draft-ietf-cdni-metadata-17.txt   draft-ietf-cdni-metadata-18.txt 
Network Working Group B. Niven-Jenkins Network Working Group B. Niven-Jenkins
Internet-Draft R. Murray Internet-Draft R. Murray
Intended status: Standards Track Velocix (Alcatel-Lucent) Intended status: Standards Track Velocix (Alcatel-Lucent)
Expires: November 21, 2016 M. Caulfield Expires: December 13, 2016 M. Caulfield
Cisco Systems Cisco Systems
K. Ma K. Ma
Ericsson Ericsson
May 20, 2016 June 11, 2016
CDN Interconnection Metadata CDN Interconnection Metadata
draft-ietf-cdni-metadata-17 draft-ietf-cdni-metadata-18
Abstract Abstract
The Content Delivery Networks Interconnection (CDNI) metadata The Content Delivery Networks Interconnection (CDNI) metadata
interface enables interconnected Content Delivery Networks (CDNs) to interface enables interconnected Content Delivery Networks (CDNs) to
exchange content distribution metadata in order to enable content exchange content distribution metadata in order to enable content
acquisition and delivery. The CDNI metadata associated with a piece acquisition and delivery. The CDNI metadata associated with a piece
of content provides a downstream CDN with sufficient information for of content provides a downstream CDN with sufficient information for
the downstream CDN to service content requests on behalf of an the downstream CDN to service content requests on behalf of an
upstream CDN. This document describes both a base set of CDNI upstream CDN. This document describes both a base set of CDNI
skipping to change at page 1, line 47 skipping to change at page 1, line 47
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 21, 2016. This Internet-Draft will expire on December 13, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 16, line 18 skipping to change at page 16, line 18
against content requests. The HostMatch object also contains a against content requests. The HostMatch object also contains a
HostMetadata object to apply if a match is found. HostMetadata object to apply if a match is found.
Property: host Property: host
Description: Hostname or IP address to match against the Description: Hostname or IP address to match against the
requested host. In order for a Hostname or IP address in a requested host. In order for a Hostname or IP address in a
content request to match the Hostname or IP address in the host content request to match the Hostname or IP address in the host
property the value from the content request when converted to property the value from the content request when converted to
lowercase MUST be identical to the value of the host property lowercase MUST be identical to the value of the host property
when converted to lowercase. when converted to lowercase. Note: All implementations MUST
support IPv4 addresses encoded as specified by the
'IPv4address' rule in Section 3.2.2 of [RFC3986]. IPv6
addresses MUST be encoded in one of the IPv6 address formats
specified in [RFC5952] although receivers MUST support all IPv6
address formats specified in [RFC4291].
Type: Endpoint Type: Endpoint
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: host-metadata Property: host-metadata
Description: CDNI metadata to apply when delivering content Description: CDNI metadata to apply when delivering content
that matches this host. that matches this host.
skipping to change at page 19, line 40 skipping to change at page 19, line 40
one character. The three literals $, * and ? should be escaped one character. The three literals $, * and ? should be escaped
as $$, $* and $?. All other characters are treated as literals. as $$, $* and $?. All other characters are treated as literals.
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: case-sensitive Property: case-sensitive
Description: Flag indicating whether or not case-sensitive Description: Flag indicating whether or not case-sensitive
matching should be used. matching should be used. Note: Case-insensitivity applies to
ALPHA characters in the URI path prior to percent-decoding
[RFC3986].
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is case-insensitive match. Mandatory-to-Specify: No. Default is case-insensitive match.
Property: ignore-query-string Property: ignore-query-string
Description: List of query parameters which should be ignored Description: List of query parameters which should be ignored
when searching for a pattern match. Matching against query when searching for a pattern match. Matching against query
parameters to ignore MUST be case-insensitive. If all query parameters to ignore MUST be case-insensitive. If all query
skipping to change at page 33, line 43 skipping to change at page 33, line 43
} }
4.2.6. Cache 4.2.6. Cache
A Cache object describes the cache control parameters to be applied A Cache object describes the cache control parameters to be applied
to the content by intermediate caches. to the content by intermediate caches.
