Last Call Review of draft-ietf-cdni-control-triggers-11
review-ietf-cdni-control-triggers-11-secdir-lc-roca-2016-01-07-00
| Request | Review of | draft-ietf-cdni-control-triggers |
|---|---|---|
| Requested revision | No specific revision (document currently at 15) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2016-01-05 | |
| Requested | 2015-12-10 | |
| Authors | Rob Murray , Ben Niven-Jenkins | |
| I-D last updated | 2016-01-07 | |
| Completed reviews |
Genart Last Call review of -11
by Roni Even
(diff)
Secdir Last Call review of -11 by Vincent Roca (diff) |
|
| Assignment | Reviewer | Vincent Roca |
| State | Completed | |
| Request | Last Call review on draft-ietf-cdni-control-triggers by Security Area Directorate Assigned | |
| Reviewed revision | 11 (document currently at 15) | |
| Result | Has issues | |
| Completed | 2016-01-07 |
review-ietf-cdni-control-triggers-11-secdir-lc-roca-2016-01-07-00
Hello, I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: not totally ready There are several topics I’d like to discuss: 1- Concerning the use of TLS to carry CI/T traffic, I see it is mandatory to implement, but still optional to use (1st sentence of Section 8.1). Is it still reasonable in current Internet? At a minimum I would expect a « MUST support » / « SHOULD use ». 2- Section 8.1, please check the paragraph « Note that in a « diamond » configuration […] ». This paragraph is rather confusing to me. Confusion comes from: - the lack of description of the « diamond configuration ». I understand there is one dCDN on top and multiple uCDN directly connected below, am I right? - the notion of « content acquired from a uCDN ». If I understand correctly, it means « content that has been acquired after a uCDN request to do so ». I initially thought there were some mistakes in the use of uCDN / dCDN… 3- With this « diamond configuration », since several uCDN can act upon the same content, what happens if they behave in a non coordinated manner (i.e., in the general case)? For instance let’s imagine one of them asks the dCDN to delete the content or cancel the initial command. What happens if another uCDN then asks the dCDN to invalidate this content, providing the URL of the Trigger Status Resource which (if I understand correctly) is no longer valid? This « diamond configuration » can be a little bit tricky and no clear guideline is provided in the document. 4- Concerning privacy aspects, I would be much more cautious than the authors. For instance, I wouldn't claim "there are no privacy concerns for End Users" because the CI/T protocol does not carry information about individual End Users (section 8.3). The dCDN knows that there are users interested (or at the opposite no user interested) by a certain content in the region served by a uCDN. Therefore, the protocol only provides k-anonymity, where k is the number of End Users in the region. Depending on the content sensitivity and k value, this k-anonymity may still raise privacy issues, even if the individual End User activity logs are not available to the dCDN (I assume TLS is used to prevent eavesdropping…). Typo: ** Section 8.3: « ... prevents parties other party..." Cheers, Vincent Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail