CDNI Metadata for Delegated Credentials
draft-ietf-cdni-https-delegation-subcerts-12
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2024-10-31
|
(System) | Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-cdni-https-delegation-subcerts and RFC 9677, changed IESG state to RFC … Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-cdni-https-delegation-subcerts and RFC 9677, changed IESG state to RFC Published) |
|
2024-10-29
|
12 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2024-10-14
|
12 | (System) | RFC Editor state changed to AUTH48 |
2024-10-14
|
12 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2024-09-10
|
12 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2024-09-10
|
12 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2024-09-10
|
12 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2024-09-09
|
12 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2024-09-06
|
12 | Barry Leiba | Closed request for Last Call review by ARTART with state 'Overtaken by Events': Document has finished IESG processing |
2024-09-06
|
12 | Barry Leiba | Assignment of request for Last Call review by ARTART to Cullen Jennings was marked no-response |
2024-09-05
|
12 | (System) | RFC Editor state changed to EDIT |
2024-09-05
|
12 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2024-09-05
|
12 | (System) | Announcement was received by RFC Editor |
2024-09-05
|
12 | (System) | IANA Action state changed to In Progress |
2024-09-05
|
12 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2024-09-05
|
12 | Cindy Morgan | IESG has approved the document |
2024-09-05
|
12 | Cindy Morgan | Closed "Approve" ballot |
2024-09-05
|
12 | Cindy Morgan | Ballot approval text was generated |
2024-09-05
|
12 | (System) | Removed all action holders (IESG state changed) |
2024-09-05
|
12 | Francesca Palombini | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2024-09-05
|
12 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-12.txt |
2024-09-05
|
12 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2024-09-05
|
12 | Christoph Neumann | Uploaded new revision |
2024-09-05
|
11 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-11.txt |
2024-09-05
|
11 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2024-09-05
|
11 | Christoph Neumann | Uploaded new revision |
2024-08-28
|
10 | Francesca Palombini | Changed action holders to Guillaume Bichot, Emile Stephan, Frédéric Fieau, Christoph Neumann (Waiting on authors to consider last of the AD feedback (reminder sent)) |
2024-08-17
|
10 | Murray Kucherawy | [Ballot comment] Thanks for fixing up my DISCUSS regarding Section 6. The only part of my earlier comment remaining is this one: The NOT RECOMMENDED … [Ballot comment] Thanks for fixing up my DISCUSS regarding Section 6. The only part of my earlier comment remaining is this one: The NOT RECOMMENDED in Section 4 is a reference to the one in Section 7. I suggest using different language for the first one, e.g., "See Section 7 for constraints regarding ..." I understand that the SECDIR review suggested this be included, but I think it's safer to have the actual normative statement in only one place and just refer to it from elsewhere rather than restating it. |
2024-08-17
|
10 | Murray Kucherawy | Ballot comment text updated for Murray Kucherawy |
2024-08-17
|
10 | Murray Kucherawy | [Ballot comment] Thanks for fixing up my DISCUSS regarding Section 6. The only part of my earlier comment remaining is this one: The NOT RECOMMENDED … [Ballot comment] Thanks for fixing up my DISCUSS regarding Section 6. The only part of my earlier comment remaining is this one: The NOT RECOMMENDED in Section 4 is a reference to the one in Section 7. I suggest using different language for the first one, e.g., "See Section 7 for constraints regarding ..." |
2024-08-17
|
10 | Murray Kucherawy | [Ballot Position Update] Position for Murray Kucherawy has been changed to No Objection from Discuss |
2024-08-16
|
10 | Paul Wouters | [Ballot comment] Thanks for addressing my concern. I have updated my ballot to "No Objection" |
2024-08-16
|
10 | Paul Wouters | [Ballot Position Update] Position for Paul Wouters has been changed to No Objection from Discuss |
2024-08-16
|
10 | (System) | Changed action holders to Francesca Palombini (IESG state changed) |
2024-08-16
|
10 | (System) | Sub state has been changed to AD Followup from Revised I-D Needed |
2024-08-16
|
10 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2024-08-16
|
10 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-10.txt |
2024-08-16
|
10 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2024-08-16
|
10 | Christoph Neumann | Uploaded new revision |
2024-08-08
|
09 | (System) | Changed action holders to Guillaume Bichot, Emile Stephan, Frédéric Fieau, Christoph Neumann (IESG state changed) |
2024-08-08
