- From: Eric Rescorla <ekr@rtfm.com>
- Date: Thu, 20 Dec 2018 05:19:47 -0800
- To: "The IESG" <iesg@ietf.org>
- Cc: draft-ietf-httpbis-cdn-loop@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, Tommy Pauly <tpauly@apple.com>, tpauly@apple.com, Patrick McManus <mcmanus@ducksong.com>
Eric Rescorla has entered the following ballot position for draft-ietf-httpbis-cdn-loop-01: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-cdn-loop/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Rich version of this review at: https://mozphab-ietf.devsvcdev.mozaws.net/D12072 This seems like can be easily fixed, but I do think it needs to be fixed. DETAIL S 2. > header if necessary). > > The token identifies the CDN as a whole. Chosen token values SHOULD > be unique enough that a collision with other CDNs is unlikely. > Optionally, the token can have semicolon-separated key/value > parameters, to accommodate additional information for the CDN's use. I don't know how to understand "unique enough" as a conformance requirement. I think you need to specify something specific here, like "globally unique" or some other scope. I don't insist that you provide a construction algorithm, though obviously that would be good. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- S 1. > in a "loop" accidentally; because routing is achieved through a > combination of DNS and forwarding rules, and site configurations are > sometimes complex and managed by several parties. > > When this happens, it is difficult to debug. Additionally, it > sometimes isn't accidental; loops between multiple CDNs be used as an can be used S 2. > CDN-Loop = #cdn-id > cdn-id = token *( OWS ";" OWS parameter ) > > Conforming Content Delivery Networks SHOULD add a value to this > header field to all requests they generate or forward (creating the > header if necessary). Can this header only go in a request? S 3. > through configuration) and servers (including intermediaries) SHOULD > NOT use it for other purposes. > > 3. Security Considerations > > The threat model that the CDN-Loop header field addresses is a As Alissa points out, this also potentially leaks the CDN you use, even if that would otherwise be hidden. For instance, suppose that a request goes A -> B -> C but B is hidden (doesn't add anything to the headers). If you know B's token, then you can tell if this is the case or not., by injecting it yourself and seeing if you get service. Seems like you should document this.
Received on Thursday, 20 December 2018 13:20:10 UTC