Protocol Action: 'CDNI Metadata for Delegated Credentials' to Proposed Standard (draft-ietf-cdni-https-delegation-subcerts-12.txt)
The IESG <iesg-secretary@ietf.org> Thu, 05 September 2024 13:50 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from [10.244.2.118] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id A92CCC14F6EC; Thu, 5 Sep 2024 06:50:59 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'CDNI Metadata for Delegated Credentials' to Proposed Standard (draft-ietf-cdni-https-delegation-subcerts-12.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 12.23.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <172554425933.1895753.6147800301778530355@dt-datatracker-68b7b78cf9-q8rsp>
Date: Thu, 05 Sep 2024 06:50:59 -0700
Message-ID-Hash: YTBS42AH2WM75RBZZBDOFZFQ2CWTAA4N
X-Message-ID-Hash: YTBS42AH2WM75RBZZBDOFZFQ2CWTAA4N
X-MailFrom: iesg-secretary@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf-announce.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, cdni-chairs@ietf.org, cdni@ietf.org, draft-ietf-cdni-https-delegation-subcerts@ietf.org, francesca.palombini@ericsson.com, kevin.j.ma.ietf@gmail.com, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc4
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/Vv9viyJIN0p20CfEMNi6q7cxfrE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-announce-owner@ietf.org>
List-Post: <mailto:ietf-announce@ietf.org>
List-Subscribe: <mailto:ietf-announce-join@ietf.org>
List-Unsubscribe: <mailto:ietf-announce-leave@ietf.org>
The IESG has approved the following document: - 'CDNI Metadata for Delegated Credentials' (draft-ietf-cdni-https-delegation-subcerts-12.txt) as Proposed Standard This document is the product of the Content Delivery Networks Interconnection Working Group. The IESG contact persons are Zaheduzzaman Sarker and Francesca Palombini. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-cdni-https-delegation-subcerts/ Technical Summary The delivery of content over HTTPS involving multiple CDNs raises credential management issues. This document defines metadata in the CDNI Control and Metadata interface to setup HTTPS delegation using delegated credentials from an Upstream CDN (uCDN) to a Downstream CDN (dCDN). Working Group Summary and Document Quality The content of draft-cdni-https-delegation-subcerts has broad concensus within the WG. The content was originally part of the HTTP delegation draft that was split into two separate drafts, the other having been recently published as RFC9538. The original draft was created seven years ago, but had to wait for the underlying protocols (i.e., RFC9345 and RFC9115) to solidify. The draft was split to decouple those waiting periods. There were no major controversies. CDNI is not chartered to create security protocols, its only goal is to communicate the necessary metadata between CDNs to enable existing security protocols to work properly across CDNs. Much of the discussion was around making sure that the draft is only using the constructs provided by RFC9345 and not creating any additional interfaces or security constructs. Special attention was paid to the security section, to clarify proper usage of the metadata. The one major concern was the inclusion of support for an in-band private key. The chairs requested an early SECDIR review for the private key issue. Mike Ounsworth provided valuable (and much appreciated) feedback on protecting the private key. Though use of the private key is NOT RECOMMENDED, for those that choose to use it, JWE encapsulation is now required, to keep it secure. Personnel The Document Shepherd for this document is Kevin J. Ma. The Responsible Area Director is Francesca Palombini.