|
09 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2024-08-08
|
09 | Zaheduzzaman Sarker | [Ballot comment] Thanks for working on this specification. I will support Murray's discuss. |
2024-08-08
|
09 | Zaheduzzaman Sarker | [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker |
2024-08-07
|
09 | Murray Kucherawy | [Ballot discuss] Roman also asked about this in his comment but I think it needs DISCUSSion, and I expect it will be easy to sort … [Ballot discuss] Roman also asked about this in his comment but I think it needs DISCUSSion, and I expect it will be easy to sort out (or just remove): What are Sections 6.1 and 6.2 for? They don't appear to be related to the action described in Section 6, and I couldn't find any other related registry with these fields. |
2024-08-07
|
09 | Murray Kucherawy | [Ballot comment] I suggest combining the two SHOULDs in Section 3.2. They seem like they should be evaluated the same way, i.e., might you ever … [Ballot comment] I suggest combining the two SHOULDs in Section 3.2. They seem like they should be evaluated the same way, i.e., might you ever reasonably do what one says but not the other? Similarly, the NOT RECOMMENDED in Section 4 is a reference to the one in Section 7. I suggest using different language for the first one, e.g., "See Section 7 for constraints regarding ..." |
2024-08-07
|
09 | Murray Kucherawy | [Ballot Position Update] New position, Discuss, has been recorded for Murray Kucherawy |
2024-08-07
|
09 | Mahesh Jethanandani | [Ballot Position Update] New position, No Objection, has been recorded for Mahesh Jethanandani |
2024-08-07
|
09 | Paul Wouters | [Ballot discuss] One minor item to resolve: If despite this recommendation, the private key is communicated via the MI, the transported … [Ballot discuss] One minor item to resolve: If despite this recommendation, the private key is communicated via the MI, the transported private key MUST be encrypted within a JWE envelope using the encryption key (PrivateKeyEncryptionKey) provided within the FCI.DelegatedCredentials by the dCDN. Please add some language that states that the JWE encryption key MUST have a strength equal or larger than the private key it is encrypting for transport. |
2024-08-07
|
09 | Paul Wouters | [Ballot Position Update] New position, Discuss, has been recorded for Paul Wouters |
2024-08-04
|
09 | Orie Steele | [Ballot comment] # Orie Steele, ART AD, comments for draft-ietf-cdni-https-delegation-subcerts-09 CC @OR13 https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-cdni-https-delegation-subcerts-09.txt&submitcheck=True ## Comments ### key formats? ``` 153 Description: Base64-encoded … [Ballot comment] # Orie Steele, ART AD, comments for draft-ietf-cdni-https-delegation-subcerts-09 CC @OR13 https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-cdni-https-delegation-subcerts-09.txt&submitcheck=True ## Comments ### key formats? ``` 153 Description: Base64-encoded (as defined in Section 4 of 154 [RFC4648]) public key of the dCDN to be used by the uCDN to 155 encrypt private keys. ``` Base64 encoding implies a binary public key format. Are there any details which should be added regarding the public keys? EC Point compression? CBOR / COSE Key / JWK ? Is there a risk of interoperability issues based on "double encoding" ? ``` 267 If the private-key property is used, the transported private key MUST 268 be encrypted using the PrivateKeyEncryptionKey specified in 269 FCI.DelegatedCredentials. The base64 envelope format for this 270 property MUST use JWE [RFC7516], whereas the private key is included 271 as JWE Ciphertext in the JWE. ``` Same question here for private key formats. You might consider adding some references to media types for MUST support and MAY support key formats. Especially given the requirement to use JWE for encryption, because there exists the `content type` parameter. |
2024-08-04
|
09 | Orie Steele | [Ballot Position Update] New position, No Objection, has been recorded for Orie Steele |
2024-08-02
|
09 | (System) | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2024-07-31
|
09 | Roman Danyliw | [Ballot comment] Thank you to Mallory Knodel for the GENART review. ** Section 3.1. FCI.DelegatedCredentials. Per the PrivateKeyEncryptionKey that is Base64-encoded, how does one know … [Ballot comment] Thank you to Mallory Knodel for the GENART review. ** Section 3.1. FCI.DelegatedCredentials. Per the PrivateKeyEncryptionKey that is Base64-encoded, how does one know what type if public key it is (e.g., RSA? ECC?) ** Section 6.1 and 6.2. What role does this text play in any IANA registry action? Could the role of this text be clarified? |
2024-07-31
|
09 | Roman Danyliw | [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw |
2024-07-23
|
09 | Chris Lemmons | Added to session: IETF-120: cdni Tue-2000 |