Property: ignore-query-string Property: ignore-query-string
Description: Allows a Surrogate to ignore URI query string Description: Allows a Surrogate to ignore URI query string
parameters when comparing the requested URI against the URIs in parameters [RFC3986] when comparing the requested URI against
its cache for equivalence. Matching query parameters to ignore the URIs in its cache for equivalence. Matching query
MUST be case-insensitive. Each query parameter to ignore is parameters to ignore MUST be case-insensitive. Each query
specified in the list. If all query parameters should be parameter to ignore is specified in the list. If all query
ignored, then the list MUST be specified and MUST be empty. parameters should be ignored, then the list MUST be specified
and MUST be empty.
Type: List of String Type: List of String
Mandatory-to-Specify: No. Default is to consider query string Mandatory-to-Specify: No. Default is to consider query string
parameters when comparing URIs. parameters when comparing URIs.
Example Cache object that instructs the dCDN to ignore all query Example Cache object that instructs the dCDN to ignore all query
parameters: parameters:
{ {
"generic-metadata-type": "MI.Cache", "generic-metadata-type": "MI.Cache",
"generic-metadata-value": "generic-metadata-value":
{ {
skipping to change at page 38, line 47 skipping to change at page 38, line 47
Type: String Type: String
Example IPv6 CIDR: Example IPv6 CIDR:
"2001:db8::/32" "2001:db8::/32"
4.3.7. ASN 4.3.7. ASN
An Autonomous System Number encoded as a string consisting of the An Autonomous System Number encoded as a string consisting of the
characters "as" (in lowercase) followed by the Autonomous System characters "as" (in lowercase) followed by the Autonomous System
number. number [RFC6793].
Type: String Type: String
Example ASN: Example ASN:
"as64496" "as64496"
4.3.8. CountryCode 4.3.8. CountryCode
An ISO 3166-1 alpha-2 code [ISO3166-1] in lowercase. An ISO 3166-1 alpha-2 code [ISO3166-1] in lowercase.
skipping to change at page 40, line 37 skipping to change at page 40, line 37
and CDNI metadata clients MUST NOT make any assumptions regarding the and CDNI metadata clients MUST NOT make any assumptions regarding the
structure of CDNI metadata URIs or the mapping between CDNI metadata structure of CDNI metadata URIs or the mapping between CDNI metadata
objects and their associated URIs. Therefore any URIs present in the objects and their associated URIs. Therefore any URIs present in the
examples in this document are purely illustrative and are not examples in this document are purely illustrative and are not
intended to impose a definitive structure on CDNI metadata interface intended to impose a definitive structure on CDNI metadata interface
implementations. implementations.
6.1. Transport 6.1. Transport
The CDNI metadata interface uses HTTP as the underlying protocol The CDNI metadata interface uses HTTP as the underlying protocol
transport. transport [RFC7230].
The HTTP Method in the request defines the operation the request The HTTP Method in the request defines the operation the request
would like to perform. A server implementation of the CDNI metadata would like to perform. A server implementation of the CDNI metadata
interface MUST support the HTTP GET and HEAD methods. interface MUST support the HTTP GET and HEAD methods.
The corresponding HTTP Response returns the status of the operation The corresponding HTTP Response returns the status of the operation
in the HTTP Status Code and returns the current representation of the in the HTTP Status Code and returns the current representation of the
resource (if appropriate) in the Response Body. HTTP Responses that resource (if appropriate) in the Response Body. HTTP Responses that
contain a response body SHOULD include an ETag to enable validation contain a response body SHOULD include an ETag to enable validation
of cached versions of returned resources. of cached versions of returned resources.
The CDNI metadata interface specified in this document is a read-only The CDNI metadata interface specified in this document is a read-only
interface. Therefore support for other HTTP methods such as PUT, interface. Therefore support for other HTTP methods such as PUT,
POST, DELETE, etc. is not specified. A server implementation of the POST, DELETE, etc. is not specified. A server implementation of the
CDNI metadata interface SHOULD reject all methods other than GET and CDNI metadata interface MUST reject all methods other than GET and
HEAD. HEAD.
As the CDNI metadata interface builds on top of HTTP, CDNI metadata As the CDNI metadata interface builds on top of HTTP, CDNI metadata
server implementations MAY make use of any HTTP feature when server implementations MAY make use of any HTTP feature when
implementing the CDNI metadata interface, for example, a CDNI implementing the CDNI metadata interface, for example, a CDNI
metadata server MAY make use of HTTP's caching mechanisms to indicate metadata server MAY make use of HTTP's caching mechanisms to indicate
that the returned response/representation can be reused without re- that the returned response/representation can be reused without re-
contacting the CDNI metadata server. contacting the CDNI metadata server.
