIGjLDQdwp MYhQ==
X-Gm-Message-State: AOJu0YxZfk+hzdEgH0wHy0vp4LCpKnGNSNzL+NISAGStaT5TXTaL+nin NI/LguWZFvLd65hCE0ki4nv2yVkqigk=
X-Google-Smtp-Source: AGHT+IEe5MaymbyXrLI9lGkXRtoNR0g5M1Tdj00l/AOtoYP0Fjo3OX5sN2inbq6FE4REgPl9LD00cg==
X-Received: by 2002:a05:620a:2183:b0:781:575b:8c04 with SMTP id g3-20020a05620a218300b00781575b8c04mr14115981qka.24.1704232638606; Tue, 02 Jan 2024 13:57:18 -0800 (PST)
Received: from smtpclient.apple (pool-173-76-234-21.bstnma.fios.verizon.net. [173.76.234.21]) by smtp.gmail.com with ESMTPSA id b14-20020a05620a0f8e00b00781823ddd45sm3955211qkn.18.2024.01.02.13.57.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 02 Jan 2024 13:57:18 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-D22EB658-F545-4A1B-BEF1-10D0741F6B0E"
Content-Transfer-Encoding: 7bit
From: "Kevin J. Ma" <kevin.j.ma.ietf@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Tue, 02 Jan 2024 16:57:07 -0500
Message-Id: <D67C2682-C4D1-4CD0-A94D-DD94D23D5D34@gmail.com>
References: <CH0PR11MB57395BEC8A2CED9D33E1E5019F61A@CH0PR11MB5739.namprd11.prod.outlook.com>
Cc: Christoph Neumann <Christoph.Neumann@broadpeak.tv>, secdir@ietf.org, cdni@ietf.org
In-Reply-To: <CH0PR11MB57395BEC8A2CED9D33E1E5019F61A@CH0PR11MB5739.namprd11.prod.outlook.com>
To: Mike Ounsworth <mike.ounsworth@entrust.com>
X-Mailer: iPhone Mail (21B101)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/xTR4lt47ULtKOWq_sa34KMeAFvY>
Subject: Re: [CDNi] [EXTERNAL] Re: I-D Action: draft-ietf-cdni-https-delegation-subcerts-05.txt
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2024 21:57:24 -0000
On Jan 2, 2024, at 3:44 PM, Mike Ounsworth <mike.ounsworth@entrust.com> wrote:
Hi Kevin,
I’m very sorry that I missed the ping about this draft from October.
I have reviewed the new -05 and I think it is ready with nits. My updated SecDir review is here:
https://datatracker.ietf.org/doc/review-ietf-cdni-https-delegation-subcerts-04-secdir-early-ounsworth-2023-09-06/01/" rel="nofollow">https://datatracker.ietf.org/doc/review-ietf-cdni-https-delegation-subcerts-04-secdir-early-ounsworth-2023-09-06/01/
The nits are that the Security Considerations don’t seem to have been updated to reflect the security changes in -05, and there are a couple small things that could be worth mentioning.
---
Mike Ounsworth
From: Kevin Ma <kevin.j.ma.ietf@gmail.com>
Sent: Monday, January 1, 2024 9:50 PM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; Christoph Neumann <Christoph.Neumann@broadpeak.tv>
Cc: secdir@ietf.org; <cdni@ietf.org> <cdni@ietf.org>
Subject: [EXTERNAL] Re: [CDNi] I-D Action: draft-ietf-cdni-https-delegation-subcerts-05.txt
Hi Christoph, The updated text looks good to me. Hi Mike, Could you please confirm if the updated text is acceptable from a secdir perspective; or please let us know if we need to submit a new early review request to get a re-review?thanx!--
Hi Christoph,
The updated text looks good to me.
Hi Mike,
Could you please confirm if the updated text is acceptable from a secdir perspective; or please let us know if we need to submit a new early review request to get a re-review?
thanx!
-- Kevin J. Ma
On Thu, Oct 5, 2023 at 3:57 AM Christoph Neumann <Christoph.Neumann@broadpeak.tv> wrote:
Hi all,
I submitted a new version of the internet draft related to delegated credentials.
This update takes into account the secdir reviews of the previous draft.
The draft now specifies that, if used, the private key must be encrypted using JWE, whereas the public key used for encryption can be announced in the FCI.DelegatedCredentials.
Christoph
-----Original Message-----
From: CDNi <cdni-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Thursday, October 5, 2023 9:54 AM
To: i-d-announce@ietf.org
Cc: cdni@ietf.org
Subject: [CDNi] I-D Action: draft-ietf-cdni-https-delegation-subcerts-05.txt
Internet-Draft draft-ietf-cdni-https-delegation-subcerts-05.txt is now available. It is a work item of the Content Delivery Networks Interconnection
(CDNI) WG of the IETF.
Title: CDNI Metadata for Delegated Credentials
Authors: Frederic Fieau
Emile Stephan
Guillaume Bichot
Christoph Neumann
Name: draft-ietf-cdni-https-delegation-subcerts-05.txt
Pages: 12
Dates: 2023-10-05
Abstract:
The delivery of content over HTTPS involving multiple CDNs raises
credential management issues. This document defines metadata in the
CDNI Control and Metadata interface to setup HTTPS delegation using
Delegated Credentials from an Upstream CDN (uCDN) to a Downstream CDN
(dCDN).
