Re: Ben Campbell's No Objection on draft-ietf-httpbis-cdn-loop-01: (with COMMENT)
Mark Nottingham <mnot@mnot.net> Thu, 20 December 2018 01:59 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB56A130DE5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Dec 2018 17:59:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.999
X-Spam-Level:
X-Spam-Status: No, score=-2.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=S11KFpc7; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=TAAE3QaW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jsTKeazK5qeD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Dec 2018 17:59:18 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1F30130DDA for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 19 Dec 2018 17:59:18 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1gZnaH-0006Ps-PF for ietf-http-wg-dist@listhub.w3.org; Thu, 20 Dec 2018 01:57:09 +0000
Resent-Date: Thu, 20 Dec 2018 01:57:09 +0000
Resent-Message-Id: <E1gZnaH-0006Ps-PF@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1gZnaD-0006Oq-IE for ietf-http-wg@listhub.w3.org; Thu, 20 Dec 2018 01:57:05 +0000
Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1gZnaB-0007kr-Ax for ietf-http-wg@w3.org; Thu, 20 Dec 2018 01:57:05 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 8161E21D09; Wed, 19 Dec 2018 20:56:42 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Wed, 19 Dec 2018 20:56:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=P 5zbYCKG9pILN+45OTHieiK0fn/lxWPWyOXCI/C4K/8=; b=S11KFpc7r/VFSx24t faoHKoIsyUB8t3cRb55msabYm7or+IEkXnrv++V0EtwMzBnskRzDhMgicfZ35hWk 3vchNQWJYIb38Mbi/GBw2CEG7xRo3uGFIZyToLYxChpVLKxHLNJWRGfJdRZQ9cnB wwEwp4S14aV3/ttKK0hWKgX4ASEeCVnWktW6xPYmeYMPL+QOkE/hmzATk1ejs8nT vig+3eIf3zTj/RDW8tGtM/cWuF8Uuif6jFjeMuAU+RkGbo+idYQL9zxaFuJMWgQL 5GeabbNd6vzeKw3M1iG2D32gZpHiG1/b7DmTmzEMz2Zy/9+nT65UDdEIFAx3nmA9 kNEPQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=P5zbYCKG9pILN+45OTHieiK0fn/lxWPWyOXCI/C4K /8=; b=TAAE3QaWfR4wBlA0acMWVoHxu5Zw81QHrov36tpH+lcNIdFuHXTrB223W DFsX6QKXzXfpXKG4E41gOnuLBRjFi4FHxSfayfg2EKaYrUU7Bngwf6o283xoOVnb 217HGuER01JuBrmgilkVJ6U1UdopX47/M1wq+5rYBLlk/ZBcdEovxN5fzuw3ckrm G//SWfSRTnjj58WnwsUB/ydTLMynfSSVhrwe6Y1yFB1qoVlYiu0qd3AGikciYbkm UVpb62VZm8nZ9iB2WGJc9Dnu0dse3iYA0OxlayyC3Y2OfWAi1qJIG74r92zncvCA bT4VXwp0wi9qXVzm5qxXebclD+nQQ==
X-ME-Sender: <xms:2PYaXJXyGqtJPvfzcyC35J_jzF-hNlSWgb_pA7tLUqNL3Ki-DojnjA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtkedrudejvddgfeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef tddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpegtggfuhfgjff fgkfhfvffosehtqhhmtdhhtdejnecuhfhrohhmpeforghrkhcupfhothhtihhnghhhrghm uceomhhnohhtsehmnhhothdrnhgvtheqnecuffhomhgrihhnpehmnhhothdrnhgvthenuc fkphepudeggedrudefiedrudejhedrvdeknecurfgrrhgrmhepmhgrihhlfhhrohhmpehm nhhothesmhhnohhtrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:2PYaXHOyfATCGzXlSylpsnMlBRDHlUOAaHCjSKkcB8P31EtoYNP0Hg> <xmx:2PYaXK8S5oQm0QkEHohQGRupmvsgI60oQdAjRtfuJuX8O-6ISJ1e5A> <xmx:2PYaXP9B8PxjDY_z9JQOVSoMf4xa7F9tBb7-1Mmzb0hVslJL4le23g> <xmx:2vYaXAxzj5tsegksmy2wUi3bkC7EtxN3QLfJ7wf-zfLhkZR8I68iSQ>
Received: from attitudadjuster.mnot.net (unknown [144.136.175.28]) by mail.messagingengine.com (Postfix) with ESMTPA id 360B910085; Wed, 19 Dec 2018 20:56:37 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <154526391972.2223.18373768660986523611.idtracker@ietfa.amsl.com>
Date: Thu, 20 Dec 2018 12:56:35 +1100
Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-cdn-loop@ietf.org, Patrick McManus <mcmanus@ducksong.com>, Tommy Pauly <tpauly@apple.com>, httpbis-chairs@ietf.org, ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3393EACB-8DF5-44EA-BEAE-CE7707488655@mnot.net>
References: <154526391972.2223.18373768660986523611.idtracker@ietfa.amsl.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.3445.100.39)
X-W3C-Hub-Spam-Status: No, score=-6.4
X-W3C-Hub-Spam-Report: AWL=3.427, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1gZnaB-0007kr-Ax 372c8a3e730f1105b5cdb7cdfe630ee3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Ben Campbell's No Objection on draft-ietf-httpbis-cdn-loop-01: (with COMMENT)
Archived-At: <https://www.w3.org/mid/3393EACB-8DF5-44EA-BEAE-CE7707488655@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36209
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Ben, > On 20 Dec 2018, at 10:58 am, Ben Campbell <ben@nostrum.com> wrote: > > *** Substantive Comments *** > > I agree with Alissa's comments, and Adam's comments about configurations that > intentionally cross a CDN more than once. > > - abstract: The abstract could use some more meat. What does the new header > accomplish? I think these are all addressed now. > §2: > -- first paragraph: Seems like this header helps "detect" loops, rather than > "prevent" them. Good point. I've changed "prevent" to "detect" throughout -- including in the document title. > -- last paragraph: "To be effective, intermediaries - including > Content Delivery Networks - MUST NOT remove this header field," > > Does that put normative requirements on things that do not implement the spec? That's a good question. If this is an issue, I think we could address it by either updating RFC7231, or removing the requirement and making this prose. Do people have a preference there? > §3, first paragraph: How can CDNs stop their customer from modifying the header? That depends on what capabilities that they offer to their customers; if they allow customers to configure a header modification, they'll need to make an exception for this header field name. Doing so is common; e.g., most CDNs don't allow you to modify headers like Connection or Content-Length, because doing so would break HTTP. > ** Editorial Comments *** > > §1, > -- 4th paragraph: "loops between multiple CDNs be used as an > attack vector" Missing word(s) around "CDNs be"? Fixed, thanks. > -- last paragraph: The last sentence os convoluted. Can it be broken into > simpler sentences? I've rewritten to: """ This specification defines the CDN-Loop HTTP request header field to help prevent such attacks and accidents among implementing forwarding CDNs, by disallowing its modification by their customers. """ Cheers, -- Mark Nottingham https://www.mnot.net/
- Ben Campbell's No Objection on draft-ietf-httpbis… Ben Campbell
- Re: Ben Campbell's No Objection on draft-ietf-htt… Mark Nottingham
- Re: Ben Campbell's No Objection on draft-ietf-htt… Ben Campbell
- Re: Ben Campbell's No Objection on draft-ietf-htt… Mark Nottingham