6.2. Retrieval of CDNI Metadata resources 6.2. Retrieval of CDNI Metadata resources
skipping to change at page 55, line 40 skipping to change at page 55, line 40
Type and the protocol to which it is associated. The designated Type and the protocol to which it is associated. The designated
expert will verify that new protocol definitions do not duplicate expert will verify that new protocol definitions do not duplicate
existing protocol definitions and prevent gratuitous additions to the existing protocol definitions and prevent gratuitous additions to the
namespace. namespace.
The following table defines the initial Protocol values corresponding The following table defines the initial Protocol values corresponding
to the HTTP and HTTPS protocols: to the HTTP and HTTPS protocols:
+-----------+----------------------+---------------+----------------+ +-----------+----------------------+---------------+----------------+
| Protocol | Description | Type | Protocol | | Protocol | Description | Type | Protocol |
| Type | | Specification | Specification | | Type | | Specification | Specifications |
+-----------+----------------------+---------------+----------------+ +-----------+----------------------+---------------+----------------+
| http/1.1 | Hypertext Transfer | RFCthis | RFC7230 | | http/1.1 | Hypertext Transfer | RFCthis | RFC7230 |
| | Protocol -- HTTP/1.1 | | | | | Protocol -- HTTP/1.1 | | |
| https/1.1 | HTTP/1.1 Over TLS | RFCthis | RFC2818 | | https/1.1 | HTTP/1.1 Over TLS | RFCthis | RFC7230, |
| | | | RFC2818 |
+-----------+----------------------+---------------+----------------+ +-----------+----------------------+---------------+----------------+
[RFC Editor: Please replace RFCthis with the published RFC number for [RFC Editor: Please replace RFCthis with the published RFC number for
this document.] this document.]
7.4. CDNI Metadata Auth Types Registry 7.4. CDNI Metadata Auth Types Registry
The IANA is requested to create a new "CDNI Metadata Auth Types" The IANA is requested to create a new "CDNI Metadata Auth Types"
subregistry in the "Content Delivery Networks Interconnection (CDNI) subregistry in the "Content Delivery Networks Interconnection (CDNI)
Parameters" registry. The "CDNI Metadata Auth Type" namespace Parameters" registry. The "CDNI Metadata Auth Type" namespace
skipping to change at page 56, line 51 skipping to change at page 57, line 5
Unauthorized access to metadata could also enable a malicious Unauthorized access to metadata could also enable a malicious
metadata client to continuously issue metadata requests in order to metadata client to continuously issue metadata requests in order to
overload a uCDN's metadata server(s). overload a uCDN's metadata server(s).
Unauthorized access to metadata could result in leakage of private Unauthorized access to metadata could result in leakage of private
information. A malicious metadata client could request metadata in information. A malicious metadata client could request metadata in
order to gain access to origin servers, as well as information order to gain access to origin servers, as well as information
pertaining to content restrictions. pertaining to content restrictions.
An implementation of the CDNI metadata interface SHOULD use mutual An implementation of the CDNI metadata interface MUST use mutual
authentication to prevent unauthorized access to metadata. authentication to prevent unauthorized access to metadata (see
Section 8.5).
8.2. Confidentiality 8.2. Confidentiality
Unauthorized viewing of metadata could result in leakage of private Unauthorized viewing of metadata could result in leakage of private
information. A third party could intercept metadata transactions in information. A third party could intercept metadata transactions in
order to gain access to origin servers, as well as information order to gain access to origin servers, as well as information
pertaining to content restrictions. pertaining to content restrictions.
An implementation of the CDNI metadata interface SHOULD use strong An implementation of the CDNI metadata interface MUST use strong
encryption to prevent unauthorized interception of metadata. encryption to prevent unauthorized interception of metadata (see
Section 8.5).
8.3. Integrity 8.3. Integrity
Unauthorized modification of metadata could result in denial of Unauthorized modification of metadata could result in denial of
service. A malicious metadata server, proxy server, or an attacker service. A malicious metadata server, proxy server, or an attacker
performing a "man in the middle" attack could modify metadata performing a "man in the middle" attack could modify metadata
destined to a dCDN in order to deny service for one or more pieces of destined to a dCDN in order to deny service for one or more pieces of
content to one or more user agents. A malicious metadata server, content to one or more user agents. A malicious metadata server,
proxy server, or an attacker performing a "Man in the middle" attack proxy server, or an attacker performing a "Man in the middle" attack
could also modify metadata so that dCDNs are directed to contact to could also modify metadata so that dCDNs are directed to contact to
malicious origin servers instead of the actual origin servers. malicious origin servers instead of the actual origin servers.
