Re: [Gen-art] Genart last call review of draft-ietf-httpbis-cdn-loop-01

Alissa Cooper <alissa@cooperw.in> Mon, 17 December 2018 20:23 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F11D129BBF; Mon, 17 Dec 2018 12:23:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=1DzjmP/k; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Das0ewFO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QrrmpcO7s7Yt; Mon, 17 Dec 2018 12:23:46 -0800 (PST)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E55C126F72; Mon, 17 Dec 2018 12:23:46 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 05C7ED1B; Mon, 17 Dec 2018 15:23:44 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Mon, 17 Dec 2018 15:23:45 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=a bnIeylAm5jav4u0g9ELQRAF6Xmp109oxjXPC1hdedg=; b=1DzjmP/kuIk8fdqvT 5RcSroYZkz3pbl934LXlkpL8VOfuG1LXqLthYOi2vV9MBTWiDUu+iAf2V+irULb9 E3EYIkPeqbDdWRTo0IB4hkI3mo4Gl+oTLL9Z0Yhx+KHWmFFlWU7U3tXYEBkHv8/3 yH5omvANSTjKx4Iead3f2f/h8jhONB6DoY2rq4zJumxV01VqZQKm2WHRKBtUqlkZ xEpdPCkf6iABad88xTsN5Inj9y+TFGvXjXXWO5byPpQ8lfulb7FStSK7eV5fn0oq A7UyGR+tUdH2+RmaNYLXyQ9+dd0NBBWeLJKBYyFqlInf2VOdugJ7J0O/3BUorhDX nqpOQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=abnIeylAm5jav4u0g9ELQRAF6Xmp109oxjXPC1hde dg=; b=Das0ewFORGEFUVjHygP797izykb/mYgrOPe3C5gIV+24iYb6tucjkVos7 tRL9fGgq7YXP/Abfnnam9tvzwMdzkX/KaZ+vyhp7s4cpeRrOw3UeUtiMxiGmmJ9U Nep+egQyO568GTAY7feLFL5bRdLY/r9aAmJX76i5Trvs3MMT7yKlsU+OK9phb+eH T/sa8Q1ZJTA9JXyH7ZShZCrPUc2v++Zdqxl1ca7VgVYDaS3iQNfgoYILTfmk+i0t GgP03AYYJ3/irxQJFVnlGady0WnQMERtZYOKbQE/Ole0B13ERI53eW8VgNNEu0+p fzyK2vMBAJSB+vBI5/xHvrMUp+emA==
X-ME-Sender: <xms:zwUYXE-1PfNVPCf28zd5rQKysUkr8Wv0H8LE7DEoULHdFOSqhUEKfg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtkedrudeifedggeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef tddtnecunecujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtvdenucfhrhhomh eptehlihhsshgrucevohhophgvrhcuoegrlhhishhsrgestghoohhpvghrfidrihhnqeen ucffohhmrghinhepihgvthhfrdhorhhgnecukfhppedujeefrdefkedruddujedrleefne curfgrrhgrmhepmhgrihhlfhhrohhmpegrlhhishhsrgestghoohhpvghrfidrihhnnecu vehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:zwUYXCSMsly6rejRywffqSh5JkBDUpBgfJFomC0lX_gBcrizLVWm4w> <xmx:zwUYXDmLb1913XgBHGNogKm31VQ7x0rQ_37YUh2z2nQIkmnm1slQrg> <xmx:zwUYXFW7pX9Omyd13HqsSGYm3ciOX4Tvk1BtNZIrss38IYM2W6i82A> <xmx:0AUYXGFeO388D65AeFIC-NK4jEBmzSUBEoET0ShlYnBvQDrA8q9ftg>
Received: from rtp-alcoop-nitro5.cisco.com (unknown [173.38.117.93]) by mail.messagingengine.com (Postfix) with ESMTPA id 238B910084; Mon, 17 Dec 2018 15:23:43 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <154386274295.5033.8259810220470907158@ietfa.amsl.com>
Date: Mon, 17 Dec 2018 15:23:41 -0500
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-httpbis-cdn-loop.all@ietf.org, ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4672067D-BC1C-430A-ABCA-96BFD3F7269C@cooperw.in>
References: <154386274295.5033.8259810220470907158@ietfa.amsl.com>
To: Joel Halpern <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/mH8Q5LO26W26l7bzsNVSa5Y3xXs>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-httpbis-cdn-loop-01
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2018 20:23:49 -0000

Joel, thanks for your review. I have entered a No Objection ballot and flagged your review there since there has been no response.

Alissa

> On Dec 3, 2018, at 1:46 PM, Joel Halpern <jmh@joelhalpern.com> wrote:
> 
> Review result: Ready with Issues
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
> 
> For more information, please see the FAQ at
> 
> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> 
> Document: draft-ietf-httpbis-cdn-loop-01
> Reviewer: Joel Halpern
> Review Date: 2018-12-03
> IETF LC End Date: 2018-12-11
> IESG Telechat date: Not scheduled for a telechat
> 
> Summary: This document is ready for publication as a Proposed Standard RFC
>                   There are two issues that I think should be addressed
>                   before publication
> 
> Major issues: N/A
> 
> Minor issues:
>   This depends upon CDNs which have not been upgraded not stripping this
>   header.  While I can believe that is a reasonable assumption, it seems that
>   a paragraph explaining that it is the case, and if possible what experience
>   leads us to think it is the case, would be helpful.
> 
>   This document says that it is to protect against attackers causing loops. 
>   If the attacker is an external customer, the advice in the security
>   considerations section makes sense.  The other apparent attack would be an
>   attacker in the network who strips the information each time it comes past.
>    I believe the reason this is only an apparent attack is that such an
>   attacker could almost as easily simply generate additional messages instead
>   of producing a loop.  If I have inferred this correctly, it seems useful to
>   state it.
> 
> Nits/editorial comments:  N/A
> 
> 
> 
> 
> 
> 
>