IETF Logo Mail Archive

Re: [secdir] [CDNi] Secdir last call review of draft-ietf-cdni-additional-footprint-types-05

Nir Sopher <nirsopher@gmail.com> Tue, 13 December 2022 20:55 UTC

Return-Path: <nirsopher@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A57E5C1524AF; Tue, 13 Dec 2022 12:55:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2CLk5BenBKNc; Tue, 13 Dec 2022 12:55:48 -0800 (PST)
Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59CE4C14CF0D; Tue, 13 Dec 2022 12:55:48 -0800 (PST)
Received: by mail-yb1-xb2f.google.com with SMTP id 2so10753901ybl.13; Tue, 13 Dec 2022 12:55:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=zDJZRoN845lnV0t7e/IXCvZKwgZu+9b7xTDnqz9yqyk=; b=JqYqj0GfTtbWG9WDKvUwBOHWK039Ug4KK+xeqxu/IlLxPPXyGEvQvu/u7QCU6qa7xM akfVavzwOt1WwtWjmvvVHjiKGEa3Yx20UC/psr/X5bD4Tk2SLoxWXatzpczSMYYaSkZc le+KUX054tGXL6Ogdo1o6dcqLn4xJ+yaCajark8MvipEia99O+WtrNI/aon7i9+H3ui9 OJ8yFx7C7A5P41+VPDAp5XasGWpaXyIy3b0WMvmCHxx/s52nWwVX4bP15mR5yR4h820J f3Jhj8srfBrp8wjTjytB8AHk7Qp4OVcY6lvbKGo5ShZzLkZORgBko7mkH+F96FwGVv7t C2Qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zDJZRoN845lnV0t7e/IXCvZKwgZu+9b7xTDnqz9yqyk=; b=IVeS+0mmmOt8Gdmr/98p+fEZ0iMg85dKfb8FKmmYKlXrZ+hDhO1kBOLEQyu4ActPt6 kSLeTG+yCtDES7MG6Ea6eQcw5vk9krpFopfMC22vJy6O6R4THs/b0zk7iJKy7Cx4R1YP ZK5Blc0/w1eMvCLv8+gcy90uvZFaf9OApGOKppJNLL8akiYOVmzzqdKjYm4RORsV7+pV HrA2Y5Oci+1Vp9XBX76USlhCAunklSbYTrkuGJyXgLGDt6ZlR/nzTYqbbdllWGW1fWNS YhdebkoaFuMaduNOjCbTEJD6WF+RboL/fPLTZE3VAln/ARMCQmyu6rTlxV31siJXg61W s4Iw==
X-Gm-Message-State: ANoB5pnvClVUT1Pa+p6ZqgsvCz8DzNYqYM42RlvAhEwpX9ECQumoL44R XT32IvU9yf34pIpFGyvVgILw5s/5/jKm2OE8k20=
X-Google-Smtp-Source: AA0mqf5jnZSFyHLkpIa9Een0GyAFUh/cZct1efrwIT7+2ssAXK1Xu3Cp9/UVcryKQ/B7L6Jzj32Ji0f2YmXmp2hHCrI=
X-Received: by 2002:a05:6902:4c6:b0:727:6671:ff85 with SMTP id v6-20020a05690204c600b007276671ff85mr1072775ybs.585.1670964947325; Tue, 13 Dec 2022 12:55:47 -0800 (PST)
MIME-Version: 1.0
References: <167068470142.29533.15030214937491608215@ietfa.amsl.com>
In-Reply-To: <167068470142.29533.15030214937491608215@ietfa.amsl.com>
From: Nir Sopher <nirsopher@gmail.com>
Date: Tue, 13 Dec 2022 22:55:35 +0200
Message-ID: <CACUa7-vtUJ6mn+4oxgcaNxpnyT0t251QMw31DUN-y0zwmJcsdg@mail.gmail.com>
To: Daniel Migault <daniel.migault@ericsson.com>
Cc: secdir@ietf.org, cdni@ietf.org, draft-ietf-cdni-additional-footprint-types.all@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001e17f805efbbd8cd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/p4iecpssiGtRR4TbrgJXr1pkQqo>
Subject: Re: [secdir] [CDNi] Secdir last call review of draft-ietf-cdni-additional-footprint-types-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2022 20:55:52 -0000

Hi Daniel,
Thank you for the deep dive into the concepts and incentives of the draft.
Per your remarks, please see our comments inline :)
Cheers,
Sanjay and Nir

On Sat, Dec 10, 2022 at 5:05 PM Daniel Migault via Datatracker <
noreply@ietf.org> wrote:

