- From: Michiel Leenaars <michiel.ml@nlnet.nl>
- Date: Thu, 14 May 2020 19:00:37 +0200
- To: <ietf-http-wg@w3.org>
Hi Eric, > "Arguably" is doing a lot of work here, as CDNs have already > evolved well beyond this (cf. edge compute). that would be companies providing CDN also (or actually) providing cloud services on their distributed infastructure, rather than an actual delivery network: an intermediate (but passive) cache layer with high availability, for static assets. As you rightly point out, in the case of outsourced cloud services any such infrastructure would in fact be the origin for all intents and purposes - even if some data is fetched once in a while from some back end. >> which of course can be used in an authenticated >> session but are not part of it. > I'm not sure how to formalize this as a security property. > Certainly from the perspective of the origin > model and the browser the CDN *is* the origin. And for that > reason, as a practical matter it is in > part responsible for anything that the browser generates, > including authenticated traffic. (For instance, > it can cause the browser to make authenticated HTTPS requests > just as the origin server can). > Can you elaborate on what you mean here? What I mean is that here SASL in my opinion is meant to facilitate unforgeable authentication and confidentiality between the end points at hand. If the edge point is an 'edge compute' node run by a company that also delivers CDN services, that would I believe work fine with the proposed technology - and there is no problem. My considerations revolve around a CDN in the classical sense of the word, which as a passive relay has no right to look into an authentication protocol exchange between end points. Essentially, I do not think end users should want to expose a confidential session to an intermediate cache layer intended for static assets only. There is no value add in terms of security or functionality. > TLS can be provided for integrity, but not for confidentiality. > > This seems wrong to me. It's certainly important to users to > have the information they exchange > with the CDN be confidential from other actors on the network. Agreed. I should have stated that there cannot be full end-to-end confidentiality. > Consider, for instance, a photo > sharing site; I don't want random people to know which photos I view. If random people includes the employees of CDN's (which could be anyone), then arguably the images should be stored in the CDN encrypted and be decrypted client-side with a key exchanged via another channel than the CDN. There is nothing that would prevent this from happening, although I am not aware of any browser implementing something like that. But that is another topic. I hope I've answered your questions. Best, Michiel
Received on Thursday, 14 May 2020 17:00:52 UTC