IETF ALTO Interim #5

ALTO Interim #5, May 30, 2023
Chairs: Mohamed Boucadair & Qin Wu

Chair starting remarks

Towards a trusted-enhanced ALTO: Ayoub Messous

[RY] Multiple servers available for downloading content. Can be very
useful to know trust.

[AM] Trust is subjective. Different providers will have different
interpretation. Our goal is to provide a standard way.

[LC] Server can provide such info, should we protect client from
server tracking the information queried by client?

[AM] Privacy definitely relevant. Possibility to use third party to
anonimize.

[SR] Can you trust a client? How secure and robust is the path?

[AM] You are welcome to join us in this discussion

[JR] In scope to define trust itself?

[AM] Need to connect with other groups IPPM

[RY] ALTO owns info and can distribute to clients

[QW] How does this trust info relate to identity management, should it
integrate into ALTO or separate.

[QW] Check how trust info should work with RATS and other WGs that are
related.

Security Aspects Regarding ALTO (Luis Contreras)

Network:

Data/Sources:

PID identifiers:

Interaction with client:

Information privacy:

Proposal for action:

Overview general security considerations raised in previous RFCs
Document new security considerations

[QW] Need to look for balance between security attributes and network
performance.