Framework for Content Distribution Network Interconnection (CDNI)
draft-ietf-cdni-framework-14

[Ballot comment]
Thanks for addressing my DISCUSS points.

Original comments:

(1) Section 3.2 says:

"These problems are generally soluble, but the
  solutions complicate the example, so we do not discuss them further
  in this version of the draft."

Was there an intention to discuss these solutions in this draft (assuming at some point soon we will hit its final version)?

(2) During IETF LC, Ray said that the reference to the (expired) draft-vandergaast-edns-client-subnet would be removed. Is that still the plan? I think removing it is appropriate.

(3) I'm confused about this text in Section 4.6:

"Fine-grain control over how the downstream CDN delivers content on
  behalf of the upstream CDN is also possible.  For example, by
  including the Forwarded HTTP header [I-D.ietf-appsawg-http-forwarded]
  with the conditional GET request, the downstream CDN can report the
  end-user's IP address to the upstream CDN, giving it an opportunity
  to control whether the downstream CDN should serve the content to
  this particular end-user.  The upstream CDN would communicate its
  directive through its response to the conditional GET."

This is characterized as an in-band mechanism. But how does the dCDN know whether to include the Forwarded header, other than by some out-of-band arrangement with the uCDN? Or is the assumption that the dCDN includes it with every conditional GET request?

[Ballot comment]

Thanks for addressing my discuss points. There was one that
is not addressed in -12, but which I'll make a comment since
it'd not be correct to block on this, but I'd encourage fixing
it if possible. The discuss point said:

"
(3) section 6: Am I right in thinking that this is the
first time we're standardising protocols related to CDNs?
(That is, we have not prevously standardised any CDNi or
CSP/CDN protocols.) If so, then I question whether the
"main trust issue" is transitive trust. That is an issue
certainly, but we are also here standardising the logging
that has until now been handled in proprietary ways by CSPs
and CDNs, which arguably means that the associated privacy
issues for the end user need to be considered as in scope
and it is not sufficient to simply say "do what CDNs do."
"

I think s/main trust issue/a trust issue/ would be a good
change, since (I hope) we're not only dealing with the
perspectives of content holders and CDNs.


-- Original comments below, I've not checked how they
were all handled, but feel free to ping me if chatting
more would be useful.

- 1.1: Does the CDN-Domain include or exclude a default or
non-default port number? Saying exactly which part of the
RFC 3986 ABNF you mean might help here. Or if that's for
later, maybe say that now here so folks don't get confused.

- 1.1: Also on CDN-Domain - how does this play with the SOP
and/or CORS or does it and what if the URL is not an HTTP
URL? I'd be fine if you want to punt until later on other
URI schemes btw, not asking that you boil an ocean now, but
better to be a bit more precise on this I think.

- 1.1: I think it might help to define (or reference a
definition for) "footprint" - for me at least its not clear
what combination(s) of topological, geographic or other
information is intended here.  I'm not asking that you
provide the data model in 1.1 though but I think a
definition could help.

- 2.1.1: You don't say why DNAME might be preferable to
CNAME. I wondered:-) And btw, I assume mention of wildcards
in DNS zone files isn't needed here as relevant DNS servers
maybe don't tend to do that?

- 2.1.2: The client IP will only be known if there's no
proxy or the proxy passes on the client IP via XFF or
similar though. Worth noting?

- 4.8: I could imagine CDNs serving up frequently loaded
static content that's not tiny, like maybe JS libraries
that are widely used. W3C have an early piece of work
that's related [1] so just noting that and wondering if it
might be wise to take it into account here at some stage.
(It *might* be a problem if that's not considered, but that
might be ok for now since the W3C stuff is drafty. Maybe
worth a look if the WG didn't already.)

