Last Call Review of draft-ietf-cdni-metadata-18
review-ietf-cdni-metadata-18-secdir-lc-zhang-2016-06-30-00
Request | Review of | draft-ietf-cdni-metadata |
---|---|---|
Requested revision | No specific revision (document currently at 21) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2016-06-27 | |
Requested | 2016-06-17 | |
Authors | Ben Niven-Jenkins , Rob Murray , Matt Caulfield , Kevin J. Ma | |
I-D last updated | 2016-06-30 | |
Completed reviews |
Genart Last Call review of -18
by Meral Shirazipour
(diff)
Genart Last Call review of -19 by Meral Shirazipour (diff) Secdir Last Call review of -18 by Dacheng Zhang (diff) Opsdir Last Call review of -15 by Sheng Jiang (diff) |
|
Assignment | Reviewer | Dacheng Zhang |
State | Completed | |
Request | Last Call review on draft-ietf-cdni-metadata by Security Area Directorate Assigned | |
Reviewed revision | 18 (document currently at 21) | |
Result | Has issues | |
Completed | 2016-06-30 |
review-ietf-cdni-metadata-18-secdir-lc-zhang-2016-06-30-00
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines the CDNI metadata interface which enables a CDN to obtain CDNI metadata from another one. There are some issues which should be further discussed before publishing the memo. 1. The title of Section 8.1 is Authentication, but the contents are all about unauthorized access to metadata. Maybe you could say something like ‘if an attacker can impersonate a legal CDN without being detected, it is able to…’ 2. There is a big overlap between section 8.2, Confidentiality and section 8.4, Privacy. I suggest to merge these two sections. 3.In section 8.3, you mentioned, ” An implementation of the CDNI metadata interface MUST use strong encryption and mutual authentication to prevent undetectable modification of metadata (see Section 8.5).” Normally, when discussing about integrity protection, we prefer to use MAC rather than encryption. 4. In section 8.5, there is a statement about using TLS to provide authorization. I don’t think TLS can decide which meta-data can be sent/processed by a CDN. 5. In section 4.2.1.1, it is sated that by default no authentication needs to be provided when requesting content from a source. Do you assume the source will work in a secure environment?