IETF Logo Mail Archive

[apps-discuss] Review of draft-ietf-cdni-problem-statement-04

"Vijay K. Gurbani" <vkg@bell-labs.com> Mon, 16 April 2012 15:39 UTC

Return-Path: <vkg@bell-labs.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0646A21F863E for <apps-discuss@ietfa.amsl.com>; Mon, 16 Apr 2012 08:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.099
X-Spam-Level:
X-Spam-Status: No, score=-109.099 tagged_above=-999 required=5 tests=[AWL=1.500, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x7CVhXxy4u78 for <apps-discuss@ietfa.amsl.com>; Mon, 16 Apr 2012 08:39:11 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by ietfa.amsl.com (Postfix) with ESMTP id D098021F84D0 for <apps-discuss@ietf.org>; Mon, 16 Apr 2012 08:39:10 -0700 (PDT)
Received: from usnavsmail1.ndc.alcatel-lucent.com (usnavsmail1.ndc.alcatel-lucent.com [135.3.39.9]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id q3GFd98V008955 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 16 Apr 2012 10:39:09 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail1.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q3GFd9Ww017953 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 16 Apr 2012 10:39:09 -0500
Received: from shoonya.ih.lucent.com (shoonya.ih.lucent.com [135.185.238.235]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q3GFd8uJ018291; Mon, 16 Apr 2012 10:39:09 -0500 (CDT)
Message-ID: <4F8C3E49.5030100@bell-labs.com>
Date: Mon, 16 Apr 2012 10:44:09 -0500
From: "Vijay K. Gurbani" <vkg@bell-labs.com>
Organization: Bell Laboratories, Alcatel-Lucent
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120329 Thunderbird/11.0.1
MIME-Version: 1.0
To: draft-ietf-cdni-problem-statement@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.9
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: [apps-discuss] Review of draft-ietf-cdni-problem-statement-04
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2012 15:39:12 -0000

I have been selected as the Applications Area Directorate reviewer for
this draft (for background on appsdir, please see
http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate).

Please resolve these comments along with any other Last Call comments
you may receive. Please wait for direction from your document shepherd
or AD before posting a new version of the draft.

Document: draft-ietf-cdni-problem-statement-04
Title: Content Distribution Network Interconnection (CDNI) Problem
        Statement
Reviewer: Vijay K. Gurbani
Review Date: Apr-16-2012
IETF Last Call Date: Not known
IESG Telechat Date: Not known

Summary: This draft is ready for publication as an Informational.

Major Issues: 1
Minor Issues: 5
Nits:         4

Major Issues:
- S6: I believe that expanding the security considerations for each
  CDNI interface will help in the long run.  Here is a first stab at
  this that you may want to consider replacing the second paragraph
  with (please feel free to expand this since you are the subject
  matter experts here).  Suggested text:

  6.1 Security of the CDNI Request Routing Interface

    Appropriate levels of authentication and confidentiality must be
    used in this interface because it allows an upstream CDN to
    query capabilities of a downstream CDN, and conversely, allows
    the downstream CDN to control the upstream CDN's Request Routing
    function.

    Absent appropriate security on this interface, a rogue upstream
    CDN can inundate downstream CDNs with bogus requests, or have the
    downstream CDN send the rogue upstream CDN private information
   (e.g., load, resources).

  6.2 Security of the CDNI Control Interface

    Information on this interface is of a very private nature as well.
    A pair of CDNs use this interface to allow bootstrapping of content
    acquisition; an upstream CDN may pre-position content in a downstream
    CDN, or it may purge the contents at a downstream CDN; a downstream
    CDN may provide administrative information to an upstream CDN, etc.
    All of these operations require that the peer CDNs are appropriately
    authenticated and that the confidentiality of information flowing
    between them is maintained.

  6.3 Security of the CDNI Metadata Interface

    Because this interface allows a downstream CDN to request metadata
    from an upstream CDN, the latter must ensure that the former is
    appropriately authenticated before sending the data.  Conversely,
    a downstream CDN must authenticate an upstream CDN before requesting
    metadata to insulate itself from poisoning by rouge upstream CDNs.
    The confidentiality of the information exchanged between the peers
    must be protected.

  6.4 Security of the CDNI Logging Interface

    Logging data consists of potentially sensitive information (which
    user accesses which media resource, IP addresses of users, potential
    names and subscriber account information, etc.)  This information
    must be protected as the log records are moved between hosts.

Minor Issues:

- S1: Your problem statement essentially is an interplay between
  four logical entities: end user, CSP, CDN, and NSP.  I think this
  interplay needs to be laid out a bit more explicitly.  It seems to me
  that your model is that a user is subscribed to a CSP.   The CSP has
  arrangements with various CDN providers to distribute content.  The
  user, at a certain point in time, is in a network owned by a NSP that
  uses a CDN that does not have receive content from CSP.  Thus CSP is
  at a disadvantage since it will have to serve the user from a CDN that
  is not necessarily close to the user, thereby introducing a reduced
  quality of experience for the user.

  What CDNI does is enable the CSP to contract with an "authoritative"
  CDN provider for the delivery of content and that that
  authoritative CDN Provider could contract with one or more downstream
  CDN Provider(s) to distribute and deliver some or all of the content
  on behalf of the authoritative CDN Provider.  Because the downstream
  CDN Provider(s) will be closer to the user, the user is subjected to
  a better viewing experience than he or she would be had the content
  been delivered from a farther CDN.

  I think that laying out the interplay between the four entities in
  the second paragraph of S1 more explicitly may provide better context
  to the reader who is not already well versed with CDNs.

- S1: I would advise to order the terms defined by an alphabetical
  order (if possible).

- S3, last paragraph: The term "where to go" is rather ambiguous.
  Do you mean, "which upstream CDN to acquire content from"?  Or
  something else?  It will help to make this more explicit.

- S4, last paragraph: it is stated that "we assume that this [developing
  a new protocol] is unnecessary".  Based on the contents of S4.1-
  S4.4, I believe you do more than "assume".  You clearly enunciate a
  list of protocols that can be used for the various interfaces, thus
  providing a first order reasoning for why a new protocol for CDNI
  is not needed.

  Therefore, I would exhort you to use a stronger word than "assume";
  something like:

    Secondly, although a new application protocol could be designed
    specifically for CDNI, our analysis below shows that this is
    unnecessary ...

- S4.3: Are these "log lines" or "log records"?  Presumably, one or
  more lines will aggregate to one log record.  It seems appropriate
  in this document to talk about "log records" instead of "log lines".
  The CDNI logging interface draft can tease out more precisely how
  many lines comprise a record, etc.

  Secure ftp and secure copying (scp) appears to be missing in the list
  of protocols.  I would suspect that sftp would be preferred over
  normal ftp.

Nits:

- Global: In the Abstract and S1, "End Users" is employed multiple
  times.  End Users is defined in the Terminology section as a
  definition.  I would propose that attach the acronym "EU" on
  the first encounter of "End User" in the Abstract and S1,
  and from then on simply use "EU".

- S1, second paragraph: "attachment network" sounds incomplete.
  Maybe you meant "attachment to the network"?

- S3: s/existing protocols: this is/existing protocols; this is/

- S4.1, last paragraph: May be good to give a reference to ALTO.

Thanks,

- vijay
-- 
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA)
Email: vkg@{bell-labs.com,acm.org} / vijay.gurbani@alcatel-lucent.com
Web:   http://ect.bell-labs.com/who/vkg/

v2.23.0 | Report a Bug | By Email