  [1] http://www.w3.org/TR/SRI/

- section 8: As with section 6, I think the "just consider
the delta between CDN and CDNi" is not the right approach
here as that could result in CDNi making e.g. HTTPS less
easy to deploy. There is a significiant enough history of
that approach to security going wrong, e.g. when IEEE did
Wired *Equivalent* Privacy (WEP) they ended up addressing
the wrong target and had to go back and substantially re-do
stuff a number of times. I would suggest that simply
referring to [2] here would be a better approach.  This is
not a discuss because I assume that CDNi protocol documents
will in any case have to deal with how they meet those
requirements and will not be able to point here and say
"same as CDN, nothing to see here." If that last was the
WG's plan, then maybe we should chat more about that now
too. (Since we will later otherwise:-)

  [2] https://tools.ietf.org/html/draft-ietf-cdni-requirements-17#section-9

- Section 8: Requirement SEC-2 (DoS resistance) is not
mentioned at all. Did the WG consider whether or not that
requirement ought result in text here? I could buy an
argument that this requirement won't really be discussed
in any detail until later, but wanted to check.

[Ballot comment]
Some non-binding suggestions:

In section 1.1, this is really unclear:
  Recursive CDNI Request Redirection: When an upstream CDN elects to
  redirect a request towards a downstream CDN, the upstream CDN can
  query the downstream CDN Request Routing system via the CDNI Request
  Routing Redirection Interface (or use information cached from earlier
  similar queries) to find out how the downstream CDN wants the request
  to be redirected, which allows the upstream CDN to factor in the
  downstream CDN response when redirecting the user agent.  This
  approach is referred to as "Recursive" CDNI Request Redirection.
  Note that the downstream CDN may elect to have the request redirected
  directly to a Surrogate inside the downstream CDN, to the Request
  Routing System of the downstream CDN, to another CDN, or to whatever
  system is necessary to handle the redirected request appropriately.

I think this means that the uCDN gets a query from a user agent, queries the dCDN to find out what URL will reach the desired delivery node, and then sends a redirect to the UA with that URL.  But it might mean something else.  Maybe I will learn what it means later on in the document, but if this is to be helpful, it needs to make sense _before_ I've read the document! :)  So it would be good if it could be rephrased, and I would be happy to help iterate on that if it's useful.

Ah.  In fact, there's some much clearer text about this at the end of section 3.2.  I suggest adapting that text for the terminology section.  It might be better to explain iterative request redirection first and then explain recursive redirection in terms of how it differs, which I guess is why I like the text at the end of 3.2 so much...

Also in section 1.1, CSP is never expanded, and probably should be:
OLD:
  Trigger Interface: a subset of the CDNI Control interface that
  includes operations to pre-position, revalidate, and purge both
  metadata and content.  These operations are typically called in
  response to some action (Trigger) by the CSP on the upstream CDN.
NEW:
  Trigger Interface: a subset of the CDNI Control interface that
  includes operations to pre-position, revalidate, and purge both
  metadata and content.  These operations are typically called in
  response to some action (Trigger) by the Content Service
  Provider (CSP) on the upstream CDN.

Or just add an entry in this section for Content Service Provider.  This would be a win for me, but possibly not for a reader with more knowledge of the subject matter.

Also:
OLD:
  We also sometimes use uCDN and dCDN as shorthand for upstream CDN and
  downstream CDN, respectively.
NEW:
  uCDN: Upstream Content Delivery Network
  dCDN: Downstream Content Delivery Network

I think this is useful additional emphasis, but won't be offended if you ignore this suggestion. :)

Section 3.4, paragraph 2:
  As before, Operator A has to learn the set of requests that dCDN is
  willing or able to serve (e.g. which client IP address prefixes or
  geographic regions are part of the dCDN footprint).  We assume
  Operator has and makes known to operator A some unique identifier
            ^
You are missing (I suspect) a B here.

In section 3.5:
  This example differs from the one in Figure 5 only in the addition of
  a FCI request (step 2) and corresponding response (step 3).

The diagram shows an RI request and response, not an FCI request and response.  Is there a disagreement between the text and the diagram, or am I just misunderstanding something?

In 3.6, has the uCDN remembered that the dCDN might have cached a particular bit of content?  This seems like a really heavyweight solution.  What happens if this information is lost?

Former DISCUSS:
This DISCUSS is just because I am not clear on what is being done, so to address the DISCUSS all that's necessary is to answer the question and possibly engage in further discussion.  It may be that there's an issue here, in which case that would need to be corrected, but that's not clear to me at the moment.

