ANN: drafts discussing Secure Content Delegation (aka "blind caches") from Julian Reschke on 2016-03-30 (ietf-http-wg@w3.org from January to March 2016)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 30 Mar 2016 21:43:57 +0200
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <56FC2C7D.7090206@gmx.de>

Hi there!

In the past months, Martin, Göran, Salvatore, Christer, Zahed and myself 
have been working on a set of drafts about "Secure Content Delegation" 
-- in Martin's words:

"An architecture is described for content distribution via third-party 
content distribution networks with reduced privileges. This architecture 
allows an origin server to delegate the responsibility for delivery of 
the payload of an HTTP response to a third party. That party is unable 
to modify this content. The content is encrypted, which in some cases 
will prevent the third party from learning about the content."

The ideas behind this have been discussed since spring 2015; most of the 
times using the term "blind caches".

We have two new drafts out:

     https://tools.ietf.org/html/draft-thomson-http-scd-00 - "An 
Architecture for Secure Content Delegation using HTTP"

and

     https://tools.ietf.org/html/draft-thomson-http-bc-00 - "Caching 
Secure HTTP Content using Blind Caches"

and we'll use the github repo at 
<https://github.com/EricssonResearch/Blind-Cache-Drafts> to work on them.

The drafts build on lower level machinery defined in

1) https://tools.ietf.org/html/draft-reschke-http-oob-encoding-04 
(<https://github.com/reschke/oobencoding>)

2) https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-01 
(<https://github.com/httpwg/http-extensions>)

3) https://tools.ietf.org/html/draft-thomson-http-mice-00 
(<https://github.com/martinthomson/http-mice>)

4) https://tools.ietf.org/html/draft-thomson-http-content-signature-00 
(<https://github.com/martinthomson/content-signature>)

We'll be attending the IETF meeting in Buenos Aires and would love to 
get feedback on this; if there's sufficient interest we may be able to 
steal a few minutes to present in the HTTP WG meetings...

Note: to better understand the problem space and develop the mechanism, 
a prototype has been built using browser service workers to deliver DASH 
streaming video as well as other resource types. This is also used to 
gather performance insights.

Best regards, Julian & Göran

Received on Wednesday, 30 March 2016 19:44:26 UTC