Last Call Review of draft-ietf-alto-cdni-request-routing-alto-16
review-ietf-alto-cdni-request-routing-alto-16-artart-lc-fossati-2021-08-27-00

# Abstract

I suggest to slightly increase the precision:

OLD
   [...] This document defines an FCI
   protocol using the Application-Layer Traffic Optimization (ALTO)
   protocol, following the guidelines defined in RFC 8008.

NEW
   [...] This document defines a new Application-Layer Traffic
   Optimization (ALTO) service called "CDNI Advertisement Service" that
   provides an implementation of the FCI, following the guidelines
   defined in RFC 8008.

# Section 2.1

While, in general, I have found the introduction and background section to
contain very clear and valuable information about context, rationale and
high level requirements and features, I am having some trouble parsing
this bit:

      [...] Multiple
      footprint constraints are additive, i.e., the advertisement of
      different types of footprint narrows the dCDN candidacy
      cumulatively.

Maybe it's just me, but I'd have appreciated if you could unpack this a
little.

# Section 2.2

For identification it's not the integrity property of signatures that
you care about but origin authentication:

OLD 
   o  Security: The identification between uCDNs and dCDNs is an
      important requirement.  ALTO maps can be signed and hence provide
      inherent integrity protection.  Please see Section 8.

NEW 
   o  Security: The identification between uCDNs and dCDNs is an
      important requirement.  ALTO maps can be signed and hence provide
      inherent origin authentication.  Please see Section 8.

It is not clear to a newcomer why a RESTful design is listed as one of
the criteria for choosing ALTO.  Please be more specific about the
advantages.  E.g., it's a good fit with the rest of the CDNI suite and
therefore reduces the cognitive dissonance for users and developers
alike?  It allows at least some level of code reuse?  

Typo:

OLD
      [...] A CDNI FCI interface based on ALTO
      would inherit this this extensive error-handling framework.

NEW
      [...] A CDNI FCI interface based on ALTO
      would inherit this extensive error-handling framework.

At this point in the document it may not be necessarily evident what
"the new endpoint property for ALTO" is -- at least to a newcomer.  I
suggest sticking a reference to I-D.ietf-alto-unified-props-new when
the term is first introduced.

# Section 3

I suggest adding a note regarding I-JSON (as per RFC 8008).

# Section 3.1

Is this the only CDNI interface envisaged in ALTO?  If the answer is
either "no" or "I don't know", it's probably better being more specific
WRT the name choice of the media type -- e.g.,
"application/alto-cdni-advertisement+json"?

# Section 3.2

Is there any specific recommendation regarding caching of these
resources?

# Section 3.5

   The "uses" field SHOULD NOT appear unless the CDNI Advertisement
   resource depends on other ALTO information resources

If the semantic of uses is not defined without an explicit resource
dependency why should you allow that?  I.e., why is this not a MUST NOT
rather than just a SHOULD NOT?

# Section 3.6

Expand IRD.  Maybe a better place to introduce the acronym is in Section
3.

What is the semantics of a CDNIAdvertisementData with empty
capabilities-with-footprints?  (I suggest you provide a one-liner that
presents the context in which that would be meaningful.)

What is the semantics of ""global" coverage"?  Is it what is
contractually (i.e., OOB) defined for the dCDN?

This text:
   To be self-contained, below is a non-normative specification of
   BaseAdvertisementObject.

I don't understand the "non-normative" bit: isn't this normatively
describing the syntax that implements the semantics defined in the CDNI
doc?

I am having a hard time parsing this text:

   Note: Further optimization of BaseAdvertisement objects to
   effectively provide the advertisement of capabilities with footprint
   restrictions is certainly possible. 

what optimisation are hinted here?  And what is their relation with the
examples?  Are those associated with the use of altopid?  If so, you
should consider adding a forward reference to section 4.1 here.

# Section 3.7.3

Typo:

OLD
  due to maintenance of the https/1.1 clusters

NEW
  due to maintenance of the http/1.1 clusters

# Section 3.7.3

At the end of:

   A benefit of using ALTO to provide CDNI Advertisement resources is
   that such resources can be updated using ALTO incremental updates

maybe add a reference to RFC8895 (also, I think RFC8895 should be
normatively referenced rather than just informatively?)