In 3.4:
      The Request Router returns a DNS CNAME response by "stacking" the
      distinguished identifier for Operator B onto the original CDN-
      Domain (e.g., b.cdn.csp.example), plus an NS record that maps
      b.cdn.csp.example to B's Request Router.

  2.  The end-user does a DNS lookup using the modified CDN-Domain
      (i.e., b.cdn.csp.example).  This causes B's Request Router to
      respond with a suitable delivery node.

What's up with the NS record here?  Are you relying on glue to make sure that the query goes to the right nameserver?

[Ballot comment]
It's not really clear to me that Informational is the appropriate status for this document. Aside from the "people would have reviewed it more carefully" argument (which I'm not sure actually holds water), this document does define the message flow between end users and operators, which really is part and parcel of the protocol. Take a look at the nature of the ballot comments from others; they sure read like protocol reviews. Just because this document doesn't define all of the message formats and particular HTTP exchanges doesn't means it's not a protocol document; it's just one *piece* of a protocol, and I'm guessing that this document will be normative upon any future protocol documents coming out of this group.

That said, I'm not going to stand in the way of publication if we decide that Informational is OK. But if we think that the WG did a diligent job of producing this thing, and that future protocol documents are going to conform to it, an additional 2-week LC and a raise in status doesn't seem like all that bad a thing to do.

[Ballot discuss]
This DISCUSS is just because I am not clear on what is being done, so to address the DISCUSS all that's necessary is to answer the question and possibly engage in further discussion.  It may be that there's an issue here, in which case that would need to be corrected, but that's not clear to me at the moment.

In 3.4:
      The Request Router returns a DNS CNAME response by "stacking" the
      distinguished identifier for Operator B onto the original CDN-
      Domain (e.g., b.cdn.csp.example), plus an NS record that maps
      b.cdn.csp.example to B's Request Router.

  2.  The end-user does a DNS lookup using the modified CDN-Domain
      (i.e., b.cdn.csp.example).  This causes B's Request Router to
      respond with a suitable delivery node.

What's up with the NS record here?  Are you relying on glue to make sure that the query goes to the right nameserver?

[Ballot comment]
Some non-binding suggestions:

In section 1.1, this is really unclear:
  Recursive CDNI Request Redirection: When an upstream CDN elects to
  redirect a request towards a downstream CDN, the upstream CDN can
  query the downstream CDN Request Routing system via the CDNI Request
  Routing Redirection Interface (or use information cached from earlier
  similar queries) to find out how the downstream CDN wants the request
  to be redirected, which allows the upstream CDN to factor in the
  downstream CDN response when redirecting the user agent.  This
  approach is referred to as "Recursive" CDNI Request Redirection.
  Note that the downstream CDN may elect to have the request redirected
  directly to a Surrogate inside the downstream CDN, to the Request
  Routing System of the downstream CDN, to another CDN, or to whatever
  system is necessary to handle the redirected request appropriately.

I think this means that the uCDN gets a query from a user agent, queries the dCDN to find out what URL will reach the desired delivery node, and then sends a redirect to the UA with that URL.  But it might mean something else.  Maybe I will learn what it means later on in the document, but if this is to be helpful, it needs to make sense _before_ I've read the document! :)  So it would be good if it could be rephrased, and I would be happy to help iterate on that if it's useful.

Ah.  In fact, there's some much clearer text about this at the end of section 3.2.  I suggest adapting that text for the terminology section.  It might be better to explain iterative request redirection first and then explain recursive redirection in terms of how it differs, which I guess is why I like the text at the end of 3.2 so much...

Also in section 1.1, CSP is never expanded, and probably should be:
OLD:
  Trigger Interface: a subset of the CDNI Control interface that
  includes operations to pre-position, revalidate, and purge both
  metadata and content.  These operations are typically called in
  response to some action (Trigger) by the CSP on the upstream CDN.
NEW:
  Trigger Interface: a subset of the CDNI Control interface that
  includes operations to pre-position, revalidate, and purge both
  metadata and content.  These operations are typically called in
  response to some action (Trigger) by the Content Service
  Provider (CSP) on the upstream CDN.