2024-07-22
|
09 | Gunter Van de Velde | [Ballot comment] Gunter Van de Velde, RTG AD, comments for draft-ietf-cdni-https-delegation-subcerts-09 Please find https://www.ietf.org/blog/handling-iesg-ballot-positions/ documenting the handling of ballots. Please find for your convenience a … [Ballot comment] Gunter Van de Velde, RTG AD, comments for draft-ietf-cdni-https-delegation-subcerts-09 Please find https://www.ietf.org/blog/handling-iesg-ballot-positions/ documenting the handling of ballots. Please find for your convenience a few non-blocking review comments about this draft handling some textual enhancements. #DETAILED COMMENTS #================= ##classified as [minor] and [major] 74 Content delivery over HTTPS using one or more CDNs along the path 75 requires credential management. This specifically applies when an 76 entity delegates to another trusted entity delivery of content via 77 HTTPS. 79 This document defines the CDNI Metadata interface to setup HTTPS 80 delegation using delegated credentials (as defined by [RFC9345]) 81 between an upstream CDN (uCDN) and downstream CDN (dCDN). [minor] From a readability perspective, what about the following alternate textblob? " Content delivery over HTTPS utilizing one or more Content Delivery Networks (CDNs) along the delivery path necessitates the management of credentials. This requirement is particularly pertinent when an entity delegates the delivery of content via HTTPS to another trusted entity. This document specifies the CDNI Metadata interface for establishing HTTPS delegation through the use of delegated credentials, as defined in [RFC9345], between an upstream CDN (uCDN) and a downstream CDN (dCDN). " 101 in [RFC8008]. The FCI.Metadata object allows a dCDN to advertise its 102 capabilities and the Metadata interface (MI) objects supported by the 103 dCDN. Accordingly, to announce the support for delegated 104 credentials, the dCDN should announce the support of 105 MI.DelegatedCredentials as shown in the example below. [minor] From a readability perspective, what about the following alternate textblob: " The FCI.Metadata object enables a dCDN to communicate its capabilities and the Metadata Interface (MI) objects it supports. To indicate support for delegated credentials, the dCDN should announce the support for MI.DelegatedCredentials, as illustrated in the example below. " 124 This document also defines an object that announces to the delegating 125 entity how many delegated credentials the downstream supports such 126 that the delegating entity can provide the corresponding number of 127 delegated credentials. For that purpose we introduce the FCI object 128 FCI.DelegationCredentials. [minor] From a readability perspective, what about the following alternate textblob: " This document also defines an object that informs the delegating entity of the number of delegated credentials supported by the downstream entity, enabling the delegating entity to supply the appropriate number of delegated credentials. To this end, the FCI object, FCI.DelegationCredentials, is introduced. " Kind Regards, G/ |
2024-07-22
|
09 | Gunter Van de Velde | [Ballot Position Update] New position, No Objection, has been recorded for Gunter Van de Velde |
2024-07-22
|
09 | Jim Guichard | [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard |
2024-07-09
|
09 | Éric Vyncke | [Ballot comment] Thanks for the work done in this document. I have only one non-blocking COMMENT ## Section 3.2 The 2nd paragraph has a mix … [Ballot comment] Thanks for the work done in this document. I have only one non-blocking COMMENT ## Section 3.2 The 2nd paragraph has a mix of `may` and BCP14 `MAY`. Is it on purpose ? |
2024-07-09
|
09 | Éric Vyncke | [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke |
2024-07-07
|
09 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2024-07-03
|
09 | Jouni Korhonen | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Jouni Korhonen. Sent review to list. |
2024-07-01
|
09 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2024-07-01
|
09 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-09.txt |
2024-07-01
|
09 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2024-07-01
|
09 | Christoph Neumann | Uploaded new revision |
2024-06-26
|
08 | Jenny Bui | Placed on agenda for telechat - 2024-08-08 |
2024-06-26
|
08 | Mallory Knodel | Request for Last Call review by GENART Completed: Ready. Reviewer: Mallory Knodel. Sent review to list. |
2024-06-26
|
08 | Francesca Palombini | Ballot has been issued |
2024-06-26
|
08 | Francesca Palombini | [Ballot Position Update] New position, Yes, has been recorded for Francesca Palombini |
2024-06-26
|
08 | Francesca Palombini | Created "Approve" ballot |
2024-06-26
|
08 | Francesca Palombini | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead |
2024-06-25
|
08 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2024-06-24
|
08 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2024-06-24
|
08 | David Dong | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-ietf-cdni-https-delegation-subcerts-08. If any part of this review is inaccurate, please let us know. IANA … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-ietf-cdni-https-delegation-subcerts-08. If any part of this review is inaccurate, please let us know. IANA understands that, upon approval of this document, there is a single action which we must complete. In the CDNI Payload Types registry in the Content Delivery Network Interconnection (CDNI) Parameters registry group located at: https://www.iana.org/assignments/cdni-parameters/ two new registrations will be made as follows: Payload Type: MI.DelegatedCredentials Reference: [ RFC-to-be ] Payload Type: FCI.DelegatedCredentials Reference: [ RFC-to-be ] As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we have completed the required Expert Review via a separate request. We understand that this is the only action required to be completed upon approval of this document. NOTE: The action requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the action that will be performed. For definitions of IANA review states, please see: https://datatracker.ietf.org/help/state/draft/iana-review Thank you, David Dong IANA Services Sr. Specialist |
2024-06-22
|
08 | Carlos Pignataro | Request for Last Call review by OPSDIR is assigned to Jouni Korhonen |
2024-06-13
|
08 | David Dong | IANA Experts State changed to Expert Reviews OK |
2024-06-12
|
08 | Jean Mahoney | Request for Last Call review by GENART is assigned to Mallory Knodel |
2024-06-11
|
08 | Barry Leiba | Request for Last Call review by ARTART is assigned to Cullen Jennings |
2024-06-11
|
08 | Jenny Bui | IANA Review state changed to IANA - Review Needed |
2024-06-11
|
08 | Jenny Bui | The following Last Call announcement was sent out (ends 2024-06-25): From: The IESG To: IETF-Announce CC: cdni-chairs@ietf.org, cdni@ietf.org, draft-ietf-cdni-https-delegation-subcerts@ietf.org, francesca.palombini@ericsson.com, kevin.j.ma.ietf@gmail.com … The following Last Call announcement was sent out (ends 2024-06-25): From: The IESG To: IETF-Announce CC: cdni-chairs@ietf.org, cdni@ietf.org, draft-ietf-cdni-https-delegation-subcerts@ietf.org, francesca.palombini@ericsson.com, kevin.j.ma.ietf@gmail.com Reply-To: last-call@ietf.org Sender: Subject: Last Call: (CDNI Metadata for Delegated Credentials) to Proposed Standard The IESG has received a request from the Content Delivery Networks Interconnection WG (cdni) to consider the following document: - 'CDNI Metadata for Delegated Credentials' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2024-06-25. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The delivery of content over HTTPS involving multiple CDNs raises credential management issues. This document defines metadata in the CDNI Control and Metadata interface to setup HTTPS delegation using delegated credentials from an Upstream CDN (uCDN) to a Downstream CDN (dCDN). The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-cdni-https-delegation-subcerts/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc7337: Content Distribution Network Interconnection (CDNI) Requirements (Informational - Internet Engineering Task Force (IETF)) |
2024-06-11
|
08 | Jenny Bui | IESG state changed to In Last Call from Last Call Requested |
2024-06-11
|
08 | Francesca Palombini | Last call was requested |
2024-06-11
|
08 | Francesca Palombini | Last call announcement was generated |
2024-06-11
|
08 | Francesca Palombini | Ballot approval text was generated |
2024-06-11
|
08 | Francesca Palombini | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2024-06-11
|
08 | (System) | Changed action holders to Francesca Palombini (IESG state changed) |
2024-06-11
|
08 | (System) | Sub state has been changed to AD Followup from Revised I-D Needed |
2024-06-11
|
08 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-08.txt |
2024-06-11
|
08 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2024-06-11
|
08 | Christoph Neumann | Uploaded new revision |
2024-05-21
|
07 | Francesca Palombini | Ad review submitted: https://mailarchive.ietf.org/arch/msg/cdni/YoIgbuG0A4IGIoMPSs2y_TluJXY/ |
2024-05-21
|
07 | (System) | Changed action holders to Francesca Palombini, Frédéric Fieau, Emile Stephan, Guillaume Bichot, Christoph Neumann (IESG state changed) |
2024-05-21
|
07 | Francesca Palombini | IESG state changed to AD Evaluation::Revised I-D Needed from Publication Requested |
2024-05-21
|
07 | Francesca Palombini | Ballot writeup was changed |
2024-05-18
|