An implementation of the CDNI metadata interface SHOULD use strong An implementation of the CDNI metadata interface MUST use strong
encryption and mutual authentication to prevent unauthorized encryption and mutual authentication to prevent undetectable
modification of metadata. modification of metadata (see Section 8.5).
8.4. Privacy 8.4. Privacy
Content provider origin and policy information is conveyed through Content provider origin and policy information is conveyed through
the CDNI metadata interface. The distribution of this information to the CDNI metadata interface. The distribution of this information to
another CDN could introduce potential privacy concerns for some another CDN could introduce potential privacy concerns for some
content providers, for example, dCDNs accepting content requests for content providers, for example, dCDNs accepting content requests for
a content provider's content might be able to obtain additional a content provider's content might be able to obtain additional
information and usage patterns relating to the users of a content information and usage patterns relating to the users of a content
provider's services. Content providers with such concerns can provider's services. Content providers with such concerns can
instruct their CDN partners not to use CDN interconnects when instruct their CDN partners not to use CDN interconnects when
delivering that content provider's content. delivering that content provider's content.
An attacker performing a "man in the middle" attack could monitor An attacker performing a "man in the middle" attack could monitor
metadata in order to obtain usage patterns relating to the users of a metadata in order to obtain usage patterns relating to the users of a
content provider's services. content provider's services.
An implementation of the CDNI metadata interface SHOULD use strong An implementation of the CDNI metadata interface MUST use strong
encryption and mutual authentication to prevent unauthorized encryption and mutual authentication to prevent unauthorized
monitoring of metadata. monitoring of metadata (see Section 8.5).
8.5. Securing the CDNI Metadata interface 8.5. Securing the CDNI Metadata interface
An implementation of the CDNI metadata interface MUST support TLS An implementation of the CDNI metadata interface MUST support TLS
transport as per [RFC2818] and [RFC7230]. The use of TLS for transport as per [RFC2818] and [RFC7230]. The use of TLS for
transport of the CDNI metadata interface messages allows: transport of the CDNI metadata interface messages allows:
o The dCDN and uCDN to authenticate each other. o The dCDN and uCDN to authenticate each other.
and, once they have mutually authenticated each other, it allows: and, once they have mutually authenticated each other, it allows:
skipping to change at page 60, line 46 skipping to change at page 60, line 46
[I-D.ietf-cdni-redirection] [I-D.ietf-cdni-redirection]
Niven-Jenkins, B. and R. Brandenburg, "Request Routing Niven-Jenkins, B. and R. Brandenburg, "Request Routing
Redirection interface for CDN Interconnection", draft- Redirection interface for CDN Interconnection", draft-
ietf-cdni-redirection-18 (work in progress), April 2016. ietf-cdni-redirection-18 (work in progress), April 2016.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
DOI 10.17487/RFC2818, May 2000, DOI 10.17487/RFC2818, May 2000,
<http://www.rfc-editor.org/info/rfc2818>. <http://www.rfc-editor.org/info/rfc2818>.
[RFC6793] Vohra, Q. and E. Chen, "BGP Support for Four-Octet
Autonomous System (AS) Number Space", RFC 6793,
DOI 10.17487/RFC6793, December 2012,
<http://www.rfc-editor.org/info/rfc6793>.
[RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, Ed., [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, Ed.,
"Framework for Content Distribution Network "Framework for Content Distribution Network
Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336, Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336,
August 2014, <http://www.rfc-editor.org/info/rfc7336>. August 2014, <http://www.rfc-editor.org/info/rfc7336>.
[RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution [RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution
Network Interconnection (CDNI) Requirements", RFC 7337, Network Interconnection (CDNI) Requirements", RFC 7337,
DOI 10.17487/RFC7337, August 2014, DOI 10.17487/RFC7337, August 2014,
<http://www.rfc-editor.org/info/rfc7337>. <http://www.rfc-editor.org/info/rfc7337>.
 End of changes. 19 change blocks. 
26 lines changed or deleted 41 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/