Re: [secdir] Review of draft-ietf-cdni-requirements-13

"Kent Leung (kleung)" <> Mon, 02 December 2013 19:10 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 545DA1ADE89 for <>; Mon, 2 Dec 2013 11:10:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.502
X-Spam-Status: No, score=-9.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8SYDMWf4quta for <>; Mon, 2 Dec 2013 11:10:46 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 6705F1AD8ED for <>; Mon, 2 Dec 2013 11:10:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=1431; q=dns/txt; s=iport; t=1386011444; x=1387221044; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=SGyyttWxNWH0pzxAFT+wicuVkjLN2HafhC8rNZIB+7A=; b=b+ugKTJWBHYdz4kJqlZbsztSLDLWwTCYD0r64RHvadbr+x9fyILOp6G7 g7HqZ8HbOm8tvulZFBd4oGvPO6SL8MGcgnOCCt8sAKZkbfebAKL+z6xxm YYiIetVljpkcoRntY6SURXtfQ4H/+lgEt9k1k1m5HZDnYUxrGzkxFHyqP U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.93,812,1378857600"; d="scan'208";a="3728803"
Received: from ([]) by with ESMTP; 02 Dec 2013 19:10:44 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id rB2JAhXG028398 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 2 Dec 2013 19:10:43 GMT
Received: from ([]) by ([]) with mapi id 14.03.0123.003; Mon, 2 Dec 2013 13:10:43 -0600
From: "Kent Leung (kleung)" <>
To: Shawn M Emery <>, "" <>
Thread-Topic: Review of draft-ietf-cdni-requirements-13
Thread-Index: AQHO7fGIVqIxWZsW8Uqa3e8Azg8q4ZpBSHKQ
Date: Mon, 2 Dec 2013 19:10:43 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 05 Dec 2013 06:14:25 -0800
Cc: "" <>
Subject: Re: [secdir] Review of draft-ietf-cdni-requirements-13
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 02 Dec 2013 19:10:48 -0000

Thank you for the review.


-----Original Message-----
From: Shawn M Emery [] 
Sent: Saturday, November 30, 2013 9:29 AM
Subject: Review of draft-ietf-cdni-requirements-13

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This informational internet-draft describes the requirements to integrate multiple Content Delivery Networks (CDNs) for Content Service Providers (CSPs) so that end users have a single point of access for content.

The security considerations section does exist and refers to a separate section for the discussion on security requirements.  This section gives requirements priorities from high to low on the various types of attacks.  The high level priorities are for authentication, confidentiality, integrity protection, protection against replay, spoofing, and DoS attacks.  Since it is a requirements specification there is purposefully no discussion on how to mitigate against such attacks.

General comments:


Editorial comments: