Protocol Action: 'CDNI Metadata for Delegated Credentials' to Proposed Standard (draft-ietf-cdni-https-delegation-subcerts-12.txt)

The IESG <iesg-secretary@ietf.org> Thu, 05 September 2024 13:50 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from [10.244.2.118] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id A92CCC14F6EC; Thu, 5 Sep 2024 06:50:59 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'CDNI Metadata for Delegated Credentials' to Proposed Standard (draft-ietf-cdni-https-delegation-subcerts-12.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 12.23.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <172554425933.1895753.6147800301778530355@dt-datatracker-68b7b78cf9-q8rsp>
Date: Thu, 05 Sep 2024 06:50:59 -0700
Message-ID-Hash: YTBS42AH2WM75RBZZBDOFZFQ2CWTAA4N
X-Message-ID-Hash: YTBS42AH2WM75RBZZBDOFZFQ2CWTAA4N
X-MailFrom: iesg-secretary@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf-announce.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, cdni-chairs@ietf.org, cdni@ietf.org, draft-ietf-cdni-https-delegation-subcerts@ietf.org, francesca.palombini@ericsson.com, kevin.j.ma.ietf@gmail.com, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc4
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/Vv9viyJIN0p20CfEMNi6q7cxfrE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-announce-owner@ietf.org>
List-Post: <mailto:ietf-announce@ietf.org>
List-Subscribe: <mailto:ietf-announce-join@ietf.org>
List-Unsubscribe: <mailto:ietf-announce-leave@ietf.org>

The IESG has approved the following document:
- 'CDNI Metadata for Delegated Credentials'
  (draft-ietf-cdni-https-delegation-subcerts-12.txt) as Proposed Standard

This document is the product of the Content Delivery Networks Interconnection
Working Group.

The IESG contact persons are Zaheduzzaman Sarker and Francesca Palombini.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-cdni-https-delegation-subcerts/




Technical Summary

   The delivery of content over HTTPS involving multiple CDNs raises
   credential management issues.  This document defines metadata in the
   CDNI Control and Metadata interface to setup HTTPS delegation using
   delegated credentials from an Upstream CDN (uCDN) to a Downstream CDN
   (dCDN).

Working Group Summary and Document Quality

The content of draft-cdni-https-delegation-subcerts has broad concensus within
the WG.  The content was originally part of the HTTP delegation draft that was
split into two separate drafts, the other having been recently published as
RFC9538.  The original draft was created seven years ago, but had to wait for
the underlying protocols (i.e., RFC9345 and RFC9115) to solidify.  The draft
was split to decouple those waiting periods.

There were no major controversies.  CDNI is not chartered to create security
protocols, its only goal is to communicate the necessary metadata between CDNs
to enable existing security protocols to work properly across CDNs.  Much of
the discussion was around making sure that the draft is only using the
constructs provided by RFC9345 and not creating any additional interfaces or
security constructs.  Special attention was paid to the security section, to
clarify proper usage of the metadata.

The one major concern was the inclusion of support for an in-band private key. 
The chairs requested an early SECDIR review for the private key issue.  Mike
Ounsworth provided valuable (and much appreciated) feedback on protecting the
private key.  Though use of the private key is NOT RECOMMENDED, for those that
choose to use it, JWE encapsulation is now required, to keep it secure.

Personnel

   The Document Shepherd for this document is Kevin J. Ma. The Responsible
   Area Director is Francesca Palombini.