Or just add an entry in this section for Content Service Provider.  This would be a win for me, but possibly not for a reader with more knowledge of the subject matter.

Also:
OLD:
  We also sometimes use uCDN and dCDN as shorthand for upstream CDN and
  downstream CDN, respectively.
NEW:
  uCDN: Upstream Content Delivery Network
  dCDN: Downstream Content Delivery Network

I think this is useful additional emphasis, but won't be offended if you ignore this suggestion. :)

Section 3.4, paragraph 2:
  As before, Operator A has to learn the set of requests that dCDN is
  willing or able to serve (e.g. which client IP address prefixes or
  geographic regions are part of the dCDN footprint).  We assume
  Operator has and makes known to operator A some unique identifier
            ^
You are missing (I suspect) a B here.

In section 3.5:
  This example differs from the one in Figure 5 only in the addition of
  a FCI request (step 2) and corresponding response (step 3).

The diagram shows an RI request and response, not an FCI request and response.  Is there a disagreement between the text and the diagram, or am I just misunderstanding something?

In 3.6, has the uCDN remembered that the dCDN might have cached a particular bit of content?  This seems like a really heavyweight solution.  What happens if this information is lost?

[Ballot discuss]
I support Stephen's DISCUSS and COMMENT, especially his point (2) and the comment about only discussing the security/privacy considerations relevant to the delta between CDN and CDNI. This security considerations text seems particularly inadequate to me:

Another concern that arises in any CDN is that information about the
  behavior of users (what content they access, how much content they
  consume, etc.) may be gathered by the CDN.  This risk certainly
  exists in inter-connected CDNs, but it should be possible to apply
  the same techniques to mitigate it as in the single CDN case.

Perhaps this is true, but without further discussion of what the existing techniques are, this seems like a weak claim. Furthermore, there are many aspects of the framework described in this document that implicitly promote better identification of clients to more nodes (interconnected CDNs, recursive DNS resolvers, etc.), so it would be helpful to understand how to square that with the claim made above.

[Ballot comment]
(1) Section 3.2 says:

"These problems are generally soluble, but the
  solutions complicate the example, so we do not discuss them further
  in this version of the draft."

Was there an intention to discuss these solutions in this draft (assuming at some point soon we will hit its final version)?

(2) During IETF LC, Ray said that the reference to the (expired) draft-vandergaast-edns-client-subnet would be removed. Is that still the plan? I think removing it is appropriate.

(3) I'm confused about this text in Section 4.6:

"Fine-grain control over how the downstream CDN delivers content on
  behalf of the upstream CDN is also possible.  For example, by
  including the Forwarded HTTP header [I-D.ietf-appsawg-http-forwarded]
  with the conditional GET request, the downstream CDN can report the
  end-user's IP address to the upstream CDN, giving it an opportunity
  to control whether the downstream CDN should serve the content to
  this particular end-user.  The upstream CDN would communicate its
  directive through its response to the conditional GET."

This is characterized as an in-band mechanism. But how does the dCDN know whether to include the Forwarded header, other than by some out-of-band arrangement with the uCDN? Or is the assumption that the dCDN includes it with every conditional GET request?

[Ballot comment]
I just have a few comments/questions, but otherwise the document looks good.

Section 6. Trust Model:  In practice, do the trust relationships described rely on contracts or other agreements that are enforceable?  I would think so and if that's the case, should they be mentioned (Security Levels of Service, etc.)?

In either the Trust Model or Security Considerations sections, I expected to see a discussion on fraud concerns in CDNI.  Could you add in mention of fraud and some of the explicit concerns/risks?

Additionally, I support Stephen's positions.  For the privacy concerns he raises, there are several points in the draft that discuss which of the parties have access to what types of data (what users access, just metrics, monitoring capabilities, etc.).  It would be very helpful to call this out in a privacy section and enumerate on the limits/restrictions to assist with privacy concerns.  The draft does have some of this detailed, but it does not call out privacy as a concern and is not organized around privacy in a section of the document.

