Last Call Review of draft-ietf-cdni-metadata-18
review-ietf-cdni-metadata-18-secdir-lc-zhang-2016-06-30-00

Hi,

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written
 primarily for the benefit of the security area directors. Document editors and
 WG chairs should treat these comments just like any other last call comments.

This document defines the CDNI metadata interface which enables a CDN to obtain
CDNI metadata
 from another one.

There are some issues which should be further discussed before publishing the
memo.

1. The title of Section 8.1 is Authentication, but the contents are all about
unauthorized access to metadata. Maybe you could say something like ‘if an
attacker can impersonate a legal
 CDN without being detected, it is able to…’

2. There is a big overlap between section 8.2, Confidentiality and section 8.4,
Privacy. I suggest to merge these two sections.

3.In section 8.3, you mentioned, ” An implementation of the CDNI metadata
interface MUST use strong encryption and mutual authentication to prevent
undetectable modification
 of metadata (see Section 8.5).” Normally, when discussing about integrity
 protection, we prefer to use MAC rather than encryption.

4. In section 8.5, there is a statement about using TLS to provide
authorization. I don’t think TLS can decide which meta-data can be
sent/processed by a CDN.

5. In section 4.2.1.1, it is sated that by default no authentication needs to
be provided when requesting content from a source. Do you assume the source
will work in a secure
 environment?