07 | Kevin Ma | Document Shepherd: Kevin J. Ma Responsible AD: Francesca Palombini This draft defines/registers a CDNI Metadata object to enable credential delegation between an upstream and a … Document Shepherd: Kevin J. Ma Responsible AD: Francesca Palombini This draft defines/registers a CDNI Metadata object to enable credential delegation between an upstream and a downstream CDN. The CDNI Metadata Interface (RFC8006) and Footprint and Capabilities Interface (RFC8008) were designed to be extensible and registries are defined for new metadata and capabilities objects to which the DelegatedCredentials objects are being added. The content of draft-cdni-https-delegation-subcerts has broad concensus within the WG. The content was originally part of the HTTP delegation draft that was split into two separate drafts, the other having been recently published as RFC9538. The original draft was created seven years ago, but had to wait for the underlying protocols (i.e., RFC9345 and RFC9115) to solidify. The draft was split to decouple those waiting periods. There were no major controversies. CDNI is not chartered to create security protocols, its only goal is to communicate the necessary metadata between CDNs to enable existing security protocols to work properly across CDNs. Much of the discussion was around making sure that the draft is only using the constructs provided by RFC9345 and not creating any additional interfaces or security constructs. Special attention was paid to the security section, to clarify proper usage of the metadata. The one major concern was the inclusion of support for an in-band private key. The chairs requested an early SECDIR review for the private key issue. Mike Ounsworth provided valuable (and much appreciated) feedback on protecting the private key. Though use of the private key is NOT RECOMMENDED, for those that choose to use it, JWE encapsulation is now required, to keep it secure. Having reviewed the document, I feel it is clear, complete, correct, and ready for AD handoff. There are no idnits, downrefs, or pending normative references. The draft is being submitted as a proposed standard as it extends the capabilities of proposed standard RFC8006 and RFC8008. The authors have confirmed that there is no undisclosed IPR to their knowledge. Though authors do have implementations for RFC9345, they have not yet implemented this draft. The normative references are all freely available and normative. There are no downrefs or unpublished RFC references. Publication of this draft does not change the status of any other RFCs. The draft does not create any new IANA registries but does register a new CDNI payload type. I am one of the designated experts for the registry and I have reviewed the draft, json object definition, and IANA registration request. I have no major concerns, but I have requested additional JSON examples (using the optional fields) for clarity and completeness. |
2024-05-18
|
07 | Kevin Ma | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2024-05-18
|
07 | Kevin Ma | IESG state changed to Publication Requested from I-D Exists |
2024-05-18
|
07 | (System) | Changed action holders to Francesca Palombini (IESG state changed) |
2024-05-18
|
07 | Kevin Ma | Responsible AD changed to Francesca Palombini |
2024-05-18
|
07 | Kevin Ma | Document is now in IESG state Publication Requested |
2024-05-18
|
07 | Kevin Ma | Document Shepherd: Kevin J. Ma Responsible AD: Francesca Palombini This draft defines/registers a CDNI Metadata object to enable credential delegation between an upstream and a … Document Shepherd: Kevin J. Ma Responsible AD: Francesca Palombini This draft defines/registers a CDNI Metadata object to enable credential delegation between an upstream and a downstream CDN. The CDNI Metadata Interface (RFC8006) and Footprint and Capabilities Interface (RFC8008) were designed to be extensible and registries are defined for new metadata and capabilities objects to which the DelegatedCredentials objects are being added. The content of draft-cdni-https-delegation-subcerts has broad concensus within the WG. The content was originally part of the HTTP delegation draft that was split into two separate drafts, the other having been recently published as RFC9538. The original draft was created seven years ago, but had to wait for the underlying protocols (i.e., RFC9345 and RFC9115) to solidify. The draft was split to decouple those waiting periods. There were no major controversies. CDNI is not chartered to create security protocols, its only goal is to communicate the necessary metadata between CDNs to enable existing security protocols to work properly across CDNs. Much of the discussion was around making sure that the draft is only using the constructs provided by RFC9345 and not creating any additional interfaces or security constructs. Special attention was paid to the security section, to clarify