There seems to be a typo in the example:

OLD
    data:     "capabilities": [
    data:       {
    data:         "capability-type": "FCI.DeliveryProtocol",

NEW
    data:     "capabilities-with-footprints": [
    data:       {
    data:         "capability-type": "FCI.DeliveryProtocol",


# Section 5.3

The definition:

  [CDNIFCICapability cdni-capabilities<0..*>;]

looks a bit odd.  I'd have thought one of

  CDNIFCICapability cdni-capabilities<0..*>;

or

  [CDNIFCICapability cdni-capabilities<1..*>;]

would give the client all it needs to say: "give me the full resource".


Typo:

OLD
    cdni-fci-capabilities:  A list of CDNI capabilities defined in

NEW
    cdni-capabilities:  A list of CDNI capabilities defined in


# Section 5.6

Maybe put the conditional clause first:

OLD
   The response MUST indicate an error, using ALTO protocol error
   handling specified in Section 8.5 of the ALTO protocol [RFC7285], if
   the request is invalid.

NEW
   If the request is invalid, the response MUST indicate an error
   using the ALTO protocol error handling specified in Section 8.5
   of [RFC7285].


   [...] a filtered CDNI Advertisement request is invalid if:

      o  the value of "capability-type" is null;

      o  the value of "capability-value" is null;

What if one of capability-type or capability-value is missing?  What if
one of them is the empty value for the type or if any mandatory fields
are missing?  What if the value in "capability-type" is not known?  It'd
seem to me that the conditions that can make a request invalid can be
many more than those currently listed.  And in general I'd leave the
decision to the server.

Typo (same as above):

OLD
   superset of one of CDNI capability object in "cdni-fci-capabilities".

NEW
   superset of one of CDNI capability object in "cdni-capabilities".

# Section 5.7.3

(also in Sections 6.3.2 and 6.3.3)

Typo:

OLD
    HOST: alto.example.com

NEW
    Host: alto.example.com


# Section 6.1

   o  According to [I-D.ietf-alto-unified-props-new], "ipv4" and "ipv6"
      are two predefined entity domain types, which can be used to
      represent "ipv4cidr" and "ipv6cidr" footprints respectively.

AFAIU, for both ipv4 and ipv6, unified-props-new makes an encoding
distinction between individual and hierarchical addresses.  However,
ipv4cidr and ipv6cidr are always encoded as CIDR blocks, so the mapping
is not perfect and need a small adjustment (e.g., 192.0.2.1 =>
192.0.2.1/32).  Maybe this is worth noting?

# Section 7.1

The alignment in Table 1 is quite atrocious :-)  Also, in the
Specification column rather than just "Section N", consider using
"Section N of RFCthis" -- same as you do in Table 2 and 3.

# Section 7.2

OLD
   As proposed in Section 7.2 of [RFC8006], "CDNI Metadata Footprint
   Types" registry is requested.  A new footprint type is to be
   registered, listed in Table 2.

NEW
   IANA is requested to add the footprint type "altopid" described
   in Table 2 to the "CDNI Metadata Footprint Types" registry.

# Section 7.3

OLD
   As proposed in Section 11.2 of [I-D.ietf-alto-unified-props-new],
   "ALTO Entity Domain Type Registry" is requested.  Two new entity
   domain types are to be registered, listed in Table 3.

NEW
   IANA is requested to add the entity domain types "asn" and
   "countrycode" described in Table 3 to the "ALTO Entity Domain Type"
   registry.

Also, please fix the alignment of the "Entity Address Encoding" column
in Table 3.

# Section 7.4

OLD
   As proposed in Section 11.3 of [I-D.ietf-alto-unified-props-new],
   "ALTO Entity Property Type Registry" is required.  A new entity
   property type is to be registered, listed in Table 4.

NEW
   IANA is requested to add the identifier "cdni-capabilities" 
   described in Table 4 to the "ALTO Entity Property Type" registry.

# Section 8

OLD
   Although protection strategies as described in Section 15 of
   [RFC7285] should be applied to address aforementioned security
   considerations, [...]

NEW
   Although protection strategies as described in Section 15 of
   [RFC7285] should be applied to address aforementioned security
   and privacy considerations, [...]