[Ballot discuss]

For discuss points 1-3, it could be fine for this document
to just note that there are tricky issues around these
topics, but I'm a little concerned that we not punt on them
for too long, or even worse, forget about them, in case we
hit late problems.

(1) section 3: I would like to have seen some examples with
discussion of DNSSEC and where the URL the client starts
with is an HTTPS URL and/or where HTTPS URLs are used
between CDNs. I'm not trying to insist on that though but
have those (3) issues been considered by the WG?  If not,
when will they? 

(2) There is no mention of privacy in this document at all,
nor is the CDNi requirement LI-17 mentioned.  Isn't there
simply missing text on that? If not, why not?  For example
in 4.4 I was surprised not to see any mention of privacy
issues or jurisdiction issues. Why does that not need a
mention? Are there really no open issues associated with
the LI and privacy? Just to pick on one of the possibly
many juicy issues: what if the browser request has DNT set?
(I don't expect this doc to resolve that issue btw.)

(3) section 6: Am I right in thinking that this is the
first time we're standardising protocols related to CDNs?
(That is, we have not prevously standardised any CDNi or
CSP/CDN protocols.) If so, then I question whether the
"main trust issue" is transitive trust. That is an issue
certainly, but we are also here standardising the logging
that has until now been handled in proprietary ways by CSPs
and CDNs, which arguably means that the associated privacy
issues for the end user need to be considered as in scope
and it is not sufficient to simply say "do what CDNs do."
If those are in scope, then I would further argue that that
is also a significant trust issue. If we figure out how to
handle discuss point 2 above, then this might just amount
to a simple reference to whatever text results (or maybe
that text would just go in this section.)

(4) 4.7: Just checking: This made me wonder about how CDNI
and HTTP/2.0 are intended to play together. I think there's
been relevant discussion on httpbis about similar issues
but haven't followed that. Is someone tracking how CDNI and
HTTP/2.0 will interact? If not then wouldn't that be a good
idea since both are likely to arrive as RFCs about the same
time?  (To be clear: I've no strong opinion on the details
here, nor on sequencing of outputs, but would just like to
know we don't have two WGs ignoring one another when they
shouldn't. And I'll happily hand this discuss point over to
someone who knows more about both topics.)

[Ballot comment]

- 1.1: Does the CDN-Domain include or exclude a default or
non-default port number? Saying exactly which part of the
RFC 3986 ABNF you mean might help here. Or if that's for
later, maybe say that now here so folks don't get confused.

- 1.1: Also on CDN-Domain - how does this play with the SOP
and/or CORS or does it and what if the URL is not an HTTP
URL? I'd be fine if you want to punt until later on other
URI schemes btw, not asking that you boil an ocean now, but
better to be a bit more precise on this I think.

- 1.1: I think it might help to define (or reference a
definition for) "footprint" - for me at least its not clear
what combination(s) of topological, geographic or other
information is intended here.  I'm not asking that you
provide the data model in 1.1 though but I think a
definition could help.

- 2.1.1: You don't say why DNAME might be preferable to
CNAME. I wondered:-) And btw, I assume mention of wildcards
in DNS zone files isn't needed here as relevant DNS servers
maybe don't tend to do that?

- 2.1.2: The client IP will only be known if there's no
proxy or the proxy passes on the client IP via XFF or
similar though. Worth noting?

- 4.8: I could imagine CDNs serving up frequently loaded
static content that's not tiny, like maybe JS libraries
that are widely used. W3C have an early piece of work
that's related [1] so just noting that and wondering if it
might be wise to take it into account here at some stage.
(It *might* be a problem if that's not considered, but that
might be ok for now since the W3C stuff is drafty. Maybe
worth a look if the WG didn't already.)