proper usage of the metadata. The one major concern was the inclusion of support for an in-band private key. The chairs requested an early SECDIR review for the private key issue. Mike Ounsworth provided valuable (and much appreciated) feedback on protecting the private key. Though use of the private key is NOT RECOMMENDED, for those that choose to use it, JWE encapsulation is now required, to keep it secure. Having reviewed the document, I feel it is clear, complete, correct, and ready for AD handoff. There are no idnits, downrefs, or pending normative references. The draft is being submitted as a proposed standard as it extends the capabilities of proposed standard RFC8006 and RFC8008. The authors have confirmed that there is no undisclosed IPR to their knowledge. Though authors do have implementations for RFC9345, they have not yet implemented this draft. The normative references are all freely available and normative. There are no downrefs or unpublished RFC references. Publication of this draft does not change the status of any other RFCs. The draft does not create any new IANA registries but does register a new CDNI payload type. I am one of the designated experts for the registry and I have reviewed the draft, json object definition, and IANA registration request. I have no major concerns, but I have requested additional JSON examples (using the optional fields) for clarity and completeness. |
2024-05-06
|
07 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-07.txt |
2024-05-06
|
07 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2024-05-06
|
07 | Christoph Neumann | Uploaded new revision |
2024-04-07
|
06 | Kevin Ma | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2024-03-10
|
06 | Kevin Ma | Changed consensus to Yes from Unknown |
2024-03-10
|
06 | Kevin Ma | Intended Status changed to Proposed Standard from None |
2024-03-10
|
06 | Kevin Ma | Notification list changed to kevin.j.ma.ietf@gmail.com because the document shepherd was set |
2024-03-10
|
06 | Kevin Ma | Document shepherd changed to Kevin J. Ma |
2024-03-10
|
06 | Kevin Ma | IETF WG state changed to In WG Last Call from WG Document |
2024-03-01
|
06 | Mike Ounsworth | Request for Early review by SECDIR Completed: Ready. Reviewer: Mike Ounsworth. Review has been revised by Mike Ounsworth. |
2024-02-19
|
06 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-06.txt |
2024-02-19
|
06 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2024-02-19
|
06 | Christoph Neumann | Uploaded new revision |
2024-01-02
|
05 | Mike Ounsworth | Request for Early review by SECDIR Completed: Has Nits. Reviewer: Mike Ounsworth. Review has been revised by Mike Ounsworth. |
2023-10-05
|
05 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-05.txt |
2023-10-05
|
05 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2023-10-05
|
05 | Christoph Neumann | Uploaded new revision |
2023-09-06
|
04 | Mike Ounsworth | Request for Early review by SECDIR Completed: Not Ready. Reviewer: Mike Ounsworth. Sent review to list. Submission of review completed at an earlier date. |
2023-09-06
|
04 | Mike Ounsworth | Request for Early review by SECDIR Completed: Not Ready. Reviewer: Mike Ounsworth. |
2023-08-26
|
04 | Tero Kivinen | Request for Early review by SECDIR is assigned to Mike Ounsworth |
2023-08-19
|
04 | Kevin Ma | Requested Early review by SECDIR |
2023-08-17
|
04 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-04.txt |
2023-08-17
|
04 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2023-08-17
|
04 | Christoph Neumann | Uploaded new revision |
2023-05-04
|
03 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-03.txt |
2023-05-04
|
03 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2023-05-04
|
03 | Christoph Neumann | Uploaded new revision |
2023-03-24
|
02 | Sanjay Mishra | Added to session: IETF-116: cdni Mon-0400 |
2023-03-07
|
02 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-02.txt |
2023-03-07
|
02 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2023-03-07
|
02 | Christoph Neumann | Uploaded new revision |
2022-12-07
|
01 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-01.txt |
2022-12-07
|
01 | Christoph Neumann | New version accepted (logged-in submitter: Christoph Neumann) |
2022-12-07
|
01 | Christoph Neumann | Uploaded new revision |
2022-07-09
|
00 | Kevin Ma | This document now replaces draft-cdni-https-delegation-subcerts instead of None |
2022-07-09
|
00 | Christoph Neumann | New version available: draft-ietf-cdni-https-delegation-subcerts-00.txt |
2022-07-09
|
00 | Kevin Ma | WG -00 approved |
2022-07-08
|
00 | Christoph Neumann | Set submitter to "Christoph Neumann ", replaces to draft-cdni-https-delegation-subcerts and sent approval email to group chairs: cdni-chairs@ietf.org |
2022-07-08
|
00 | Christoph Neumann | Uploaded new revision |