[apps-discuss] Review of draft-ietf-cdni-problem-statement-04
"Vijay K. Gurbani" <vkg@bell-labs.com> Mon, 16 April 2012 15:39 UTC
Return-Path: <vkg@bell-labs.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0646A21F863E for <apps-discuss@ietfa.amsl.com>; Mon, 16 Apr 2012 08:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.099
X-Spam-Level:
X-Spam-Status: No, score=-109.099 tagged_above=-999 required=5 tests=[AWL=1.500, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x7CVhXxy4u78 for <apps-discuss@ietfa.amsl.com>; Mon, 16 Apr 2012 08:39:11 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by ietfa.amsl.com (Postfix) with ESMTP id D098021F84D0 for <apps-discuss@ietf.org>; Mon, 16 Apr 2012 08:39:10 -0700 (PDT)
Received: from usnavsmail1.ndc.alcatel-lucent.com (usnavsmail1.ndc.alcatel-lucent.com [135.3.39.9]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id q3GFd98V008955 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 16 Apr 2012 10:39:09 -0500 (CDT)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail1.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q3GFd9Ww017953 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 16 Apr 2012 10:39:09 -0500
Received: from shoonya.ih.lucent.com (shoonya.ih.lucent.com [135.185.238.235]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q3GFd8uJ018291; Mon, 16 Apr 2012 10:39:09 -0500 (CDT)
Message-ID: <4F8C3E49.5030100@bell-labs.com>
Date: Mon, 16 Apr 2012 10:44:09 -0500
From: "Vijay K. Gurbani" <vkg@bell-labs.com>
Organization: Bell Laboratories, Alcatel-Lucent
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120329 Thunderbird/11.0.1
MIME-Version: 1.0
To: draft-ietf-cdni-problem-statement@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.9
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: [apps-discuss] Review of draft-ietf-cdni-problem-statement-04
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2012 15:39:12 -0000
I have been selected as the Applications Area Directorate reviewer for this draft (for background on appsdir, please see http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate). Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-cdni-problem-statement-04 Title: Content Distribution Network Interconnection (CDNI) Problem Statement Reviewer: Vijay K. Gurbani Review Date: Apr-16-2012 IETF Last Call Date: Not known IESG Telechat Date: Not known Summary: This draft is ready for publication as an Informational. Major Issues: 1 Minor Issues: 5 Nits: 4 Major Issues: - S6: I believe that expanding the security considerations for each CDNI interface will help in the long run. Here is a first stab at this that you may want to consider replacing the second paragraph with (please feel free to expand this since you are the subject matter experts here). Suggested text: 6.1 Security of the CDNI Request Routing Interface Appropriate levels of authentication and confidentiality must be used in this interface because it allows an upstream CDN to query capabilities of a downstream CDN, and conversely, allows the downstream CDN to control the upstream CDN's Request Routing function. Absent appropriate security on this interface, a rogue upstream CDN can inundate downstream CDNs with bogus requests, or have the downstream CDN send the rogue upstream CDN private information (e.g., load, resources). 6.2 Security of the CDNI Control Interface Information on this interface is of a very private nature as well. A pair of CDNs use this interface to allow bootstrapping of content acquisition; an upstream CDN may pre-position content in a downstream CDN, or it may purge the contents at a downstream CDN; a downstream CDN may provide administrative information to an upstream CDN, etc. All of these operations require that the peer CDNs are appropriately authenticated and that the confidentiality of information flowing between them is maintained. 6.3 Security of the CDNI Metadata Interface Because this interface allows a downstream CDN to request metadata from an upstream CDN, the latter must ensure that the former is appropriately authenticated before sending the data. Conversely, a downstream CDN must authenticate an upstream CDN before requesting metadata to insulate itself from poisoning by rouge upstream CDNs. The confidentiality of the information exchanged between the peers must be protected. 6.4 Security of the CDNI Logging Interface Logging data consists of potentially sensitive information (which user accesses which media resource, IP addresses of users, potential names and subscriber account information, etc.) This information must be protected as the log records are moved between hosts. Minor Issues: - S1: Your problem statement essentially is an interplay between four logical entities: end user, CSP, CDN, and NSP. I think this interplay needs to be laid out a bit more explicitly. It seems to me that your model is that a user is subscribed to a CSP. The CSP has arrangements with various CDN providers to distribute content. The user, at a certain point in time, is in a network owned by a NSP that uses a CDN that does not have receive content from CSP. Thus CSP is at a disadvantage since it will have to serve the user from a CDN that is not necessarily close to the user, thereby introducing a reduced quality of experience for the user. What CDNI does is enable the CSP to contract with an "authoritative" CDN provider for the delivery of content and that that authoritative CDN Provider could contract with one or more downstream CDN Provider(s) to distribute and deliver some or all of the content on behalf of the authoritative CDN Provider. Because the downstream CDN Provider(s) will be closer to the user, the user is subjected to a better viewing experience than he or she would be had the content been delivered from a farther CDN. I think that laying out the interplay between the four entities in the second paragraph of S1 more explicitly may provide better context to the reader who is not already well versed with CDNs. - S1: I would advise to order the terms defined by an alphabetical order (if possible). - S3, last paragraph: The term "where to go" is rather ambiguous. Do you mean, "which upstream CDN to acquire content from"? Or something else? It will help to make this more explicit. - S4, last paragraph: it is stated that "we assume that this [developing a new protocol] is unnecessary". Based on the contents of S4.1- S4.4, I believe you do more than "assume". You clearly enunciate a list of protocols that can be used for the various interfaces, thus providing a first order reasoning for why a new protocol for CDNI is not needed. Therefore, I would exhort you to use a stronger word than "assume"; something like: Secondly, although a new application protocol could be designed specifically for CDNI, our analysis below shows that this is unnecessary ... - S4.3: Are these "log lines" or "log records"? Presumably, one or more lines will aggregate to one log record. It seems appropriate in this document to talk about "log records" instead of "log lines". The CDNI logging interface draft can tease out more precisely how many lines comprise a record, etc. Secure ftp and secure copying (scp) appears to be missing in the list of protocols. I would suspect that sftp would be preferred over normal ftp. Nits: - Global: In the Abstract and S1, "End Users" is employed multiple times. End Users is defined in the Terminology section as a definition. I would propose that attach the acronym "EU" on the first encounter of "End User" in the Abstract and S1, and from then on simply use "EU". - S1, second paragraph: "attachment network" sounds incomplete. Maybe you meant "attachment to the network"? - S3: s/existing protocols: this is/existing protocols; this is/ - S4.1, last paragraph: May be good to give a reference to ALTO. Thanks, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA) Email: vkg@{bell-labs.com,acm.org} / vijay.gurbani@alcatel-lucent.com Web: http://ect.bell-labs.com/who/vkg/
- [apps-discuss] Review of draft-ietf-cdni-problem-… Vijay K. Gurbani
- Re: [apps-discuss] Review of draft-ietf-cdni-prob… Francois Le Faucheur
- Re: [apps-discuss] Review of draft-ietf-cdni-prob… Ben Niven-Jenkins
- Re: [apps-discuss] Review of draft-ietf-cdni-prob… Vijay K. Gurbani
- Re: [apps-discuss] Review of draft-ietf-cdni-prob… Ben Niven-Jenkins
- Re: [apps-discuss] Review of draft-ietf-cdni-prob… Francois Le Faucheur