> Reviewer: Daniel Migault
> Review result: Ready
>
> Hi,
>
> Reviewer: Daniel Migault
> Review result: Ready
>
> I have reviewed this document as part of the security directorate's ongoing
> effort to review all IETF documents being processed by the IESG. These
> comments
> were written primarily for the benefit of the security area directors.
> Document
> editors and WG chairs should treat these comments just like any other
>
> The comment below mostly reflects what raised my curiosity while reading
> the
> document. I do not see any of these comments requires some changes to the
> document.
>
> While reading the document I was wondering what could be the reason for
> advertising ca-ns and us-ny. Note that whatever the response is, there is
> no
> need to change the document. From my point of view, I imagined that
> subdivision
> code would be mostly used to characterize a geographic zone that is served
> by a
> CDN and so that expected codes would be neighbor areas. The example takes
> ca-ns
> and us-ny which I do not see as neighbors, at least geographically
> speaking. I
> know we can always find a case, but I am wondering if it is expected to be
> common to have some non neighbor subdivisions being advertised and why. One
> reason could be that geographic neighborhood and networking neighborhood
> may
> also be distinct and I would be curious to understand if that is the
> reason and
> how often it is expected to happen. To be clear, I am fine if the
> subdivision
> code has just been taken (pseudo) randomly for example.
>

Indeed. A geographical proximity is expected to be the common case.
The reason we presented ca-ns and us-ny was to give an example for 2 types
of subdivisions - a Province in Canada vs. a state in the US.
But now that you bring it up, we see it can confuse the reader.

To make it more intuitive to the reader, we will change the example to
reflect the geographical proximity, presenting for example NY and NJ or NY
and Ontario.


> The Union data type is mentioned as overcoming the limitation of narrowing
> capability. I think the text is nice saying that narrowing does not work
> for
> what we do, but overall I do see the need to have union as a completely
> separate need from the need to narrow. In other words, I do not see the
> justification as something needed. My perception is that we were able to
> have
> AND and Union enables to have OR.


> If  my understanding is correct, I have the impression that there is an
> alternative way to achieve OR which would consist of having different
> separate
> advertisements. Not being an expert in CDNI, what I have in mind is that a
> dCDN
> may send one advertisement with a union or may make multiple
> advertisements (1
> for each member of the union). I am not challenging here the need for a
> union
> as I am convinced it is needed - or will be needed at some point. What I
> would
> like to understand is if multiple advertisements could effectively be
> considered as an alternative to the union. If that is correct, I would be
> interested to briefly understand the pro/cons of each alternative. I
> suspect
> this mostly an operational advantage, but I am curious to learn a bit more
> on
> it.
>

There are a few reasons for using union. Indeed there is an operational
efficiency in joining
Additionally, there are more substantive uses of union, such as in cases
where the advertised capability refers to a fixed commodity (e.g. capacity).
For example, in the case a dCDN advertises its "capacity" capability, which
may apply for an overall set of IPs, from both IPv4 and IPv6.
The union allows us to be unambiguous - avoiding overbooking of "capacity
units", on the one hand, as well as utilizing the advertised capacity
efficiently (without arbitrarily splitting it) on the other.


> The SUBDIVISION Domain was not entirely clear to me, but I suspect this
> connects the newly defined footprint type to the more generic framework.
>
> The main security consideration I have regarding the footprint type is the
> ability to prove that the dCDN is legitimate for announcing such
> capabilities.
> Typically, I am wondering if there is any way to prevent a CDN to advertise
> capabilities in Australia for example - while he is not serving that
> region ?


> Note that we generic and so, is likely to be already addressed at a higher
> level. My impression is that the model is that one has to trust the
> advertisement, and so only consider those of trusted CDNs. I am wondering
> if
> there are any practical ways to evaluate the trustworthiness related to the
> subdivision.
>

Indeed, there is no mechanism preventing dCDN from publishing
capabilities for IPs they do not own / cannot really serve.
This issue was also discussed in RFC 8008 section 2.4
<https://www.rfc-editor.org/rfc/rfc8008.html#section-2.4>, which mostly
refers to resolution of the issue at the business/contractual level.
They also point to the option to make the Footprint verifiable, mostly
out-of-band (non realtime).
There is very little to know incentive for a dCDN to cheat, as RFC 8008
states that it may "negatively affect the long-term business relationship".

Yours,
> Daniel
>
>
>
> _______________________________________________
> CDNi mailing list
> CDNi@ietf.org
> https://www.ietf.org/mailman/listinfo/cdni
>

v2.23.0 | Report a Bug | By Email