The IETF datatracker status page for this Internet-Draft is:
https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-cdni-https-delegation-subcerts/__;!!FJ-Y8qCqXTj2!Y_RuZ0hPX77rYjXmAjN8xXh1AueWJgn7LVE5OJrSfg8Yy7KK_jaYRQabpTGcDNYwOQGKqFPes3PR1qn6Zr2NNB2W4mlOHMc$" target="_blank" rel="nofollow">https://datatracker.ietf.org/doc/draft-ietf-cdni-https-delegation-subcerts/
There is also an HTMLized version available at:
https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-ietf-cdni-https-delegation-subcerts-05__;!!FJ-Y8qCqXTj2!Y_RuZ0hPX77rYjXmAjN8xXh1AueWJgn7LVE5OJrSfg8Yy7KK_jaYRQabpTGcDNYwOQGKqFPes3PR1qn6Zr2NNB2W90irJbo$" target="_blank" rel="nofollow">https://datatracker.ietf.org/doc/html/draft-ietf-cdni-https-delegation-subcerts-05
A diff from the previous version is available at:
https://urldefense.com/v3/__https:/author-tools.ietf.org/iddiff?url2=draft-ietf-cdni-https-delegation-subcerts-05__;!!FJ-Y8qCqXTj2!Y_RuZ0hPX77rYjXmAjN8xXh1AueWJgn7LVE5OJrSfg8Yy7KK_jaYRQabpTGcDNYwOQGKqFPes3PR1qn6Zr2NNB2WYtjpF6I$" target="_blank" rel="nofollow">https://author-tools.ietf.org/iddiff?url2=draft-ietf-cdni-https-delegation-subcerts-05
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
CDNi mailing list
CDNi@ietf.org
https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/cdni__;!!FJ-Y8qCqXTj2!Y_RuZ0hPX77rYjXmAjN8xXh1AueWJgn7LVE5OJrSfg8Yy7KK_jaYRQabpTGcDNYwOQGKqFPes3PR1qn6Zr2NNB2WiTKKEjQ$" target="_blank" rel="nofollow">https://www.ietf.org/mailman/listinfo/cdni
Broadpeak, S.A. Registered offices at 15 rue Claude Chappe, Zone des Champs Blancs, 35510 Cesson-Sévigné, France | Rennes
Trade Register: 524 473 063
This e-mail and its attachments contain confidential information from Broadpeak S.A. and/or its affiliates (Broadpeak), which is intended only for the person to whom it is addressed.
If you are not the intended recipient of this email, please notify immediately the sender by phone or email and delete it. Any use of the information contained herein in any way, including, but not limited to, total or partial disclosure, reproduction, or dissemination, by persons other than the intended recipient(s) is prohibited, unless expressly authorized by Broadpeak. Broadpeak, S.A. and its affiliates respect privacy laws, and is committed to the protection of personal data. Emails and/or attachments thereof exchanged between us may include your personal data which may be processed by Broadpeak and/or its affiliates according to applicable privacy laws & regulations.
In compliance with Regulation (EU) 2016/679 (GDPR) and applicable implementation in local legislations, you can exercise at any time your rights of access, rectification or erasure of your personal data, as well as your rights to restriction, portability or object to the processing.
For such purpose, or to know more about how Broadpeak processes your personal data, you may contact Broadpeak by email privacy@broadpeak.tv.
Local authority : Commission Nationale Informatique et Libertés (CNIL): 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 or https://urldefense.com/v3/__http:/www.cnil.fr/__;!!FJ-Y8qCqXTj2!Y_RuZ0hPX77rYjXmAjN8xXh1AueWJgn7LVE5OJrSfg8Yy7KK_jaYRQabpTGcDNYwOQGKqFPes3PR1qn6Zr2NNB2Wb5u0KPw$" target="_blank" rel="nofollow">http://www.cnil.fr/
_______________________________________________
CDNi mailing list
CDNi@ietf.org
https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/cdni__;!!FJ-Y8qCqXTj2!Y_RuZ0hPX77rYjXmAjN8xXh1AueWJgn7LVE5OJrSfg8Yy7KK_jaYRQabpTGcDNYwOQGKqFPes3PR1qn6Zr2NNB2WiTKKEjQ$" target="_blank" rel="nofollow">https://www.ietf.org/mailman/listinfo/cdni
- [CDNi] I-D Action: draft-ietf-cdni-https-delegati… internet-drafts
- Re: [CDNi] I-D Action: draft-ietf-cdni-https-dele… Christoph Neumann
- Re: [CDNi] [E] Re: I-D Action: draft-ietf-cdni-ht… Mishra, Sanjay
- Re: [CDNi] I-D Action: draft-ietf-cdni-https-dele… Kevin Ma
- Re: [CDNi] [EXTERNAL] Re: I-D Action: draft-ietf-… Mike Ounsworth
- Re: [CDNi] [EXTERNAL] Re: I-D Action: draft-ietf-… Kevin J. Ma