CDNI Working Group Minutes

2016-07-20, 1400-1530: Lincke

IETF-96, Berlin, Germany
- Chaired by Francois Le Faucheur, and Kevin Ma 
- Meeting notes captured by Ray and Brandenburg and Francois Le Faucheur, edited by Francois Le Faucheur
- Audio Recording at: http://recs.conf.meetecho.com/Playout/watch.jsp?recording=IETF96_CDNI&chapter=chapter_1
- Slides accessible at: http://www.ietf.org/proceedings/96/cdni.html


Introduction and Agenda (WG chairs)
===================================
- Introduction by the WG chairs, and Note Well statement.
- Agenda review, no request to change agenda
- Document Update and progress against the charter milestones
	* cdni-logging: progressed to RFC-Editor-Queue
	* cdni-footprint-capabilities-semantics: progressed to RFC-Editor-Queue (held by cdni-metadata)
	* cdni-control-triggers: progressed to RFC-Editor-Queue (held by cdni-metadata)
	* cdni-metadata: under IESG review. Comments being addressed.
	* cdni-redirection: under IESG Review. Comments being addressed.
	* Footprint and Capabilities Interface: work resumed, two documents to be discussed today
	* cdni-uri-signing: 
		o WG document on URI signing: under WG Last Call? 
		o URI signing for HAS: IPR update
- Documents beyond the charter:
	* CDNI handling of HTTPS Delegation: new I-D discussing potential use of LURK
	* CDNI rate pacing: Matt will rev the I-D now that the main CDNI interfaces are stable
Sanjay Mishra: LURK BOF took place, it looks like WG will not be formed, so what will happen to Frederic’s document on using LURK for CDNI?
Kevin: We will discuss that exact question during Frederic’s presentation


CDNI Metadata, draft-ietf-cdni-metadata: Kevin Ma
=================================================
See slides for changes since last meeting
Six new versions to address IESG and AD comments
Probably needs one more version until all IESG comments have been resolved
Kevin: does anyone object to the registry removal?
no-one objects
Kevin: does anyone has an issue with the handling of “allow” (Alissa’s comment)
A: no-one expresses any issue
Kevin: any opinion on the structural metadata versioning approach proposed?
A: no opinion expressed
Kevin: authors believe the document is ready for publication
Alexey (AD): main issue was downrer missing in shepherd document and thus missing in first Last Call, it is now sorted, so should get approved shortly.


CDNI Footprint & Capabilities Advertisement interface (FCI), draft-ma-cdni-capabilities: Kevin J. Ma
====================================================================================================
2 new versions since last Meeting, See slides for changes
Moved number of objects to FCI Semantics document
next steps:
	* alignment to latest cdni-metadata
	* security cons section needs update
proposal to merge draft-ma-cdni-capabilities with draft-seedorf-cdni-request-routing-alto


CDNI Footprint & Capabilities Advertisement interface (FCI), draft-seedorf-cdni-request-routing-alto: Jan Seedorf
=================================================================================================================
cdni-semantics was turned into PS (instead of Informational) and contained more meat.
draft-seedorf-cdni-request-routing-alto expired, but now that FCI Semantics is done, we will pick it up again
Should merge document with draft-ma-cdni-capabilities: this will be the one document that specifies transport of FCI JSON object via ALTO Service. 
Question is whether this is in scope of CDNI WG or ALTO WG given this work is ALTO specific and the CDNI specific work is now completed in cdni-footprint-capabilities-semantics. Currently discussing with ADs, depends on what will happen with ALTO WG.

Kevin (as Chair): no strong opinion, but since this is ALTO specific work, it makes sense to move to ALTO WG
Lyle Bertz: Moving to ALTO is on track. we implemented ALTO FCI Map, took 4 days. No real issues, everything seems to work fine.
Jan: this is good feedback and confirms the idea to move to ALTO WG.
Jan: if it moves to ALTO WG then ALTO WG would need a specific chartered milestone?
Francois: Yes 


•CDNI Request Routing Redirection interface, draft-ietf-cdni-redirection: Ray van Brandenburg
=============================================================================================
Under IESG review. Comments received and being addressed.
* Privacy issue: IESG DISCUSS related to sentence that was recommending to pass on as much information as possible.
discussion with Stephen Farrell. Text being crafted to reflect conclusion “pass only the info you need to pass” (not everything)
* i18n issue:
proposal to use ALABEL to deal with special characters. 
Alexey willing to help with the details.
* Next steps: fix these 2 issues and then get cleared.
Alexey: the YES from previous AD expired, so I need to review and put in my ballot position