  [1] http://www.w3.org/TR/SRI/

- section 8: As with section 6, I think the "just consider
the delta between CDN and CDNi" is not the right approach
here as that could result in CDNi making e.g. HTTPS less
easy to deploy. There is a significiant enough history of
that approach to security going wrong, e.g. when IEEE did
Wired *Equivalent* Privacy (WEP) they ended up addressing
the wrong target and had to go back and substantially re-do
stuff a number of times. I would suggest that simply
referring to [2] here would be a better approach.  This is
not a discuss because I assume that CDNi protocol documents
will in any case have to deal with how they meet those
requirements and will not be able to point here and say
"same as CDN, nothing to see here." If that last was the
WG's plan, then maybe we should chat more about that now
too. (Since we will later otherwise:-)

  [2] https://tools.ietf.org/html/draft-ietf-cdni-requirements-17#section-9

- Section 8: Requirement SEC-2 (DoS resistance) is not
mentioned at all. Did the WG consider whether or not that
requirement ought result in text here? I could buy an
argument that this requirement won't really be discussed
in any detail until later, but wanted to check.

[Ballot comment]
I just have a few comments/questions, but otherwise the document looks good.

Section 6. Trust Model:  In practice, do the trust relationships described rely on contracts or other agreements that are enforceable?  I would think so and if that's the case, should they be mentioned (Security Levels of Service, etc.)?

In either the Trust Model or Security Considerations sections, I expected to see a discussion on fraud concerns in CDNI.  Could you add in mention of fraud and some of the explicit concerns/risks?

[Ballot comment]
As noted in my discussion response, I'm moving this to a non-blocking comment, and I'm happy to accept what Spencer and the authors think is best.  Thanks for the discussion.

-------------------------------------------------

This is a fine document, and I quite approve of its publication.

I'd like to discuss a small point on the obsolescence of 3466:
It's my sense that it isn't this document alone that obsoletes 3466, but the combination of this document and RFC 6707.  6707 replaced the problem statement part, and this nukes the rest.  Is that correct?  If not, whack me in the snout with a rolled-up newspaper and I'll clear this DISCUSS forthwith.  But if so, I suggest a tweak that will make that clear:

OLD (Abstract)
It obsoletes RFC 3466.
NEW
This document, in combination with RFC 6707, obsoletes RFC 3466.
END

OLD (Introduction)
To avoid confusion, this document obsoletes [RFC3466].
NEW
To avoid confusion, this document and [RFC6707] together obsolete
[RFC3466].
END

[Ballot discuss]
This is a fine document, and I quite approve of its publication.

I'd like to discuss a small point on the obsolescence of 3466:
It's my sense that it isn't this document alone that obsoletes 3466, but the combination of this document and RFC 6707.  6707 replaced the problem statement part, and this nukes the rest.  Is that correct?  If not, whack me in the snout with a rolled-up newspaper and I'll clear this DISCUSS forthwith.  But if so, I suggest a tweak that will make that clear:

OLD (Abstract)
It obsoletes RFC 3466.
NEW
This document, in combination with RFC 6707, obsoletes RFC 3466.
END

OLD (Introduction)
To avoid confusion, this document obsoletes [RFC3466].
NEW
To avoid confusion, this document and [RFC6707] together obsolete
[RFC3466].
END

[Ballot comment]
1. Section 1.2 references the CDNI WG, but that reference could be re-worded to point at this document.

2. Should the discussion of HTTP redirection in section 2.1.2 mention as a limitation that this approach won't work for non-HTTP traffic?  It is obvious, but if DNS redirection is not feasible, what other option would a CDN operator use?

IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-cdni-framework-10, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any IANA actions.

While it is helpful for the IANA Considerations section of the document to remain in place upon publication, if authors prefer to remove it, IANA does not object.

If this assessment is not accurate, please respond as soon as possible.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Framework for CDN Interconnection) to Informational RFC


The IESG has received a request from the Content Delivery Networks
Interconnection WG (cdni) to consider the following document:
- 'Framework for CDN Interconnection'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2014-03-24. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.L

This is a three-week IETF Last Call because it's starting during IETF week.
We want to give people a chance to read it and talk about issues this
week, while still giving two full weeks for people to review while not
at an IETF meeting.

