Skip to main content

Last Call Review of draft-ietf-cdni-control-triggers-11

Request Review of draft-ietf-cdni-control-triggers
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-01-05
Requested 2015-12-10
Authors Rob Murray , Ben Niven-Jenkins
I-D last updated 2016-01-07
Completed reviews Genart Last Call review of -11 by Roni Even (diff)
Secdir Last Call review of -11 by Vincent Roca (diff)
Assignment Reviewer Vincent Roca
State Completed
Request Last Call review on draft-ietf-cdni-control-triggers by Security Area Directorate Assigned
Reviewed revision 11 (document currently at 15)
Result Has issues
Completed 2016-01-07

I have reviewed this document as part of the security directorate’s ongoing

effort to review all IETF documents being processed by the IESG. These

comments were written primarily for the benefit of the security area

directors.  Document editors and WG chairs should treat these comments just

like any other last call comments.


not totally ready

There are several topics I’d like to discuss:

1- Concerning the use of TLS to carry CI/T traffic, I see it is mandatory to
implement, but still optional to use (1st sentence of Section 8.1). Is it still
reasonable in current Internet? At a minimum I would expect a « MUST support »
/ « SHOULD use ».

2- Section 8.1, please check the paragraph « Note that in a « diamond »
configuration […] ». This paragraph is rather confusing to me. Confusion comes

  - the lack of description of the « diamond configuration ». I understand
  there is one dCDN on top and multiple uCDN directly connected below, am I

  - the notion of « content acquired from a uCDN ». If I understand correctly,
  it means « content that has been acquired after a uCDN request to do so ». I
  initially thought there were some mistakes in the use of uCDN / dCDN…

3- With this « diamond configuration », since several uCDN can act upon the
same content, what happens if they behave in a non coordinated manner (i.e., in
the general case)? For instance let’s imagine one of them asks the dCDN to
delete the content or cancel the initial command. What happens if another uCDN
then asks the dCDN to invalidate this content, providing the URL of the Trigger
Status Resource which (if I understand correctly) is no longer valid? This
« diamond configuration » can be a little bit tricky and no clear guideline is
provided in the document.

4- Concerning privacy aspects, I would be much more cautious than the authors.
For instance, I wouldn't claim "there are no privacy concerns for End Users"
because the CI/T protocol does not carry information about individual End Users
(section 8.3). The dCDN knows that there are users interested (or at the
opposite no user interested) by a certain content in the region served by a
uCDN. Therefore, the protocol only provides k-anonymity, where k is the number
of End Users in the region. Depending on the content sensitivity and k value,
this k-anonymity may still raise privacy issues, even if the individual End
User activity logs are not available to the dCDN (I assume TLS is used to
prevent eavesdropping…).


** Section 8.3: « ... prevents parties other party..."






 Message signed with OpenPGP using GPGMail