CDNI URI Signing, draft-ietf-cdni-uri-signing: Ray van Brandenburg
==================================================================
2 new versions since last meeting, under WG Last Call
Comments from Leif, Phil and Gancho who implemented.
Open Issues - slide 1:
Matt Miller (JSON WG Chair) did a Security review and identified a number of security issues
Matt: this is trying to reinvent a crypto container and/or assertion format; it is a difficult topic so it made some classical mistakes.
Matt: agreed to formalize his comments in writing to the list.
Open Issues - slide 2: no objections on proposal
Open Issues - slide 3: This is the most important question. Should we
	a) fix security issues in current I-D, OR
	b) rewrite using JSON web token (JWT)?
Francois: No strong opinion. Prefer one over both options. Keep in mind IESG review could be the long poll, not rewriting the draft.
Matt: I only looked at Ray’s doc Yesterday, but looks like it would not necessarily be too hard to rewrite using JWT. A new method would be scrutinized by secdir and genart.
Alexey: general comment that it is always good to reuse vetted tools.
Francois: a key question is who be willing to write the new I-D based on JWT and by when?
Volunteers: Phil Sorber, Matt Miller, and Ray to rewrite based on JWT by beginning September.
Gancho Tenev: confirmed that they could rewrite their implementation to use JWT
Francois/Kevin/Alexey: there is a trade-off between taking the time to rewrite the token generation portions of the existing WG draft to use JWT and a probable long IESG review cycle for a new security token scheme, as proposed in the current WG draft. It is likely that levering an existing standard based approach (i.e. JWT) would be the faster approach to document publication -- especially with the help of Matt and Phil.  ;). It makes sense to just rev the existing working group document, rather than submit a separate individual draft. Chairs will stop the current WG Last Call on the existing document since it will be rewritten. Please involve the draft-ietf-cdni-uri-signing existing authors who are not attending Berlin.

CDNI URI Signing, draft-brandenburg-cdni-uri-signing-for-has: Ray van Brandenburg
=================================================================================
1 new version since last meeting, see slides for changes
New IPR disclosure, royalty free, that is intended to replace previous IPR disclosure: https://datatracker.ietf.org/ipr/2806/
Ray: given new royalty free IPR, should we reincorporate in main cdni-uri-signing WG document?
Francois/Kevin: if possible update the current WG document with the JWT solution and include the adaptive content (cookie) transport extension in it. 

HTTPS, draft-cdni-fieau-lurk-https-delegation: Frederic Fieau
=============================================================
LURK BOF suggested a WG will not be formed
This doesn't change the fact that for CDNI, it would still be very helpful to have a LURK-like solution to allow a dCDN to deliver content over TLS on behalf of a uCDN. Currently other approaches are being discussed, such as adhoc certificates. 
How to move ahead with this work now that there won't be a LURK WG? Is this something we can do in CDNI?

Kevin: Definitely something we're interested in as a WG, but not sure we are the right group to work on specifications in this area. 
Frederic: Is there an impact on the CDNI interfaces?
Kevin: Given that there is no consensus yet on what direction the LURK-like work will go in (adhoc certificates, or something else), it's not yet clear what exactly will need to be done in CDNI. 
Frederic: Maybe ad-hoc certificate work will be taken up by ACME, after re-chartering
Emile Stephan: ACME is going to recharter. We can provide requirements.

Matt Miller: Might be helpful to write draft of CDNI requirements for potential work in ACME
Emile: If we want to require not changes to user agents, we should write a draft.
Sanjay: You have time until September for such a draft to impact ACME rechartering. Yaron was planning to take short term certificate use case to ACME. Could work with Yaron, then re-evaluate.
Phil: another potential option for CDNI is Martin Thompson's blind caching approach

Kevin: 1. Do we want a document that looks at the different approaches? 2. Do we want a draft specifically about ACME?
Francois: Seems that it's currently not yet clear what direction ACME will go. However, it's clear that there is not sufficient expertise in CDNI to make such decisions. Why not just wait until there is a relatively stable solution, and then see if that is usable for CDNI? If Frederic and Emile are willing to track the work that's going on in ACME and report the status in CDNI, that would be great. 
Emile: The fundamental question is whether ACME will include CDNI requirements. Just waiting might not be an option, because then there is a chance that whatever is specified is not suitable for CDNI.
Francois: Agreed. Would be good if individuals from CDNI WG can bring some of the CDNI requirements to ACME.
Kevin: We don't have a clear list of CDNI requirements (related to TLS). [Ed.: CDNI requirements say the CDNI interfaces cannot change the user agent, but the CDNI requirements do not say that TLS cannot change the user agent.]
Matt: Note that if you require changes to UAs, you need to go to TLS WG, not ACME, how certificates get issued should go through ACME.
Sanjay: Reaffirm suggestion to talk with Yaron to take something to ACME. Changes to the clients is a much longer time horizon.

Francois: Overview document of what would be needed from a CDNI perspective would be helpful, though it's a moving target. You can then present that in ACME, or whatever other WG to whom it is of interest

WG Closing
==========
Alexey: Spent a lot of time on CDNI recently, but that's good news. Finished a lot of documents. Impressed by the speed with which people responded to IESG comments and worked in CDNI. 

Francois: Lots of work items will be done by next meeting (hopefully). Do we need a physical meeting at next IETF?
Kevin: Let's see how far we are by September and decide then.