Abstract


  This document presents a framework for Content Distribution Network
  Interconnection (CDNI).  The purpose of the framework is to provide
  an overall picture of the problem space of CDNI and to describe the
  relationships among the various components necessary to interconnect
  CDNs.  CDN Interconnection requires the specification of interfaces
  and mechanisms to address issues such as request routing,
  distribution metadata exchange, and logging information exchange
  across CDNs.  The intent of this document is to outline what each
  interface needs to accomplish, and to describe how these interfaces
  and mechanisms fit together, while leaving their detailed
  specification to other documents.  It obsoletes RFC 3466.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-cdni-framework/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-cdni-framework/ballot/


No IPR declarations have been submitted directly on this I-D.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)?

[DM] Informational

Why is this the proper type of RFC? [DM] It is simply describing how the architecture is composed and how the relevant components interact with each other.  It describes flows and methods, but it does not define any of the actual protocols necessary for CDNI. 

Is this type of RFC indicated in the title page header?

[DM] Yes

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

The purpose of the framework is to provide an overall picture of the problem space of CDNI and to describe the relationships among the various components necessary to interconnect CDNs.  The intent of this document is to outline what each interface needs to accomplish, and to describe how these interfaces and mechanisms fit together, while leaving their detailed specification to other documents.

Working Group Summary:

Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough?

[DM] No unusual controversy.

Document Quality:

Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted?

[DM] The protocol has been implemented by a couple of vendors as a prototype, including Cisco and Alcatel-Lucent (Velocix).  It is in early stages of development.

No special reviewers needed. 

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?

[DM] Daryl Malas (WG Co-chair) - Spencer Dawkins (AD)

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

[DM] I read through the draft after WGLC and provided additional chair comments.  These comments have been addressed in an updated revision.  An additional review was performed by a member of the working group, and these comments are expected to be incorporated pending additional feedback from the AD and/or IESG.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

[DM] No.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

[DM] No.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

N/A

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

[DM] Yes

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

[DM] No

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

[DM] There was solid consensus on early requests for input on whether or not the document was ready for last call.  Later requests for input after reviews and iterations of the document took place resulted is feedback from a fewer number of WG participants.  I feel this was the result of previous consensus and input and relative approval of the minor incremental changes.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

[DM] No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

[DM] Done.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

N/A

(13) Have all references within this document been identified as either normative or informative?

[DM] Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

[DM] No.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

[DM] No.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

[DM] Yes, it will obsolete RFC 3466, and this is indicated on the fist page.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

N/A

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

N/A

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.

N/A

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)?

[DM] Informational

Why is this the proper type of RFC? [DM] It is simply describing how the architecture is composed and how the relevant components interact with each other.  It describes flows and methods, but it does not define any of the actual protocols necessary for CDNI. 

Is this type of RFC indicated in the title page header?

[DM] Yes

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

The purpose of the framework is to provide an overall picture of the problem space of CDNI and to describe the relationships among the various components necessary to interconnect CDNs.  The intent of this document is to outline what each interface needs to accomplish, and to describe how these interfaces and mechanisms fit together, while leaving their detailed specification to other documents.

Working Group Summary:

Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough?

[DM] No unusual controversy.

Document Quality:

Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted?

[DM] The protocol has been implemented by a couple of vendors as a prototype, including Cisco and Alcatel-Lucent (Velocix).  It is in early stages of development.

No special reviewers needed. 

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?

[DM] Daryl Malas (WG Co-chair) - Spencer Dawkins (AD)

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

[DM] I read through the draft after WGLC and provided additional chair comments.  These comments have been addressed in an updated revision.  An additional review was performed by a member of the working group, and these comments are expected to be incorporated pending additional feedback from the AD and/or IESG.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

[DM] No.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

[DM] No.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

N/A

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

[DM] Yes

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

[DM] No

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

[DM] There was solid consensus on early requests for input on whether or not the document was ready for last call.  Later requests for input after reviews and iterations of the document took place resulted is feedback from a fewer number of WG participants.  I feel this was the result of previous consensus and input and relative approval of the minor incremental changes.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

[DM] No.

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

[DM] Done.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

N/A

(13) Have all references within this document been identified as either normative or informative?

[DM] Yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

[DM] No.

(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

[DM] No.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

[DM] Yes, it will obsolete RFC 3466, and this is indicated on the fist page.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

N/A

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

N/A

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.

N/A